Question 6 of 62

How does FortiGate verify the login credentials of a remote LDAP user?

    Correct Answer: A

    FortiGate sends the user-entered credentials to the LDAP server for authentication. This is a standard process for LDAP authentication, where the credentials provided by the user are passed on to the LDAP server to verify their validity.

Question 7 of 62

Which statements about high availability (HA) for FortiGates are true? (Choose two.)

    Correct Answer: AD

    Virtual clustering can be configured between two FortiGate devices with multiple VDOMs, which enables higher availability and load balancing across the devices. Sessions handled by the UTM proxy cannot be synchronized, as the session state information for proxy-based sessions is not replicated between cluster members, affecting session continuity during a failover.

Question 8 of 62

Which of the following statements about central NAT are true? (Choose two.)

    Correct Answer: CD

    Central NAT provides a unified and simplified method of handling Source NAT (SNAT) and Destination NAT (DNAT) in Fortinet devices. To use Source NAT with central NAT, at least one central SNAT policy must be configured. For Destination NAT, a VIP (Virtual IP) object is required as the destination address in the firewall policy. This ensures proper routing of incoming traffic to the correct internal servers.

Question 9 of 62

What information is flushed when the chunk-size value is changed in the config dlp settings?

    Correct Answer: A

    Changing the chunk-size value in the config DLP (Data Loss Prevention) settings impacts the database for DLP document fingerprinting. This is because the chunk-size value determines how data is segmented for fingerprinting, and altering it would require reprocessing and updating the existing data in the database. This ensures that the DLP system can accurately identify and protect sensitive information based on the new chunk size.

Question 10 of 62

Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.

The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.

Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

    Correct Answer: A

    The IP address used to source NAT the internet traffic coming from the workstation with the IP address 10.0.1.10/24 will be 10.200.1.1. The configuration shows that NAT is enabled on the top firewall policy with an outgoing interface address (WAN port1). This means the external IP address of the outgoing interface, in this case, 10.200.1.1, will be used for source NAT.