Refer to the exhibit. Which two statements are true about the routing entries in this database table? (Choose two.)
Correct Answer: B,D
Question 2
An administrator is running the following sniffer command: diagnose sniffer packet any "host 10.0.2.10" 3 What information will be included in the sniffer output? (Choose three.)
Correct Answer: A,B,C
It really depends on the Verbosity Level. This specific question for Verbosity level 3 is ABC. C is correct: Verbose levels in detail: 1: print header of packets. 2: print header and data from IP of packets. 3: print header and data from Ethernet of packets. 4: print header of packets with interface name. 5: print header and data from IP of packets with interface name. 6: print header and data from Ethernet of packets with interface name. Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=11186
Question 3
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. Which order must FortiGate use when the web filter profile has features such as safe search enabled?
Correct Answer: D
FortiGate applies web filters in the following order: Static URL filter, FortiGuard category filter, Web content filter, Web script filter, and Antivirus scanning.
Question 4
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
Correct Answer: B
The NetSessionEnum function is used to track user logouts. Study Guide - FSSO - FSSO with Windows Active Directory - Collector Agent-Based Polling Mode Options. Collector agent-based polling mode has three methods (or options) for collecting logon info: NetAPI, WinSecLog and WMI. NetAPI: Polls temporary sessions created on the DC when a user logs on or logs off and calls the NetSessionEnum function on Windows. It's faster than the WinSec and WMI methods; however, it can miss some logon events if a DC is under heavy system load. This is because sessions can be quickly created and purged form RAM, before the agent has a chance to poll and notify FG. NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function on Windows. It's faster than the WinSec and WMI methods; however, it can miss some login events if a DC is under heavy system load. This is because sessions can be quickly created and purged from RAM, before the agent has a chance to poll and notify FortiGate. Incorrect: A: NetAPI polling can increase bandwidth usage in large networks. (WinSecLog) C: The collector agent must search security event logs. (WinSecLog) D: The collector agent uses a Windows API to query DCs for user logins. (WMI) - WinSecLog: polis all the security event logs from the DC. It doesn't miss any login events that have been recorded by the DC because events are not normally deleted from the logs. There can be some delay in FortiGate receiving events if the network is large and, therefore, writing to the logs is slow. It also requires that the audit success of specific event IDs is recorded in the Windows security logs. For a full list of supported event IDs, visit the Fortinet Knowledge Base (http://kb.fortinet.com). - NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function on Windows. It's faster than the WinSec and WMI methods; however, it can miss some login events if a DC is under heavy system load. This is because sessions can be quickly created and purged from RAM, before the agent has a chance to poll and notify FortiGate.
Question 5
Which statement about the IP authentication header (AH) used by IPsec is true?
Correct Answer: C
The answer is C. AH provides data integrity but no encryption. The correct statement about the IP Authentication Header (AH) used by IPsec is that AH provides data integrity and authentication but does not provide encryption. "IPsec is a suite of protocols that is used for authenticating and encrypting traffic between two peers. The three most used protocols in the suite are the following: - Internet Key Exchange (IKE), which does the handshake, tunnel maintenance, and disconnection. - Encapsulation Security Payload (ESP), which ensures data integrity and encryption. - Authentication Header (AH), which offers only data integrity - not encryption."
