A.  

Perfect Forward Secrecy (PFS) is enabled in the configuration.

B.  

The local gateway IP address is 10.0.0.1.

C.  

It shows a phase 2 negotiation.

D.  

The initiator provided remote as its IPsec peer I

D.  

A.  

The user was found in the LDAP tree, whose root is TAC.ottawa.fortinet.com.

B.  

FortiOS performs a bind to the LDAP server using the user's credentials.

C.  

FortiOS collects the user group information.

D.  

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

A.  

Remote registry is not running on the workstation.

B.  

The user's status shows as "not verified" in the collector agent.

C.  

DNS resolution is unable to resolve the workstation name.

D.  

The FortiGate firmware version is not compatible with that of the collector agent.

E.  

A firewall is blocking traffic to port 139 and 445.

A.  

Phase 2 drops but Phase 1 is up.

B.  

Dead Peer Detection is not receiving its acknowledge packet.

C.  

The tunnel drops during rekey negotiation.

D.  

The tunnel drops after the timer expires.

A.  

IKE_Req_INIT

B.  

Create_CHILD_SA

C.  

IKE_Auth

D.  

IKE_SA_INIT

A.  

FortiGate uses the SNI from the user's web browser.

B.  

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

C.  

FortiGate uses the first entry listed in the SAN field in the server certificate.

D.  

FortiGate uses the CN information from the Subject field in the server certificate.

A.  

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.  

The default static route through 10.200.1.254 is not in the forwarding information base.

C.  

The default static route through port2 is in the forwarding information base.

D.  

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

A.  

The interlace is part of the OSPF backbone area.

B.  

There are a total of five OSPF routers attached to the vorz4 network segment

C.  

One of the neighbors has a router ID of 0.0.0.4.

D.  

In the network connected to port4, two OSPF routers are down.

A.  

IKE_SA_INIT

B.  

INFORMATIONAL

C.  

CREATE_CHILD_SA

D.  

IKE_Auth

A.  

The advertised prefix of 10.20.30.0'24 was configured using the network command.

B.  

The first four prefixes are being advertised using a legacy route advertisement.

C.  

The advertised prefix of 10.20.30.0'24 is being advertised through the redistribution of another routing protocol.

D.  

The output shows all prefixes advertised by all neighbors as well as the local router.

A.  

mschap

B.  

pap

C.  

mschap2

D.  

eap

A.  

Create_CHILD_SA

B.  

IKE_Auth

C.  

IKE_Req_INIT

D.  

IKE_SA_NIT

A.  

SP Login dump

B.  

Authentication Response

C.  

Authentication Request

D.  

Assertion dump

A.  

PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.

B.  

Only FortiGate hardware configurations affect the path that a packet takes.

C.  

PPP does not apply to packets that are part of an already established session.

D.  

Software configuration has no impact on PPP.

A.  

You can configure automation stitches on any FortiGate device in a Security Fabric environment.

B.  

You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.

C.  

You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.

D.  

You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

A.  

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

B.  

If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.

C.  

If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

D.  

If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

A.  

Disable webfilter-force-off.

B.  

Increase webfilter-timeout.

C.  

Enable fortiguard-anycast.

D.  

Change protocol to TCP.

A.  

Ensure the user logs in using 'John Smith' not 'jsmith'.

B.  

Ensure the user is providing the correct user credentials.

C.  

Ensure the user is a member of at least one AD group to ensure step 4 of the LDAP authentication process is successful.

D.  

Ensure the account is active.

A.  

Packet was dropped because of policy route misconfiguration.

B.  

Packet was dropped because of traffic shaping.

C.  

Trusted host list misconfiguration.

D.  

VIP or IP pool misconfiguration.