4/28/2020 FortiGate Essentials Quiz #2

 FortiGate Essentials 6.2

Started on Monday, April 27, 2020, 8:15 PM

State Finished
Completed on Monday, April 27, 2020, 8:20 PM
Time taken 5 mins 24 secs
Points 13/15
Grade 87 out of 100

Question 1 Refer to the exhibit.

Incorrect

0 points out of 1

Which statement about the configuration settings is true?

Select one:
When a remote user accesses https://10.200.1.1:443, the FortiGate login page opens.  Incorrect. Review the
Configuring SSL-VPN section in the SSL-VPN lesson.

When a remote user accesses http://10.200.1.1:443, the SSL-VPN login page opens.

When a remote user accesses https://10.200.1.1:443, the SSL-VPN login page opens.

The settings are invalid. The administrator settings and the SSL-VPN settings cannot use the same port.

Question 2 Which statement about the Service setting in a firewall policy is true?
Correct

1 points out of 1 Select one:

It is optional to add a service in a firewall policy.

Administrators cannot create custom services objects.

It matches the traffic by port number. 

Only one service object can be added to the firewall policy.

Question 3 Examine the following log message attributes:

Correct hostname=www.youtube.com profiletype=""Webfilter_Profile"" profile=""default"" status=""passthrough""msg=""URL
1 points out of 1 belongs to a category with warnings enabled""

Which two statements about the log are correct? (Choose two.)

Select one or more:

The website was allowed on the first attempt.

The category action was set to warning. 

The user failed authentication.

The user was prompted to decide whether to proceed or go back. 

https://training.fortinet.com/mod/quiz/review.php?attempt=3262244&cmid=54627 1/4
4/28/2020 FortiGate Essentials Quiz #2

Question 4 Which protocol can be used to dynamically assign an IP address to a physical interface?
Correct

1 points out of 1 Select one:

ICMP

PPPoE 

IP Config

BOOTP

Question 5 Which two statements about the application control profile mode are true? (Choose two.)
Correct

1 points out of 1 Select one or more:

It uses flow-based scanning techniques, regardless of the inspection mode used. 

It can scan only unsecure protocols.

It cannot be used in conjunction with IPS scanning.

It can be selected in either flow-based or proxy-based firewall policy. 

Question 6 An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN.
Correct  
1 points out of 1 How can this be achieved?

Select one:
Configuring web bookmarks

Assigning public IP addresses to SSL-VPN users

Using web-only mode

Disabling split tunneling 

Question 7 Which two statements about DNS-based web filtering are true? (Choose two.)
Correct

1 points out of 1 Select one or more:

It can inspect the complete URL.

It uses FortiGuard SDNS ratings. 

It requires SSL full inspection.

It supports URL filtering and FortiGuard category only. 

https://training.fortinet.com/mod/quiz/review.php?attempt=3262244&cmid=54627 2/4
4/28/2020 FortiGate Essentials Quiz #2

Question 8 Examine the routing table and sniffer output in the exhibit.
Correct

1 points out of 1

Assuming telnet service is enabled for port1, which statement correctly describes why FGT1 is not responding to the SYN packets?

Select one:
The connection is dropped because of reverse path forwarding check. 

The port1 interface is administratively down.

The port1 interface does not have an IP address.

The connection is denied because of forward policy check.

Question 9 Which two remote authentication servers are supported by FortiGate? (Choose two.)
Correct

1 points out of 1 Select one or more:

RADIUS 

TACACS+ 

SMTP

Diameter

Question 10 An administrator wants to configure an IP address in the management interface of a FortiGate device. However, the configuration
Correct setting is not displayed in the FortiGate GUI.
1 points out of 1  
What can be the reason for this? (Choose two.)

Select one or more:

The interface belongs to a zone.

The interface is configured as one-arm sniffer. 

You cannot configure IP addresses on the management interfaces.

The VDOM is configured in transparent mode. 

Question 11 Which two criteria does FortiGate use to match traffic to a firewall policy? (Choose two.)
Correct

1 points out of 1 Select one or more:

Services 

Source interface 

Security profiles

Logging settings

https://training.fortinet.com/mod/quiz/review.php?attempt=3262244&cmid=54627 3/4
4/28/2020 FortiGate Essentials Quiz #2

Question 12 What client software is required for a tunnel-mode SSL VPN connection?
Correct

1 points out of 1 Select one:

A browser

FortiClient 

Microsoft SSL VPN client

Any third-party SSL VPN client

Question 13 Which routing protocols are supported in FortiGate devices? (Choose two.)
Correct

1 points out of 1 Select one or more:

ISIS 

EIGRP

EGP

OSPF 

Question 14 Which two protocols can FortiGate use to authenticate a user? (Choose two.)
Incorrect

0 points out of 1 Select one or more:

Telnet

HTTPS 

POP3

PPPoE  Incorrect. Review the Authentication Using Firewall Policies section in the Firewall Authentication lesson.

Question 15 Refer to the exhibit.

Correct A user at 192.168.32.15 is trying to access the web server at 172.16.32.254.
1 points out of 1

Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF) checks on this traffic? (Choose
two.)

Select one or more:

Loose RPF check will allow the traffic. 

Loose RPF check will deny the traffic.

Strict RPF check will deny the traffic.

Strict RPF check will allow the traffic. 

https://training.fortinet.com/mod/quiz/review.php?attempt=3262244&cmid=54627 4/4