What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?
A. ips-failopen
B. mem-failopen
C. av-failopen
D. utm-failopen
正解:C
質問 2:
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)
A. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
C. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
D. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
正解:A,C
質問 3:
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3
ipsengine exit log"
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?
A. All IPS-related features have been disabled in FortiGate's configuration.
B. There are communication problems between the IPS engine and the management database.
C. IPS daemon experienced a crash.
D. IPS engine memory consumption has exceeded the model-specific predefined value.
正解:C
質問 4:
Examine the output of the 'get router info ospf interface' command shown in the exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
A. There are at least 5 OSPF routers connected to the port4 network.
B. The local FortiGate has been elected as the OSPF backup designated router.
C. Two OSPF routers are down in the port4 network.
D. The port4 interface is connected to the OSPF backbone area.
正解:C,D
質問 5:
View the exhibit, which contains the output of a diagnose command, and then answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
A. FortiGate used 209.222.147.3 as the initial server to validate its contract.
B. Servers with the D flag are considered to be down.
C. Servers with a negative TZ value are experiencing a service outage.
D. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
正解:A,C
質問 6:
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)
A. SIP ALG can create expected sessions for media traffic; SIP helper does not.
B. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
C. SIP ALG supports SIP HA failover; SIP helper does not.
D. SIP ALG supports SIP over IPv6; SIP helper does not.
E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.
正解:A,C,D
質問 7:
Examine the partial output from two web filter debug commands; then answer the question below:
Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?
A. Business.
B. General organization.
C. Information technology.
D. Finance and banking
正解:A
質問 8:
A FortiGate device has the following LDAP configuration:
The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:
Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)
A. username.
B. dn.
C. password.
D. cnid.
正解:A,C