When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

• A.Known trusted devices, each time they change location
• B.Rogue devices, each time they connect
• C.All connected devices, each time they connect
• D.Rogue devices, only when they connect for the first time

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?

• A.You must use a third-party RADIUS OTP server.
• B.You must register the same FortiToken on more than one FortiGate.
• C.You must use the user self-registration server.
• D.You must use a FortiAuthenticator.

Comment: *

Name: *

Email: *

Verification: *

Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)

• A.Destination defined as internet services in the firewall policy
• B.Lowest to highest policy ID number
• C.Highest to lowest priority defined in the firewall policy
• D.Source defined as internet services in the firewall policy
• E.Services defined in the firewall policy.

Comment: *

Name: *

Email: *

Verification: *

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

• A.Enable two-factor authentication with FSSO.
• B.Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
• C.Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
• D.Under config user settings configure set auth-on-demand implicit.

Comment: *

Name: *

Email: *

Verification: *

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?

• A.A supervisor can enable it through the FortiGate CLI.
• B.An administrator must create their own database using custom signatures.
• C.A supervisor must purchase an industrial signature database and import it to the FortiGate.
• D.By default, the industrial database is enabled.

Comment: *

Name: *

Email: *

Verification: *