Which additional load balancing method is supported in equal cost multipath (ECMP) load balancing when SD-WAN is enabled?

• A.Volume based
• B.Source-destination IP based
• C.Source IP based
• D.Weight based

Comment: *

Name: *

Email: *

Verification: *

A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors.
What is the reason for the certificate warning errors?

• A.The SSL cipher compliance option is not enabled on the SSL inspection profile. This setting is required when the SSL inspection profile is defined with a private CA certificate.
• B.The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
• C.The browser does not recognize the certificate in use as signed by a trusted CA.
• D.With full SSL inspection it is not possible to avoid certificate warning errors at the browser level.

Comment: *

Name: *

Email: *

Verification: *

If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?

• A.The Services field removes the requirement of creating multiple VIPs for different services.
• B.The Services field is used when several VIPs need to be bundled into VIP groups.
• C.The Services field does not allow source NAT and destination NAT to be combined in the same policy.
• D.The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a single computer.

Comment: *

Name: *

Email: *

Verification: *

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

• A.Extended authentication (XAuth)to request the remote peer to provide a username and password
• B.Pre-shared key and certificate signature as authentication methods
• C.No certificate is required on the remote peer when you set the certificate signature as the authentication method
• D.Extended authentication (XAuth) for faster authentication because fewer packets are exchanged

Comment: *

Name: *

Email: *

Verification: *

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken.
Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?

• A.The administrator can register the same FortiToken on more than one FortiGate.
• B.The administrator must use a FortiAuthenticator device.
• C.The administrator can use a third-party radius OTP server.
• D.The administrator must use the user self-registration server.

Comment: *

Name: *

Email: *

Verification: *