Real IT Certification Exams Questions & Dumps | Get Certified with CertQuestionsBank.com

Question#1

Which two statements explain antivirus scanning modes? (Choose two.)

A. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

B. In flow-based inspection mode files bigger than the buffer size are scanned

C. In proxy-based inspection mode files bigger than the buffer size are scanned

D. In proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client

Explanation:
In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
Flow-based inspection allows real-time scanning of files as they are being transmitted, with minimal impact on performance.
In proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client.
Proxy-based inspection mode holds the file completely, scans it for threats, and only sends the file to the client if no threats are detected.

Question#2

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

A. Local traffic logs

B. Forward traffic logs

C. System event logs

D. Security logs

Explanation:
The type of logs on FortiGate that records information about traffic directly to and from the FortiGate nmanagement IP addresses is:
A. Local traffic logs
Local traffic logs include information about traffic that is directed to and from the FortiGate unit itself, including traffic to and from the FortiGate management IP addresses. These logs provide details about communication involving the FortiGate device.
So, the correct choice is A.

Question#3

Refer to the exhibit.

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.
An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.
What are two solutions for satisfying the requirement? (Choose two.)

A. Configure a separate firewall policy with action Deny and an FQDN address object for *. download, com as destination address.

B. Set the Freeware and Software Downloads category Action to Warning

C. Configure a web override rating for download, com and select Malicious Websites as the subcategory.

D. Configure a static URL filter entry for download, com with Type and Action set to Wildcard and Block, respectively.

Question#4

Refer to the exhibit, which shows the IPS sensor configuration.

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

A. The sensor will gather a packet log for all matched traffic.

B. The sensor will reset all connections that match these signatures.

C. The sensor will allow attackers matching the Microsoft.Windows.iSCSl.Target.DoS signature.

D. The sensor will block all attacks aimed at Windows servers.

Explanation:
The IPS sensor configuration shows that:
The Microsoft.Windows.iSCSI.Target.DoS signature is set to "Monitor" with packet logging enabled, meaning that while traffic matching this signature will be allowed, it will also be logged for further analysis.
The generic Windows filter is set to "Block," meaning that all other attacks matching this filter will be blocked. However, the sensor will not reset connections or log packets unless specified.
Therefore, the sensor will allow attackers matching the specific DoS signature while blocking other
attacks against Windows.
Reference: FortiOS 7.4.1 Administration Guide: IPS Configuration

Question#5

An administrator has configured a strict RPF check on FortiGate.
How does strict RPF check work?

A. Strict RPF allows packets back to sources with all active routes.

B. Strict RPF checks the best route back to the source using the incoming interface.

C. Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

D. Strict RPF check is run on the first sent and reply packet of any new session.

Explanation:
B. Strict RPF checks the best route back to the source using the incoming interface.
Strict: In this mode, Fortigate also verifies that the matching route is the best route in the routing table. That is, if the route in table contains a matching route for the source address and the incoming interface, but there is a better route for the source address through another interface the RPF check fails.
The Strict Reverse Path Forwarding (RPF) check is a security feature that helps prevent source IP address spoofing. When enabled, the FortiGate unit checks the source IP address of each incoming packet and compares it to the routing table to ensure that the packet arrives on the expected interface. Here's an explanation of the statement:
B. Strict RPF checks the best route back to the source using the incoming interface.
When the FortiGate unit receives a packet, it checks the source IP address and verifies that the packet arrives on the expected interface based on the routing table. The "best route back to the source" refers to the route in the routing table that would be used to send packets back to the source IP address. If the incoming interface matches the expected interface based on the routing table, the check passes. If not, the packet may be considered as potentially spoofed, and it might be dropped or subjected to further security measures.
This strict RPF check helps in preventing IP address spoofing, which is a common technique used in various network attacks.
Loose RPF checks for any route and Strict RPF check for best route

FCP_FGT_AD-7.6 Online Practice Questions

Question#1

Question#2

Question#3

Question#4

Question#5

Top 20 Exams

Important Links

Know Us

Follow Us