Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
Which statement about the policy ID number of a firewall policy is true?
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
Refer to the exhibit.
The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?
Examine the network diagram shown in the exhibit, then answer the following question:
Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
In an explicit proxy setup, where is the authentication method and database configured?
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
Refer to the exhibit, which contains a static route configuration.
An administrator created a static route for Amazon Web Services.
What CLI command must the administrator use to view the route?
An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
View the exhibit.
A user behind the FortiGate is trying to go to (Addicting Games). Based on this configuration, which statement is true?
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
Examine this output from a debug flow:
Why did the FortiGate drop the packet?
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
An administrator has configured the following settings:
What are the two results of this configuration? (Choose two.)
Which three methods are used by the collector agent for AD polling? (Choose three.)