Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router.
The second unit is elected as the backup designated router.
Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

• A.3
• B.1
• C.4
• D.2

Comment: *

Name: *

Email: *

Verification: *

The IT department discovered during the last network migration that all zero phase selectors in phase 2 IPsec configurations impacted network operations. What are two valid approaches to prevent this during future migrations? (Choose two.)

• A.Use routing protocols to specify allowed subnets over the tunnel.
• B.Configure an IPsec-aggregate to create redundancy between each firewall peer.
• C.Clearly indicate to the VPN which segments will be encrypted in the phase two selectors.
• D.Configure an IP address on the IPsec interface of each firewall to establish unique peer connections and avoid impacting network operations.

Comment: *

Name: *

Email: *

Verification: *

A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?

• A.The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
• B.The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
• C.The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
• D.The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Comment: *

Name: *

Email: *

Verification: *

An administrator applied a block-all IPS profile for client and server targets to secure the server, but the database team reported the application stopped working immediately after. How can an administrator apply IPS in a way that ensures it does not disrupt existing applications in the network?

• A.Use an IPS profile with all signatures in monitor mode and verify patterns before blocking.
• B.Limit the IPS profile to server targets only to avoid blocking connections from the server to clients.
• C.Select flow mode in the IPS profile to accurately analyze application patterns.
• D.Set the IPS profile signature action to default to discard all possible false positives.

Comment: *

Name: *

Email: *

Verification: *

Examine the output from the 'diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A.diagnose sniffer packet any 'esp'
• B.diagnose sniffer packet any 'port 500'
• C.diagnose sniffer packet any 'host 10.0.10.10'
• D.diagnose sniffer packet any 'port 4500'

Comment: *

Name: *

Email: *

Verification: *