Which of the following statements about converse mode are true? (Choose two.)
A. Administrators cannot change the configuration.
B. FortiGate stops sending files to FortiSandbox for inspection.
C. FortiGate stops doing RPF checks over incoming packets.
D. Administrators can access the FortiGate only through the console port.
正解:A,B
質問 2:
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
A. The web-server certificate must be installed on the browser.
B. The CA certificate that signed the web-server certificate must be installed on the browser.
C. The public key of the web server certificate must be installed on the browser.
D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
正解:B
質問 3:
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. Only secondary FortiGate devices are rebooted.
B. The firmware image must be manually uploaded to each FortiGate.
C. Traffic load balancing is temporally disabled while upgrading the firmware.
D. Uninterruptable upgrade is enabled by default.
正解:A,C
質問 4:
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)
A. Include the group of guest users in a policy.
B. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
C. Ensure all firewalls allow the FSSO required ports.
D. Extend timeout timers.
正解:A,C
質問 5:
View the exhibit.
Which of the following statements are correct? (Choose two.)
A. This setup requires at least two firewall policies with the action set to IPsec.
B. This is a redundant IPsec setup.
C. Dead peer detection must be disabled to support this type of IPsec setup.
D. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
正解:B,D
質問 6:
Which of the following FortiGate configuration tasks will create a route in the policy route table? (Choose two.)
A. Static route created with an Internet Services object
B. Static route created with a Named Address object
C. SD-WAN route created for individual member interfaces
D. SD-WAN rule created to route traffic based on link latency
正解:A,D