What is Diffie Hellman? Response:

A. An algorithm and agreement method for two peers to independently calculate a common private key after sharing only their public keys

B. An algorithm for generating a public and private key

C. An agreement method for authenticating two peers using a pre-shared key

D. An agreement method for negotiating an IKE security association (SA)

Which traffic inspection features can be executed by a security processor (SP)?

(Choose three.)

Response:

A. TCP SYN proxy

B. SIP session helper

C. Proxy-based antivirus

D. Attack signature matching

E. Flow-based web filtering

How does FortiGate select the central SNAT policy that is applied to a TCP session? Response:

A. It selects the SNAT policy specified in the configuration of the outgoing interface.

B. It selects the first matching central-SNAT policy from top to bottom.

C. It selects the central-SNAT policy with the lowest priority.

D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

FortiGate scans packets for matches in a specific order for application control. Which option provides the correct sequence order?

Response:

A. Static domain overrides -> application overrides -> filter overrides

B. Categories -> application overrides -> filter overrides

C. Application overrides -> filter overrides -> categories

D. Rate based overrides -> filter overrides -> categories

Which statements about antivirus scanning using flow-based full scan are true?

(Choose two.)

Response:

A. The antivirus engine starts scanning a file after the last packet arrives.

B. It does not support FortiSandbox inspection.

C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.

D. It uses the compact antivirus database.

An administrator observes that the port1 interface cannot be configured with an IP address. What can be

the reasons for that?

(Choose three.)

Response:

A. The interface has been configured for one-arm sniffer.

B. The interface is a member of a virtual wire pair.

C. The operation mode is transparent.

D. The interface is a member of a zone.

E. Captive portal is enabled in the interface.

Examine the log message attributes. Which statements are correct?

(Choose two.)

hostname=www.youtube.com profiletype="Webfilter_Profile"

profile="default"

status="passthrough"

msg="URL belongs to a category with warnings enabled"

Response:

A. The website was allowed on the first attempt

B. The user failed authentication

C. The category action was set to warning.

D. The user was prompted whether to proceed or go back.

What FortiGate feature can be used to block a ping sweep scan from an attacker? Response:

A. Web application firewall (WAF)

B. Rate based IPS signatures

C. One-arm sniffer

D. DoS policies

Which of the following settings and protocols can be used to provide secure and restrictive administrative

access to FortiGate?

(Choose three.)

Response:

A. Trusted host

B. HTTPS

C. Trusted authentication

D. SSH

E. FortiTelemetry

Which of the following statements about web caching are true?

(Choose two.)

Response:

A. Web caching slows down web browsing due to constant read-write cycles from FortiGate memory.

B. When a client makes a web request, the proxy checks if the requested URL is already in memory.

C. Only heavy content is cached, for example, videos, images, audio and so on.

D. Web caching is supported in both explicit and implicit proxy.