Refer to the exhibits.
The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook.
Users are given access to the Facebook web application. They can play video content hosted on
Facebook, but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?
The issue arises because the SSL inspection is set to certificate-inspection. To effectively inspect and manage the reactions and other interactive elements on Facebook, a deep content inspection is required. This ensures that the FortiGate can examine the encrypted traffic in detail, which is necessary for controlling actions such as leaving reactions on posts. Therefore, making the SSL inspection a deep content inspection would resolve the issue.
Refer to the exhibits.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
To synchronize the address object between the root FortiGate (Local-FortiGate) and the downstream FortiGate (ISFW), the configuration must ensure that the downstream device can receive synchronized objects. The correct setting is to enable 'downstream-access' on both devices. Without this enabled, the necessary synchronization does not occur, which is why option C, which changes the csf setting on both devices to set downstream-access enable, is the right choice.
Refer to the exhibits.
Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.
Based on the system performance output, which two results are correct? (Choose two.)
First, it is clear from the exhibits that memory usage is at 90%, which is above the red threshold of 88%. This means the FortiGate has entered conserve mode, reducing its operational capacity to conserve resources. This makes 'FortiGate has entered conserve mode' correct. Second, when the FortiGate is in conserve mode, it does not accept configuration changes, as these actions might increase memory usage further. This makes 'Administrators cannot change the configuration' correct. Therefore, the correct answers are that the FortiGate has entered conserve mode and administrators cannot change the configuration.
Refer to the exhibit showing a debug flow output.
What two conclusions can you make from the debug flow output? (Choose two.)
The debug flow output indicates that the protocol number is 1, which corresponds to ICMP traffic, hence confirming that the debug flow is for ICMP traffic. Additionally, the log message 'allocate a new session' shows that a new traffic session was created. Therefore, the two conclusions that can be made from the debug flow output are that the debug flow is for ICMP traffic and that a new traffic session was created.
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?
In an IPsec VPN configuration, the local quick mode selector of one site typically matches the remote quick mode selector of the other site. Since site A has been configured with a local quick mode selector of 192.168.1.0/24 and a remote quick mode selector of 192.168.2.0/24, to correctly establish the VPN, site B's local quick mode selector must be 192.168.2.0/24.