View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

A. This is an expected session created by a session helper.

B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

D. This is an expected session created by an application control profile.

An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn't the script make any changes to the managed device?

A. Commands that start with the # sign are not executed.

B. CLI scripts will add objects only if they are referenced by policies.

C. Incomplete commands are ignored in CLI scripts.

D. Static routes can only be added using TCL scripts.

View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

A. The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.

B. The log-filter setting was set incorrectly. The VPN's traffic does not match this filter.

C. The debug shows only error messages. If there is no output, then the tunnel is operating normally.

D. The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

What is the diagnose test application ipsmonitor 99 command used for?

A. To enable IPS bypass mode

B. To provide information regarding IPS sessions

C. To disable the IPS engine

D. To restart all IPS engines and monitors

What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

A. IP addresses are in the same subnet.

B. Hello and dead intervals match.

C. OSPF IP MTUs match.

D. OSPF peer IDs match.

E. OSPF costs match.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

A. Change phase 1 encryption to 3DES and authentication to SHA128.

B. Change phase 1 encryption to AES128 and authentication to SHA512.

C. Change phase 1 encryption to AESCBC and authentication to SHA2.

D. Change phase 1 encryption to AES256 and authentication to SHA256.

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

A. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

B. FortiGate limits the total number of simultaneous explicit web proxy users.

C. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator

D. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

A. The local FortiGate OSPF router ID is 0.0.0.4.

B. Port4 is connected to the OSPF backbone area.

C. In the network connected to port4, two OSPF routers are down.

D. The local FortiGate is the backup designated router.

What is the purpose of an internal segmentation firewall (ISFW)?

A. It inspects incoming traffic to protect services in the corporate DMZ.

B. It is the first line of defense at the network perimeter.

C. It splits the network into multiple security segments to minimize the impact of breaches.

D. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the `diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

A. The user student must not be listed in the CA's ignore user list.

B. The user student must belong to one or more of the monitored user groups.

C. The student workstation's IP subnet must be listed in the CA's trusted list.

D. At least one of the student's user groups must be allowed by a FortiGate firewall policy.