Which two statements are true about the FGCP protocol? (Choose two.)

A. FGCP elects the primary FortiGate device.

B. FGCP is not used when FortiGate is in transparent mode.

C. FGCP runs only over the heartbeat links.

D. FGCP is used to discover FortiGate devices in different HA groups.

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

A. Add the support of NTLM authentication.

B. Add user accounts to Active Directory (AD).

C. Add user accounts to the FortiGate group fitter.

D. Add user accounts to the Ignore User List.

Which two statements are correct about SLA targets? (Choose two.)

A. You can configure only two SLA targets per one Performance SLA.

B. SLA targets are optional.

C. SLA targets are required for SD-WAN rules with a Best Quality strategy.

D. SLA targets are used only when referenced by an SD-WAN rule.

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A. Change password

B. Enable restrict access to trusted hosts

C. Change Administrator profile

D. Enable two-factor authentication

Which two statements are true about the RPF check? (Choose two.)

A. The RPF check is run on the first sent packet of any new session.

B. The RPF check is run on the first reply packet of any new session.

C. The RPF check is run on the first sent and reply packet of any new session.

D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

A. It always authorizes the traffic without requiring authentication.

B. It drops the traffic.

C. It authenticates the traffic using the authentication scheme SCHEME2.

D. It authenticates the traffic using the authentication scheme SCHEME1.

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A. A CRL

B. A person

C. A subordinate CA

D. A root CA

Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

A. Destination NAT is disabled in the firewall policy.

B. One-to-one NAT IP pool is used in the firewall policy.

C. Overload NAT IP pool is used in the firewall policy.

D. Port block allocation IP pool is used in the firewall policy.

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A. The public key of the web server certificate must be installed on the browser.

B. The web-server certificate must be installed on the browser.

C. The CA certificate that signed the web-server certificate must be installed on the browser.

D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

A. FortiManager

B. Root FortiGate

C. FortiAnalyzer

D. Downstream FortiGate