- (Exam Topic 1)
Refer to the exhibits.
Exhibit A.
Exhibit B.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
Correct Answer:A
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD43820
- (Exam Topic 1)
Which two statements are true about the FGCP protocol? (Choose two.)
Correct Answer:BC
Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcp-fortigate-clustering-protocol
- (Exam Topic 2)
Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)
Correct Answer:CD
- (Exam Topic 2)
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
Correct Answer:D
Source IP seen by the remote resources is FortiGate’s internal IP address and not the user’s IP address
- (Exam Topic 2)
Which two types of traffic are managed only by the management VDOM? (Choose two.)
Correct Answer:AD
- (Exam Topic 2)
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
Correct Answer:D