Which SYN flood mitigation mode must the customer use?
A customer wants to enable SYN flood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source IP address. Which SYN flood mitigation mode must the customer use? A. SYN retransmission B. SYN/ACK cookie C. SYN cookie D. ACK cookie
Referring to the exhibit, which configuration setting should be executed in the dial-up configuration to allow
Refer to the exhibit. A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGate devices to connect to it. However, FortiGate A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect while site A is connected, […]
Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed c
Consider the following FortiGate configuration: Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate? A. block B. inspect C. allow D. ignore
Referring to the exhibit, which two statements about this configuration are true?
Refer to the exhibit. A FortiGate device is configured to authenticate SSL VPN users using digital certificates. A partial FortiGate configuration is shown in the exhibit. Referring to the exhibit, which two statements about this configuration are true? (Choose two.) A. The authentication will fail if the user certificate does not contain the user principal […]
In this scenario, which command will solve this problem?
Refer to the exhibit. You created an aggregate interface between a FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds 1 Gbps and employees are reporting that the network is slow. After troubleshooting, you notice that only one member interface is being used. […]
Given the output shown in the exhibit, which statement is true?
Refer to the exhibit. You created a custom health-check for your FortiWeb deployment. Given the output shown in the exhibit, which statement is true? A. The FortiWeb must receive an RST packet from the server. B. The FortiWeb must receive an HTTP 200 response code from the server. C. The FortiWeb must match the hash […]
In this scenario, which two methods will satisfy the requirement?
You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.) A. Download the WSDL file from FortiManager administration GUI. B. Make a call with the curl utility on your workstation. C. Make a call with the SoapUI API […]
What should you do to solve this problem?
You are building a FortiGate cluster which is stretched over two locations. The HA connections for the cluster are terminated on the local switches in the data centers. Once the FortiGate devices have booted, they do not form a cluster. The network operators inform you that CRC errors are present on the switches where the […]
Which prevention mode on FortiDDoS will protect you against this specific type of attack?
You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack? A. asymmetric mode B. aggressive aging mode C. rate limiting mode D. blocking mode
Which statement represents the purpose of this policy?
Refer to the exhibit. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy? A. The policy redirects all HTTPS URLs to HTTP. B. The policy redirects all HTTP URLs to HTTPS. C. The policy redirects only HTTP URLs containing the ^/(.*)$ string […]