A.  

FortiGate continues to run critical security actions, such as quarantine.

B.  

FortiGate refuses to accept configuration changes.

C.  

FortiGate halts complete system operation and requires a reboot to regain available resources.

D.  

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

A.  

There is a no firewall policy configured with an IPS security profile.

B.  

FortiGate entered into IPS fail open state.

C.  

Administrator entered the command diagnose test application ipsmonitor 5.

D.  

Administrator entered the command diagnose test application ipsmonitor 99.

A.  

By default. SD-WAN rules are skipped if the included SD-WAN members do not have a valid route to the destination.

B.  

SD-WAN rules have precedence over any other type of routes.

C.  

Regular policy routes have precedence over SD-WAN rules.

D.  

By default. SD-WAN rules are skipped if only one route to the destination is available.

E.  

By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

A.  

You should use the protocol IKEv2.

B.  

You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

C.  

You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

D.  

You can turn on fragmentation to fix large certificate negotiation problems.

A.  

Enabled

B.  

On Idle

C.  

Disabled

D.  

On Demand

A.  

Change the Feature set of Web Filter Profile as Proxy-based.

B.  

Set the Action as Exempt for www.facebook.com

in the Static URL Filter.

C.  

Change the type as Simple in the Static URL Filter section.

D.  

Set the Social Networking action as warning in the FortiGuard Category Based Filter.

A.  

FortiGate will enable strict RPF on ail its interfaces and port1 will be enable for asymmetric routing.

B.  

FortiGate will enable strict RPF on all its interfaces and port1 will be exempted from RPF checks.

C.  

Port1 will be enabled with flexible RPF, and all other interfaces will be enabled for strict RPF

D.  

The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

A.  

Move NOC_Access to the top of the list to ensure all profile settings take effect.

B.  

Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.

C.  

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access

D.  

Increase the admintimeout value under config system accprofile NOC_Access.

A.  

Enable split tunneling to reduce VPN traffic.

B.  

Change the SSL VPN port to a non-standard port.

C.  

Increase the session timeout for inactive sessions.

D.  

Configure the DTLS timeout to accommodate high-latency connections.

A.  

If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

B.  

If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP.

C.  

If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

D.  

If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

A.  

Ensure that the affected users are using the correct port number.

B.  

Ensure that user traffic is hitting the firewall policy.

C.  

Ensure that forced tunneling is enabled to reroute all traffic through the SSL VPN

D.  

Ensure that the HTTPS service is enabled on SSL VPN tunnel interface

A.  

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.  

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.  

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.  

Connected monitored ports > System uptime > Priority > FortiGate serial number

A.  

Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

B.  

Configure a web override rating for download.com and select Malicious Websites as the subcategory.

C.  

Configure a separate firewall policy with action Deny and an FQDN address object for*.download.com as destination address.

D.  

Set the Freeware and Software Downloads category Action to Warning.

A.  

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.  

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.  

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.  

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.