A. Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.
B. Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.
C. Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.
D. Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.
答案:A
問題 #100
Refer to the exhibit, which shows the partial output of command diagnose debug rating.
In this exhibit, which FDS server will the FortiGate algorithm choose?
A. 66.117.56.37
B. 64.26.151.37
C. 209.22.147.36
D. 208.91.112.194
答案:B
解題說明:
The FortiGate will pick 64.26.151.37, since it ties for the lowest weight (10) and has the lowest RTT (45 ms) of all the weight 10 servers.
問題 #101
Refer to the exhibit, which shows partial outputs from two routing debug commands.
Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?
A. Set preserve-session-route to enable.
B. Set snat-route-change to enable.
C. Set the priority of the static default route using port1 to 10.
D. Set the priority of the static default route using port2 to 1.
答案:C
問題 #102
Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.
What three actions must you take to ensure successful communication? (Choose three.)
A. You must authorize the downstream FortiGate on the root FortiGate.
B. FortiGate must not be in NAT mode.
C. Ensure the port for Neighbor Discovery has been changed.
D. Ensure TCP port 8013 is not blocked along the way.
E. You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.
答案:A,D,E
問題 #103
Refer to the exhibit. FortiGate is showing continuous high CPU usage. During a maintenance window the CLI command diagnose sys topdisplays the output shown in the exhibit.
The CLI command diagnose test application ipsmonitor 5was run but the CPU usage by daemon ipsenginedid not drop.
What immediate action can you take to reduce the CPU usage effectively?
A. Disable IPS on internal-to-internal policies.
B. Monitor if there is a traffic surge.
C. Restart all IPS engines.
D. Review the IPS signatures enabled on the active IPS profiles.
答案:A
解題說明:
By turning off IPS inspection on purely internal traffic you immediately remove that load from the ipsengine daemon and drop CPU usage - no need to wait for signature tweaks or engine restarts.
