A.  

IKE_Req_INIT

B.  

Create_CHILD_SA

C.  

IKE_Auth

D.  

IKE_SA_INIT

A.  

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

B.  

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

C.  

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.  

The BGP session with peer 10.127.0.75 is up.

A.  

The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.

B.  

Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.

C.  

The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.

D.  

The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.

A.  

Phase 2 drops but Phase 1 is up.

B.  

Dead Peer Detection is not receiving its acknowledge packet.

C.  

The tunnel drops during rekey negotiation.

D.  

The tunnel drops after the timer expires.

A.  

The automation stitch test is not being logged.

B.  

The automation stitch test failed but the HA failover was successful.

C.  

An HA failover occurred.

D.  

The test was unsuccessful.

A.  

The interlace is part of the OSPF backbone area.

B.  

There are a total of five OSPF routers attached to the vorz4 network segment

C.  

One of the neighbors has a router ID of 0.0.0.4.

D.  

In the network connected to port4, two OSPF routers are down.

A.  

A UDP session with only one packet received

B.  

A UOP session with packets sent and received

C.  

A TCP session waiting for the SYN ACK

D.  

A TCP session waiting for FIN ACK

A.  

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

B.  

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

C.  

In the phase 1 network configuration, set the IKE version to 2.

D.  

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

A.  

Strict RPF is enabled by default.

B.  

User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.

C.  

User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.

D.  

User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.

E.  

User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.

A.  

mschap

B.  

pap

C.  

mschap2

D.  

eap

A.  

There are 98908 kB o! memory that will never be used.

B.  

The user space has 708880 kB of physical memory that is not used by the system.

C.  

The I/O cache, which has 641364 kB of memory allocated to it.

D.  

The value indicated next to the inactive heading represents the currently unused cache page.

A.  

The traffic has been tagged for VLAN 0000.

B.  

NP7 is handling offloading of this session.

C.  

The traffic matches Policy ID 1.

D.  

The session has been offloaded.

A.  

The miglogd daemon is running on CPU core ID 0.

B.  

The diagnose sys top command has been running for 18 minutes.

C.  

The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.

D.  

The cmdbsvr process is occupying 2.4% of the total user memory space.

E.  

If the neweli daemon continues to be in the R state, it will need to be manually restarted.

A.  

Check whether TCP port 179 is blocked.

B.  

Check if there is an active static route to the peer.

C.  

Check whether both peers have an IP address within the same subnet.

D.  

Check if IP protocol 89 is blocked.

A.  

PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.

B.  

Only FortiGate hardware configurations affect the path that a packet takes.

C.  

PPP does not apply to packets that are part of an already established session.

D.  

Software configuration has no impact on PPP.

A.  

An ISDB route

B.  

A regular policy route

C.  

A regular policy route, which is associated with an active static route in the FIB

D.  

An SD-WAN rule

A.  

The administrator must also run the command diagnose debug enable.

B.  

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

C.  

The log-filter setting is incorrect. The VPN traffic does not match this filter.

D.  

Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.

A.  

The local FortiGate has at least one interface that participates in a broadcast network.

B.  

The local FortiGate has at least one interface that participates in a point-to-point network.

C.  

The local FortiGate is the DR.

D.  

Neighbor 0.0.0.18 is the designated router (DR).

A.  

diagnose sniffer packet any 'udp port 500'

B.  

diagnose sniffer packet any 'lp proto 50'

C.  

diagnose sniffer packet any 'udp port 4500'

D.  

diagnose sniffer packet any 'ah'