When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
A. It must be configured in a static route using the sdwan virtual interface.
B. It must be provided in the SD-WAN member interface configuration.
C. It must be configured in a policy-route using the sdwan virtual interface.
D. It must be learned automatically through a dynamic routing protocol.
Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)
A. The root VDOM is the management VDOM by default.
B. A FortiGate device has 64 VDOMs, created by default.
C. Each VDOM maintains its own system time.
D. Each VDOM maintains its own routing table.
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)
A. Firewall service
B. User or user group
C. IP Pool
D. FQDN address
An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?
A. FortiGate needs to be switched to NGFW mode.
B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.
C. Proxy options are no longer available starting in FortiOS 5.6.
D. FortiGate is in flow-based inspection mode.
Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)
A. If the DHCP method fails, browsers will try the DNS method.
B. The browser needs to be preconfigured with the DHCP server's IP address.
C. The browser sends a DHCPINFORM request to the DHCP server.
D. The DHCP server provides the PAC file for download.
Which statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.
B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.
C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.
D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. How must the administrator configure the local quick mode selector for site B?
A. 192.168.3.0/24
B. 192.168.2.0/24
C. 192.168.1.0/24
D. 192.168.0.0/8
View the following exhibit, which shows the firewall policies and the object uses in the firewall policies.
The administrator is using the Policy Lookup feature and has entered the search create shown in the following exhibit.
Which of the following will be highlighted based on the input criteria?
A. Policy with ID1.
B. Policies with ID 2 and 3.
C. Policy with ID 5.
D. Policy with ID 4.
What FortiGate configuration is required to actively prompt users for credentials?
A. You must enable one or more protocols that support active authentication on a firewall policy.
B. You must position the firewall policy for active authentication before a firewall policy for passive authentication
C. You must assign users to a group for active authentication
D. You must enable the Authentication setting on the firewall policy
Examine this network diagram:
Examine this explicit web proxy configuration:
What filter can be used in the command diagnose sniffer packet to capture the traffic between the client and the explicit web proxy?
A. `host 10.0.0.50 and port 8080'
B. `host 10.0.0.50 and port 80'
C. `host 192.168.0.2 and port 8080'
D. `host 192.168.0.1 and port 80'