View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A. 10.0.1.244

B. Public FortiGuard servers

C. 10.0.1.240

D. 10.0.1.242

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A. The local router's BGP state is Established with the 10.125.0.60 peer.

B. Since the counters were last reset; the 10.200.3.1 peer has never been down.

C. The local router has received a total of three BGP prefixes from all peers.

D. The local router has not established a TCP session with 100.64.3.1.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn't the tunnel come up?

A. The remote gateway is using aggressive mode and the local gateway is configured to use main mode.

B. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

C. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration

D. The pre-shared keys do not match.

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

A. It is currently in system conserve mode because of high CPU usage.

B. It is currently in extreme conserve mode because of high memory usage.

C. It is currently in proxy conserve mode because of high memory usage.

D. It is currently in memory conserve mode because of high memory usage.

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which one of the following statements about this command is true?

A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

C. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

D. Sends a link failed signal to all connected devices.

View the exhibit, which contains the output of a real-time debug, and then answer the question below.

Which of the following statements are true regarding this output (Choose two.)

A. This web request was inspected using the root web filter profile.

B. The requested URL belongs to category ID 52.

C. The web request was blocked by FortiGate.

D. FortiGate found the requested URL in its local cache.

View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network.

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?

A. The session would be deleted, so the client would need to start a new session.

B. The session would remain in the session table, and its traffic would still egress from port1.

C. The session would remain in the session table, and its traffic would start to egress from port2.

D. The session would remain in the session table, but its traffic would now egress from both port1 and port2.

An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

A. diagnose sniffer packet any 'esp'

B. diagnose sniffer packet any 'tcp port 500 or tcp port 4500'

C. diagnose sniffer packet any 'udp port 4500'

D. diagnose sniffer packet any 'udp port 500'

View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

A. auto-discovery-receiver

B. auto-discovery-forwarder

C. auto-discovery-sender

D. auto-discovery-shortcut

What is the purpose of an internal segmentation firewall (ISFW)?

A. It is the first line of defense at the network perimeter.

B. It inspects incoming traffic to protect services in the corporate DMZ.

C. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

D. It splits the network into multiple security segments to minimize the impact of breaches.