What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
C. Using a hub and spoke topology provides stronger encryption.
D. The routing at a spoke is simpler, compared to a meshed node.
Identify the statement which correctly describes the output of the following command:
diagnose ips anomaly list
A. Lists the configured DoS policy.
B. List the real-time counters for the configured DoS policy.
C. Lists the errors captured when compiling the DoS policy.
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2 next end
Which of the following statements correctly describes the static routing configuration provided above?
A. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.
B. The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.
D. Only the route that is using port1 will show up in the routing table.
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?
A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file.
C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.
D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.
E. Bob will use Alice's public key to encrypt the file and Alice will use Bob's public key to decrypt the file.
When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search
option.
What is a valid reason for using the Full Search option, instead?
A. The search items you are looking for are not contained in indexed log fields.
B. A quick search only searches data received within the last 24 hours.
C. You want the search to include the FortiAnalyzer's local logs.
D. You want the search to include content archive data as well.
In which of the following report templates would you configure the charts to be included in the report?
A. Layout Template
B. Data Filter Template
C. Output Template
D. Schedule Template
An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report.
Which of the following statements best describes how to do this?
A. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.
B. Add the following entry to the Generic Field section of the Data Filter: service="!smtp".
C. When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.
D. When editing the chart, enter 'dns' in the Exclude Service field.
A FortiClient fails to establish a VPN tunnel with a FortiGate unit.
The following information is displayed in the FortiGate unit logs:
msg="Initiator: sent 192.168.11.101 main mode message #1 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #2 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #3 (OK)" msg="Initiator: parsed 192.168.11.101 main mode message #3 (DONE)" msg="Initiator: sent
192.168.11.101 quick mode message #1 (OK)" msg="Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa" msg="Initiator: sent 192.168.11.101 quick mode message #2 (DONE)" msg="Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5" msg="Failed to acquire an IP address
Which of the following statements is a possible cause for the failure to establish the VPN tunnel?
A. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.
B. There is no IPSec firewall policy configured for the policy-based VPN.
C. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.
D. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.
Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?
A. The FortiGate unit receives periodic "Here I am" messages from the web cache.
B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.
C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.
D. The web cache sends an "I see you" message which is captured by the FortiGate unit.
Which of the following represents the method used on a FortiGate unit running FortiOS version 4.2 to apply traffic shaping to P2P traffic, such as BitTorrent?
A. Apply a Traffic Shaper to a BitTorrent entry in an Application Control List.
B. Enable the Shape option in a Firewall policy with a Service set to BitTorrent.
C. Define a DLP Rule to match against BitTorrent traffic and include the rule in a DLP Sensor with Traffic Shaping enabled.
D. Specify the amount of Rate Limiting to be applied to BitTorrent traffic through the P2P settings of the Firewall Policy Protocol Options.