Which of the following statements regarding Banned Words are correct? (Select all that apply.)
A. The FortiGate unit can scan web pages and email messages for instances of banned words.
B. When creating a banned word list, an administrator can indicate either specific words or patterns.
C. Banned words can be expressed as simple text, wildcards or regular expressions.
D. Content is automatically blocked if a single instance of a banned word appears.
E. The FortiGate unit updates banned words on a periodic basis.
Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. The phase1 is for a route-based VPN configuration.
B. The phase1 is for a policy-based VPN configuration.
C. The local gateway IP is the address assigned to port1.
D. The local gateway IP address is 10.200.3.1.
Which two statements are correct regarding the "Import all Objects" setting in the import policy wizard? (Choose two.)
A. All used and unused objects will be imported into the ADOM object database.
B. Only used objects will be imported into the ADOM object database.
C. FortiManager allows only policy dependent objects to be imported into an ADOM object database.
D. Any unused object on the FortiGate device will be deleted with the first policy install from FortiManager.
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.
Which of the following statements are correct regarding these VDOMs? (Select all that apply.)
A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes.
B. The FortiGate unit must be a model 1000 or above to support multiple VDOMs.
C. A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled.
D. All VDOMs must operate in the same mode.
E. Changing a VDOM operational mode requires a reboot of the FortiGate unit.
F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs.
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)
A. Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto- negotiated.
B. Must establish an IPsec tunnel ID and pre-shared key.
C. IPsec cannot be enabled if SSL is enabled as well.
D. IPsec is only enabled through the CLI on FortiAnalyzer.
An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network.
Which of the following FortiAnalyzers will be detected? (Select all that apply.)
A. 192.168.11.100
B. 192.168.11.251
C. 192.168.10.100
D. 192.168.10.251
Workflow mode includes which new permissions for Super_Admin administrative users?
A. Self-approval, Approval, Reject
B. Self-disapproval, Approval, Accept
C. Approval, Self-approval, Change Notification
D. Change Notification, Self-disapproval, Submit
The FortiGate unit's GUI provides a link to update the firmware. Clicking this link will perform which of the following actions?
A. It will connect to the Fortinet Support site where the appropriate firmware version can be selected.
B. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit.
C. It will present a prompt to allow browsing to the location of the firmware file.
D. It will automatically connect to the Fortinet Support site to download the most recent firmware version for the FortiGate unit.
Which statements are true regarding encryption settings and levels? (Choose three.)
A. The default encryption level is 128-bit and larger key length algorithms.
B. High level encryption requires additional CPU resources.
C. AES is an example of a high level encryption.
D. The default encryption level on FortiAnalyzer is set at the same default encryption level as FortiGate.
E. "Set enc-algorithm
What statements are true regarding FortiAnalyzer's treatment of high availability (HA) clusters? (Choose two.)
A. FortiAnalyzer distinguishes different devices by their serial number.
B. FortiAnalyzer receives logs from all devices in a cluster.
C. FortiAnalyzer receives logs only from the primary device in the cluster.
D. FortiAnalyzer only needs to know the serial number of the primary device in the cluster--it automatically discovers the other devices.