If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range?

A. 172.168.0.1 - 172.168.0.10

B. 210.192.168.3 - 210.192.168.10

C. 210.192.168.1 - 210.192.168.4

D. All of the above.

Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it.

Which of the following statements are correct regarding this configuration? (Select all that apply).

A. The Phase 2 will re-key even if there is no traffic.

B. There will be a DH exchange for each re-key.

C. The sequence number of ESP packets received from the peer will not be checked.

D. Quick mode selectors will default to those used in the firewall policy.

Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

A. Firewall

B. Directory Service

C. Local

D. LDAP

E. PKI

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device.

Exhibit A:

Exhibit B: Which one of the following is the most likely reason that the cluster fails to form?

A. Password

B. HA mode

C. Hearbeat

D. Override

What are two of the key features of FortiAnalyzer? (Choose two.)

A. Centralized log repository

B. Cloud-based management

C. Reports

D. Virtual domains (VDOMs)

Which statement correctly compares FortiManager physical and virtual appliances?

A. Physical and virtual FortiManager appliances may manage unlimited devices and have unrestricted storage.

B. Physical and virtual FortiManager appliances use licenses to increase managed device and storage capacity limits.

C. Physical and virtual FortiManager appliances have an unrestricted daily logging rate.

D. Physical and virtual FortiManager appliances use model types and licenses respectively, to differentiate managed device and storage capacity limits.

What statements are true regarding the "store and upload" log transfer option between FortiAnalyzer and FortiGate? (Choose three.)

A. All FortiGates can send logs to FortiAnalyzer using the store and upload option.

B. Only FortiGate models with hard disks can send logs to FortiAnalyzer using the store and upload option.

C. Both secure communications methods (SSL and IPsec) allow the store and upload option.

D. Disk logging is enabled on the FortiGate through the CLI only.

E. Disk logging is enabled by default on the FortiGate.

Examine the Exhibits shown below, then answer the question that follows. Review the following DLP Sensor (Exhibit 1):

Review the following File Filter list for rule #1 (Exhibit 2): Review the following File Filter list for rule #2 (Exhibit 3):

Review the following File Filter list for rule #3 (Exhibit 4):

An MP3 file is renamed to `workbook.exe' and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4.

Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?

A. The file will be detected by rule #1 as an `Audio (mp3)', a log entry will be created and it will be allowed to pass through.

B. The file will be detected by rule #2 as a "*.exe", a log entry will be created and the interface that received the traffic will be brought down.

C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.

D. Nothing, the file will go undetected.

Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.)

A. Tunnel mode can only be used if the SSL VPN user groups have at least one Host Check option enabled.

B. The specific routes needed to access internal resources through an SSL VPN connection in tunnel mode from the client computer are defined in the routing widget associated with the SSL VPN portal.

C. In order to apply a portal to a user, that user must belong to an SSL VPN user group.

D. The portal settings specify whether the connection will operate in web-only or tunnel mode.

What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?

A. Sessions can be idle for no more than 1800 seconds.

B. The maximum length of time a session can be open is 1800 seconds.

C. After 1800 seconds, the end user must reauthenticate.

D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.