NEW QUESTION 1
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

• A. Firewall monitor.
• B. Policy monitor.
• C. Logs.
• D. Crashlogs.

Answer: CD

NEW QUESTION 2
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

• A. There are 0 ephemeral sessions.
• B. All the sessions in the session table are TCP sessions.
• C. No sessions have been deleted because of memory pages exhaustion.
• D. There are 166 TCP sessions waiting to complete the three-way handshake.

Answer: AD

NEW QUESTION 3
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

• A. FortiManager can download and maintain local copies of FortiGuard databases.
• B. FortiManager supports only FortiGuard push to managed devices.
• C. FortiManager will respond to update requests only if they originate from a managed device.
• D. FortiManager does not support rating requests.

Answer: A

NEW QUESTION 4
Examine the following partial output from two system debug commands; then answer the question below.


Which of the following statements are true regarding the above outputs? (Choose two.)

• A. The unit is running a 32-bit FortiOS
• B. The unit is in kernel conserve mode
• C. The Cached value is always the Active value plus the Inactive value
• D. Kernel indirectly accesses the low memory (LowTotal) through memory paging

Answer: AC

NEW QUESTION 5
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

• A. The debug output shows phases 1 and 2 negotiations onl
• B. Once the tunnel is up, it does not show any more output.
• C. The log-filter setting was set incorrectl
• D. The VPN’s traffic does not match this filter.
• E. The debug shows only error message
• F. If there is no output, then the tunnel is operating normally.
• G. The debug output shows phase 1 negotiation onl
• H. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

Answer: D

NEW QUESTION 6
View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for
Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

• A. The session would remain in the session table, and its traffic would still egress from port1.
• B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
• C. The session would remain in the session table, and its traffic would start to egress from port2.
• D. The session would be deleted, so the client would need to start a new session.

Answer: D

NEW QUESTION 7
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Why didn’t the tunnel come up?

• A. IKE mode configuration is not enabled in the remote IPsec gateway.
• B. The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.
• C. The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.
• D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Answer: B

NEW QUESTION 8
Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

• A. Number of packets that didn’t match the sniffer filter.
• B. Number of total packets dropped by the FortiGate.
• C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.
• D. Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Answer: C

NEW QUESTION 9
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?

• A. There is not enough available memory in the system to create a new entry in the NAT port table.
• B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
• C. FortiGate does not have any available NAT port for a new connection.
• D. The limit for the maximum number of entries in the NAT port table has been reached.

Answer: B

NEW QUESTION 10
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

• A. The connectivity between the FortiGate unit and the DNS server.
• B. The connectivity between the client workstations and the DNS server.
• C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
• D. That DNS service is enabled in the explicit web proxy interface.

Answer: AB

NEW QUESTION 11
View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

• A. Change phase 1 encryption to AESCBC and authentication to SHA128.
• B. Change phase 1 encryption to 3DES and authentication to CBC.
• C. Change phase 1 encryption to AES128 and authentication to SHA512.
• D. Change phase 1 encryption to 3DES and authentication to SHA256.

Answer: C

NEW QUESTION 12
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

• A. A process crash.
• B. Configuration changes.
• C. Changes in the status of any of the FortiGuard licenses.
• D. System entering to and leaving from the proxy conserve mode.

Answer: AD

NEW QUESTION 13
View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

• A. This session is for HA heartbeat traffic.
• B. This session is synced with the slave unit.
• C. The inspection of this session has been offloaded to the slave unit.
• D. This session cannot be synced with the slave unit.

Answer: B

NEW QUESTION 14
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. General organization.
• C. Business.
• D. Information technology.

Answer: C

NEW QUESTION 15
Which statement is true regarding File description (FD) conserve mode?

• A. IPS inspection is affected when FortiGate enters FD conserve mode.
• B. A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
• C. FD conserve mode affects all daemons running on the device.
• D. Restarting the WAD process is required to leave FD conserve mode.

Answer: B

NEW QUESTION 16
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

• A. auto-discovery-sender
• B. auto-discovery-forwarder
• C. auto-discovery-shortcut
• D. auto-discovery-receiver

Answer: C

NEW QUESTION 17
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

• A. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
• B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
• C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
• D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

Answer: AD

NEW QUESTION 18
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspect.

Answer: AD