A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs?
A. The FortiGate must be a model 1000 or above to support multiple VDOMs.
B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled.
C. Changing the operational mode of a VDOM requires a reboot of the FortiGate.
D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes.
Your Linux email server runs on a non-standard port number, port 2525. Which statement is true?
A. IPS cannot scan that traffic for SMTP anomalies because of the non-standard port number. You must reconfigured the server to run on port 2.
B. To apply IPS to traffic to that server, you must configured FortiGate SMTP proxy to listen on port 2525
C. IPS will apply all SMTP signatures, regardless of whether they apply to clients or servers.
D. Protocol decoders automatically detect SMTP and scan for matches with appropriate IPS signature.
Which statement is in advantage of using a hub and spoke IPsec VPN configuration instead of a fully-meshed set of IPsec tunnels?
A. Using a hub and spoke topology provides full redundancy.
B. Using a hub and spoke topology requires fewer tunnels.
C. Using a hub and spoke topology uses stronger encryption protocols.
D. Using a hub and spoke topology requires more routes.
Which of the following network protocols can be inspected by the Data Leak Prevention scanning? (Choose three.)
A. SMTP
B. HTTP-POST
C. AIM
D. MAPI
E. ICQ
The exhibit shows a FortiGate routing table.
Which of the following statements are correct?(Choose two)
A. There is only one active default route.
B. The distance values for the route to 192.168.1.0/24 is 200
C. An IP address in the subnet 172.16.78.0/24 has been assigned to the dmz interface.
D. The FortiGate will route the traffic to 172.17.1.2 to next hop with the IP address 192.168.11.254
Which TCP states does the global setting `tcp-half-open-timer' applies to? (Choose two.)
A. SYN SENT
B. SYN and SYN/ACK
C. FIN WAIT
D. TIME WAIT
Which correctly define "Section View" and "Global View" for firewall policies? (Choose two.)
A. Section View lists firewall policies primarily by their interface pairs.
B. Section View lists firewall policies primarily by their sequence number.
C. Global View lists firewall policies primarily by their interface pairs.
D. Global View lists firewall policies primarily by their policy sequence number.
E. The 'any' interface may be used with Section View.
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?
A. Client - > slave FortiGate - > master FortiGate - > web server.
B. Client - > slave FortiGate - > web server.
C. Client - > master FortiGate - > slave FortiGate - > master FortiGate - >web server.
D. Client - > master FortiGate - >slave FortiGate - > web server.
Which profile could IPS engine use on an interface that is in sniffer mode? (Choose three)
A. Antivirus (flow based
B. Web filtering (PROXY BASED)
C. Intrusion Protection
D. Application Control
E. Endpoint control
The exhibit shows two static routes to the same destinations subnet 172.20.168.0/24.
Which of the following statements correctly describes this static routing configuration? (choose two)
A. Both routes will show up in the routing table.
B. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 between routes.
C. Only one route will show up in the routing table.
D. The FortiGate will route the traffic to 172.20.168.0/24 only through one route.