Fortigate 6.0 Sample Exam
Which of the following settings and protocols can be used to provide secure and
restrictive administrative access to FortiGate? (Choose three.)
-Trusted host
-HTTPS
-Trusted authentication
-FortiTelemetry
-SSH
Trusted Host
HTTPS
SSH
Which statements are true regarding incoming and outgoing interfaces in firewall
policies? (Choose two.)
Select one or more:
-An incoming interface is mandatory in a firewall policy, but an outgoing interface
is optional.
-A zone can be chosen as the outgoing interface.
-Only the any interface can be chosen as an incoming interface.
-Multiple interfaces can be selected as incoming and outgoing interfaces.
-A zone can be chosen as the outgoing interface.
-Multiple interfaces can be selected as incoming and outgoing interfaces.
What is the purpose of the Policy Lookup feature?
-It finds duplicate objects in firewall policies.
-It creates a new firewall policy based on input criteria.
-It creates packet flow over FortiGate by sending real-time traffic.
-It searches the matching policy based on input criteria.
It searches the matching policy based on input criteria.
An administrator has configured central DNAT and virtual IPs. Which of the
following can be selected in the firewall policy Destination field?
Select one:
-A VIP group
-The mapped IP address object of the VIP object
-An IP pool
-A VIP object
The mapped IP address object of the VIP object
Which statement about firewall policy NAT is true?
Select one:
-SNAT can automatically apply to multiple firewall policies, based on SNAT
policies.
-DNAT can automatically apply to multiple firewall policies, based on DNAT rules.
, -DNAT is not supported.
-You must configure SNAT for each firewall policy.
You must configure SNAT for each firewall policy.
Examine this partial output from the diagnose sys session list CLI command:
diagnose sys session list
session info: proto=6 proto_state=05 duration=2 expire=78 timeout=3600
flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=3
What does this output state?
Select one:
-proto_state=05 means there is only one-way traffic.
-proto_state=05 is the UDP state.
-proto_state=05 is the TCP state.
-proto_state=05 is the ICMP state.
proto_state=05 is the TCP state
What methods can be used to deliver the token code to a user who is configured
to use two-factor authentication? (Choose three.)
Select one or more:
-FortiToken
-Email
-Voicemail message
-Instant message app
-SMS text message
FortiToken
Email
SMS text message
FortiGate has been configured for Firewall Authentication. When attempting to
access an external website, the user is not presented with a login prompt. What is
the most likely reason for this situation?
Select one:
-No matching user account exists for this user.
-The user was authenticated using passive authentication.
-The user is using a super admin account.
-The user is using a guest account profile.
The user was authenticated using passive authentication.
View the raw log.
date=2018-01-30 time=09:58:39 logid="10590287d4" type="utm" subtype="app-
ctrl" eventtype-"app-ctrl-all" level-"information" vd-"root" logtime-1517335119
appid-40568 srcip-10.0.1.10 dstip-13.32.69.150 srcport=64963 dstport=443
srcintf="port3" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined"
proto-6 service="HTTPS" policyid=1 sessionid=126936 applist="block-high-risk"
appcat="Web.Client" app-"HTTPS. BRONSER" action-"pass" hostname-".cdn.
mozilla. net" incidentserialno-420353834 url=" msg="Web.Client: HTTPS.
Which of the following settings and protocols can be used to provide secure and
restrictive administrative access to FortiGate? (Choose three.)
-Trusted host
-HTTPS
-Trusted authentication
-FortiTelemetry
-SSH
Trusted Host
HTTPS
SSH
Which statements are true regarding incoming and outgoing interfaces in firewall
policies? (Choose two.)
Select one or more:
-An incoming interface is mandatory in a firewall policy, but an outgoing interface
is optional.
-A zone can be chosen as the outgoing interface.
-Only the any interface can be chosen as an incoming interface.
-Multiple interfaces can be selected as incoming and outgoing interfaces.
-A zone can be chosen as the outgoing interface.
-Multiple interfaces can be selected as incoming and outgoing interfaces.
What is the purpose of the Policy Lookup feature?
-It finds duplicate objects in firewall policies.
-It creates a new firewall policy based on input criteria.
-It creates packet flow over FortiGate by sending real-time traffic.
-It searches the matching policy based on input criteria.
It searches the matching policy based on input criteria.
An administrator has configured central DNAT and virtual IPs. Which of the
following can be selected in the firewall policy Destination field?
Select one:
-A VIP group
-The mapped IP address object of the VIP object
-An IP pool
-A VIP object
The mapped IP address object of the VIP object
Which statement about firewall policy NAT is true?
Select one:
-SNAT can automatically apply to multiple firewall policies, based on SNAT
policies.
-DNAT can automatically apply to multiple firewall policies, based on DNAT rules.
, -DNAT is not supported.
-You must configure SNAT for each firewall policy.
You must configure SNAT for each firewall policy.
Examine this partial output from the diagnose sys session list CLI command:
diagnose sys session list
session info: proto=6 proto_state=05 duration=2 expire=78 timeout=3600
flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=3
What does this output state?
Select one:
-proto_state=05 means there is only one-way traffic.
-proto_state=05 is the UDP state.
-proto_state=05 is the TCP state.
-proto_state=05 is the ICMP state.
proto_state=05 is the TCP state
What methods can be used to deliver the token code to a user who is configured
to use two-factor authentication? (Choose three.)
Select one or more:
-FortiToken
-Voicemail message
-Instant message app
-SMS text message
FortiToken
SMS text message
FortiGate has been configured for Firewall Authentication. When attempting to
access an external website, the user is not presented with a login prompt. What is
the most likely reason for this situation?
Select one:
-No matching user account exists for this user.
-The user was authenticated using passive authentication.
-The user is using a super admin account.
-The user is using a guest account profile.
The user was authenticated using passive authentication.
View the raw log.
date=2018-01-30 time=09:58:39 logid="10590287d4" type="utm" subtype="app-
ctrl" eventtype-"app-ctrl-all" level-"information" vd-"root" logtime-1517335119
appid-40568 srcip-10.0.1.10 dstip-13.32.69.150 srcport=64963 dstport=443
srcintf="port3" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined"
proto-6 service="HTTPS" policyid=1 sessionid=126936 applist="block-high-risk"
appcat="Web.Client" app-"HTTPS. BRONSER" action-"pass" hostname-".cdn.
mozilla. net" incidentserialno-420353834 url=" msg="Web.Client: HTTPS.
