Question No. 1

Refer to the exhibit, which shows a custom signature.

Which two modifications must you apply to the configuration of this custom signature so that you can save it on FortiGate? (Choose two.)

AAdd severity.

BAdd attack_id.

CEnsure that the header syntax is F-SBID.

DStart options with --.

Show Answer

Correct Answer: A, B

For a custom signature to be valid and savable on a FortiGate device, it must include certain mandatory fields. Severity is used to specify the level of threat that the signature represents, and attack_id is a unique identifier for the signature. Without these, the signature would not be complete and could not be correctly utilized by the FortiGate's Intrusion Prevention System (IPS).

Question No. 2

Refer to the exhibit, which shows an SSL certification inspection configuration.

Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?

AFortiGate uses the first entry listed in the SAN field in the server certificate

BFortiGate uses the CN information from the Subject field in the server certificate

CFortiGate uses the SNI from the user's web browser.

DFortiGate closes the connection because this represents an invalid SSL/TLS configuration

Show Answer

Correct Answer: D

Question No. 3

Exhibit.

Refer to the exhibit, which contains an active-active toad balancing scenario.

During the traffic flow the primary FortiGate forwards the SYN packet to the secondary FortiGate.

What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to the secondary FortiGate?

ASecondary physical MAC port1

BSecondary virtual MAC port1

CSecondary virtual MAC port1 then physical MAC port1

DSecondary physical MAC port2 then virtual MAC port2

Show Answer

Correct Answer: A

In an active-active load balancing scenario, when the primary FortiGate forwards the SYN packet to the secondary FortiGate, the destination MAC address would be the secondary's physical MAC on port1, as the packet is being sent over the network and the physical MAC is used for layer 2 transmissions.

Question No. 4

Refer to the exhibit, which shows an ADVPN network.

Which VPN phase 1 parameters must you configure on the hub for the ADVPN feature to function? (Choose two.)

Aset auto-discovery-forwarder enable

Bset add-route enable

Cset auto-discovery-receiver enable

Dset auto-discovery-sender enable

Show Answer

Correct Answer: A, C

For the ADVPN feature to function properly on the hub, the following phase 1 parameters must be configured:

A . set auto-discovery-forwarder enable: This enables the hub to forward shortcut information to the spokes, which is essential for them to establish direct tunnels.

C . set auto-discovery-receiver enable: This allows the hub to receive shortcut offers from the spokes.

This information is corroborated by the Fortinet documentation, which explains that in an ADVPN setup, the hub must be able to both forward and receive shortcut information for dynamic tunnel creation between spokes.

Question No. 5

Which FortiGate in a Security I auric sends togs to FortiAnalyzer?

AOnly the root FortiGate.

BEach FortiGate in the Security fabric.

CThe FortiGate devices performing network address translation (NAT) or unified threat management (UTM). if configured.

DOnly the last FortiGate that handled a session in the Security Fabric

Show Answer

Correct Answer: B

Option B is correct because each FortiGate in the Security Fabric can send logs to FortiAnalyzer for centralized logging and analysis12. This allows you to monitor and manage the entire Security Fabric from a single console and view aggregated reports and dashboards.

Option A is incorrect because the root FortiGate is not the only device that can send logs to FortiAnalyzer.The root FortiGate is the device that initiates the Security Fabric and acts as the central point of contact for other FortiGate devices3. However, it does not have to be the only log source for FortiAnalyzer.

Option C is incorrect because the FortiGate devices performing NAT or UTM are not the only devices that can send logs to FortiAnalyzer.These devices can perform additional security functions on the traffic that passes through them, such as firewall, antivirus, web filtering, etc4. However, they are not the only devices that generate logs in the Security Fabric.

Option D is incorrect because the last FortiGate that handled a session in the Security Fabric is not the only device that can send logs to FortiAnalyzer.The last FortiGate is the device that terminates the session and applies the final security policy5. However, it does not have to be the only device that reports the session information to FortiAnalyzer.Reference: =