Refer to the exhibit.

Examine the IPsec VPN phase 1 configuration shown in theexhibit
An administrator wants to use certificate-based authentication for an IPsec VPN user Which three configuration changes must you make on FortiGate to perform certificate-based authentication for the IPsec VPN user? (Choose three)

• A.Create a PKI user for the IPsec VPN user, and then configure the IPsec VPN tunnel to accept the PKI user as peer certificate
• B.In the Authentication section of the IPsec VPN tunnel in the Method drop-down list select Signature and then select the certificate that FortiGate will use for IPsec VPN
• C.In the IKE section of the IPsec VPN tunnel in the Mode field select Main (ID protection)
• D.Import the CA that signed the user certificate
• E.Enable XAUTH on the IPsec VPN tunnel

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit

A device connected to port2 on FortiSwitch cannot access the network The port is assigned a security policy to enforce 802 1X authentication While troubleshooting the issue, the administrator obtains the debug output shown in the exhibit Which two scenarios are likely to cause this issue? (Choose two.)

• A.The device is not configured for 802 IX authentication.
• B.The device has been quarantined for 3600 seconds.
• C.The device has been assigned the guest VLAN
• D.The device does not support 802 1X authentication

Comment: *

Name: *

Email: *

Verification: *

An administrator has configured an SSID in bridge mode for corporate employees All APs are online and provisioned using default AP profiles Employees are unable to locate the SSID to conned Which two configurations can the administrator verify? (Choose two)

• A.Verify that the broadcast SSID option is enabled in the SSID configuration
• B.Verify that the Block Intra-SSID Traffic (intra-vap-privacy) option in the SSID configuration is disabled
• C.Verify that the SSID to an AP group that should be broadcasting the SSID is applied
• D.Verify that the SSID is manually applied on AP profiles for both 2 4 GHz and 5 GHz radios

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.
Examine the FortiGate logs, widget, and CLI output shown in the exhibit.

An administrator is testing the Security Fabric quarantine automation. The test device (10.0.2.2) is connected to a managed FortiSwitch device.
A few seconds after trying to access a malicious website from the test device, the test device can no longer access the internet and other VLANs in the network. However, the device is still able to access other devices in the same VLAN.
Based on the information shown in the exhibit, which modification should the administrator make to fix the problem?

• A.Change the quarantine mode to by VLAN mode.
• B.Enable the access layer quarantine action on the Quarantine_Devices automation stitch.
• C.Configure a firewall policy on FortiGate to block the intra-VLAN traffic.
• D.Change the quarantine mode to by redirect mode.

Comment: *

Name: *

Email: *

Verification: *

You are setting up an SSID (VAP) to perform RADIUS-authenticated dynamic VLAN allocation.
Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation? (Choose three.)

• A.Tunnel-Type
• B.Tunnel-Medium-Type
• C.Tunnel-Pvt-Group-ID
• D.Tunnel-Private-Group-ID
• E.Tunnel-Preference

Comment: *

Name: *

Email: *

Verification: *