Which three statements are true regarding session-based authentication? (Choose three.)
Refer to the exhibit.
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?
Refer to the exhibit.
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
Which of the following SD-WAN load –balancing method use interface weight value to distribute traffic? (Choose two.)
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
Refer to the exhibit.
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
Refer to the exhibit.
The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.c om? (Choose two.)
Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?
An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?
Refer to the exhibit.
Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
Refer to the exhibit, which contains a static route configuration.
An administrator created a static route for Amazon Web Services.
What CLI command must the administrator use to view the route?
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?