3 Months Free Update
3 Months Free Update
3 Months Free Update
Examine the following partial output from a sniffer command; then answer the question below.
What is the meaning of the packets dropped counter at the end of the sniffer?
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)
An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:
Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
Why didn’t the tunnel come up?
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?
Examine the IPsec configuration shown in the exhibit; then answer the question below.
An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?
The CLI command set intelligent-mode
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.
Which of the following statements about the exhibit are true? (Choose two.)
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.
The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:
However, the IKE real time debug does not show any output. Why?
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.
Based on the output, which two statements are correct? (Choose two.)
Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.
Based on the output, which of the following statements is correct?
Examine the following routing table and BGP configuration; then answer the question below.
TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?
Refer to the exhibit, which contains a TCL script configuration on FortiManager.
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.
Why did the TCL script fail to make any changes to the managed device?
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)
Refer to the exhibit, which shows a central management configuration.
Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage?
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3
ipsengine exit log”
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?
Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?
Refer to the exhibit, which contains partial output from an IKE real-time debug.
The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?
View the exhibit, which contains a session entry, and then answer the question below.
Which statement is correct regarding this session?
Refer to the exhibit, which shows the output of diagnose sys session list.
If the HA ID for the primary device is 0, what will happen if the primary fails and the secondary becomes the primary?
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.
An administrator would like to test session failover between the two service provider connections.
What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)
Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)
View the exhibit, which contains the output of a debug command, and then answer the question below.
Which of the following statements about the exhibit are true? (Choose two.)
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:
What should the administrator check to fix the problem?
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.
Which statement are true regarding the output in the exhibit? (Choose two.)
Refer to the exhibit, which shows partial outputs from two routing debug commands.
Why is the port2 default route not in the second command output?
Which of the following statements are correct regarding application layer test commands? (Choose two.)
You have configured FortiManager as a local FDS to provide FortiGate AV and IPS updates, but FortiGate devices are not receiving updates to their AV signature databases, IPS engines, or IPS signature databases.
Which two settings need to be verified for these features to function? (Choose two.)
View the following FortiGate configuration.
All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?