FortiManager is configured with the Jinja Script under CLI Templates shown in the exhibit.
Which two statements correctly describe the expected behavior when running this template? (Choose two.)
Question 6 of 95
Refer to the exhibit.
FortiManager is configured with the Jinja Script under CLI Templates shown in the exhibit.
Which two statements correctly describe the expected behavior when running this template? (Choose two.)
FortiManager is configured with the Jinja Script under CLI Templates shown in the exhibit.
Which two statements correctly describe the expected behavior when running this template? (Choose two.)
Correct Answer: C, D
The expected behavior when running this template is that the template will work if you change the variable format to the correct Jinja syntax {{ WAN }}. Jinja templates use double curly braces {{ }} to enclose variables, which is the recognized syntax for variable substitution in Jinja. Additionally, the administrator must first manually map the interface for each device with a meta field. The meta fields are used to define specific values or interfaces that the Jinja template will use during execution. Therefore, for the given Jinja template to work properly, it must correctly reference these pre-defined meta fields.
Question 7 of 95
SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.
You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.
What should you configure?
You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.
What should you configure?
Correct Answer: D
To ensure low DNS resolution times on a FortiGate, it is crucial to direct the DNS query traffic efficiently. Configuring local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP ensures that the FortiGate selects the optimal path for DNS requests. By setting an SD-WAN rule specifically to the DNS server, the FortiGate can dynamically choose the best link, enhancing DNS resolution performance and reducing latency effectively.
Question 8 of 95
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit C -
A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C.
Referring to the exhibits, which configuration will restore VPN connectivity?
Exhibit A -
Exhibit B -
Exhibit C -
A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C.
Referring to the exhibits, which configuration will restore VPN connectivity?
Correct Answer: D
The configuration to restore VPN connectivity should accommodate the specific settings observed in the exhibits. Looking at Exhibit A and Exhibit B, we can see various parameters, such as the peer ID, the proposal 'aes256-sha256', and the necessity for NPU (Network Processing Unit) offloading indicated by 'npu_flag=03'. The configuration in Exhibit D matches these requirements, including NPU offloading and the correct use of 'aes256-sha256'. Therefore, the correct answer is the configuration that aligns with these settings, which is provided in option D.
Question 9 of 95
An HA topology is using the following configuration:
Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?
Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?
Correct Answer: A
In the given configuration, the heartbeat interval (hb-interval) is set to 3. This is equivalent to 300 milliseconds (ms) because the default heartbeat interval is generally taken as 100 ms multiplied by the set interval value. The hb-lost-threshold is 2, which means the failover will be detected after 2 missed heartbeats. Therefore, the total time to detect a failover will be 2 times the hb-interval, which is 2 x 300 ms = 600 ms. Hence, the correct answer is 600 ms.
Question 10 of 95
Refer to the exhibit.
You have deployed a security fabric with three FortiGate devices as shown in the exhibit.
FGT_2 has the following configuration:
FGT_1 and FGT_3 are configured with the default setting.
Which statement is true for the synchronization of fabric-objects?
You have deployed a security fabric with three FortiGate devices as shown in the exhibit.
FGT_2 has the following configuration:
FGT_1 and FGT_3 are configured with the default setting.
Which statement is true for the synchronization of fabric-objects?
Correct Answer: C
The configuration on FGT_2 with 'set fabric-object-unification local' indicates that objects will not be synchronized to or from FGT_2. Default setting means synchronization occurs between root FortiGate and downstream FortiGate devices. Since FGT_2's synchronization is set to local, it will not synchronize objects with any other device, not upstream to the root FortiGate nor downstream to FGT_3. Therefore, objects from the root FortiGate will not be synchronized to any downstream FortiGate.