An administrator applied a block-all IPS profile for client and server targets to secure the server, but the database team reported the application stopped working immediately after.
How can an administrator apply IPS in a way that ensures it does not disrupt existing applications in the network?

• A.Use an IPS profile with all signatures in monitor mode and verify patterns before blocking.
• B.Limit the IPS profile to server targets only to avoid blocking connections from the server to clients.
• C.Select flow mode in the IPS profile to accurately analyze application patterns.
• D.Set the IPS profile signature action to default to discard all possible false positives.

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

An administrator is deploying a hub and spokes network and using OSPF as dynamic protocol.
Which configuration is mandatory for neighbor adjacency?

• A.Set bfd enable in the router configuration
• B.Set network-type point-to-multipoint in the hub interface
• C.Set rfc1583-compatible enable in the router configuration
• D.Set virtual-link enable in the hub interface

Comment: *

Name: *

Email: *

Verification: *

What action can be taken on a FortiGate to block traffic using IPS protocol decoders, focusing on network transmission patterns and application signatures?

• A.Use the DNS filter to block application signatures and protocol decoders.
• B.Use application control to limit non-URL-based software handling.
• C.Enable application detection-based SD-WAN rules.
• D.Configure a web filter profile in flow mode.

Comment: *

Name: *

Email: *

Verification: *

An administrator must enable direct communication between multiple spokes in a company's network. Each spoke has more than one internet connection.
The requirement is for the spokes to connect directly without passing through the hub, and for the links to automatically switch to the best available connection.
How can this automatic detection and optimal link utilization between spokes be achieved?

• A.Set up OSPF routing over static VPN tunnels between spokes.
• B.Utilize ADVPN 2.0 to facilitate dynamic direct tunnels and automatic link optimization.
• C.Establish static VPN tunnels between spokes with predefined backup routes.
• D.Implement SD-WAN policies at the hub to manage spoke link quality.

Comment: *

Name: *

Email: *

Verification: *

A user reports that their computer was infected with malware after accessing a secured HTTPS website.
However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?

• A.The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
• B.The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
• C.The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
• D.The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Comment: *

Name: *

Email: *

Verification: *