Click the Exhibit button. Referring to the exhibit, which two statements are true? (Choose two.)

A. The IPv4 traffic for nse8user is filtered using the DNS profile.

B. The IPv6 traffic for nse8user is filtered using the DNS profile.

C. The IPv4 policy is allowing security profile groups.

D. The Web traffic for nse8user is being filtered differently in IPv4 and IPv6.

Exhibit Click the Exhibit button. You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of

member options. Referring to the exhibit, which statement is correct in this situation?

A. The FortiGate model being used does not support LAG.

B. The FortiGate model does not have an Integrated Switch Fabric (ISF).

C. The FortiGate SFP+ slot does not have the correct module.

D. The FortiGate interfaces are defective and require replacement.

Click the Exhibit button.

Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?

A. Create an IPsec tunnel with transport mode encapsulation.

B. Create an IPsec tunnel with Mode encapsulation.

C. Create an IPsec tunnel with VXLAN encapsulation.

D. Create an IPsec tunnel with VLAN encapsulation.

Exhibit

You created a custom health-check for your FortiWeb deployment.

Referring to the output shown in the exhibit, which statement is true?

A. The FortiWeb must receive an RST packet from the server.

B. The FortiWeb must receive an HTTP 200 response code from the server.

C. The FortiWeb must receive an ICMP Echo Request from the server.

D. The FortiWeb must match the hash value of the page index html.

You configure an outgoing firewall policy with a web filter for accessing the internet. The access to URL https// itacm.co and web belonging to the same category should be blocked. You notice that the Web server presents a certificate with CN=www acme.com. The www.it.acme site is as '' information Technology and the www.acme.com site is categorized as ''Business".

Which statements is correct in this scenario?

A. Category "information Technology" needs to blocked, the FortiGate is able to inspection the URL with HTTPS sessions.

B. Category "Business" need a to be block: the certificate name takes precedence over the SNI.

C. SSL inspection must be configured to deep-inspection: the category "information Technology "needs to be blocked.

D. Category :information Technology" needs to be blocked, the SNI takes precedence over the certificate name.

Click the exhibit button.

A FortiGate device is configured to authenticate SSL VPN users using digital certificates. Part of the

FortiGate configuration is shown in the exhibit.

Which two statements are true in this scenario? (Choose two.)

A. The authentication will fail if the OCSP server is down.

B. OCSP is used to verify that the user-signed certificate has not expired.

C. The authentication will fail if the certificate does not contain user principle name (UPN) information.

D. The authentication will fail if the user certificate does not contain the CA_Cert string in the Failed.

You cannot the FortiGales default gateway 10.10.10 .1 from the FortiGate CLI. The FortiGate interface facing the default gateway is wan 1 and its IP address 10.10 .10 K74 During the troubleshooting, tests, you confirmed that you can plug other IP addresses in the 10.10.10. 0/24 subnet from the FortiGAte CLI without packets lost.

Which two CLI commands will help you to troubleshoot this problem? (Choose two.)

A. diagnose ip arp list

B. diag aniffer packet wan1 'arp and host 10.10.1O.1'

C. diagnose hardware deviceinfo nice wan1

D. diagnose debug flow filter addt 10.10.10.1

E. diagnose debug flow trace trace 10

An organization has one central site And three remote sites. A FotiSIEM has been drafted on the central

site and now all devices across the remote sites need to be monitored by the FortiSlEM.

When action would reduce the WAN usage by the monitoring system?

A. Deploy a single Supervisor on the central site and enable WAN optimize on the WAN gateways.

B. Install local Collection remote site.

C. Disable monitoring on the remote sites during the day.

D. install a Supervisor and a Collector for each remote site.

Click the Exhibit button.

You configured AV and Web filtering for your outgoing Internet connections. You later noticed that not all Web sessions are being inspected and you start troubleshooting the problem.

Referring to the exhibit, what would cause this problem?

A. The Web session is using QUIC which a not inspected by the FortiGate

B. These are problem with the connection to the Web filter servers, therefore the Web session cannot be categorized.

C. The SSL inspection options are not set to inspection

D. Web filtering is not licensed, therefore no inspection occurs.

Click the Exhibit button.

You have two data centers a FortiGate 7000-series chassis connected by VPN, and all traffic flows over an

established generic routing encapsulation (GRE) tunnel between them.

You are troubleshooting traffic that is traversing between Server VLAN A and Server VLAN B. The

performance is lower than expected and all traffic is only on the FPM module in slot 3.

Referring to the exhibit, which action will correct the problem?

A. Referring to the exhibit, which action will correct the problem?

B. NO course of action enables load balancing in this scenario.

C. Change the algorithm so it takes IP source IP, destination IP, and port no account.

D. Configuration a local-balance flow-rule in the CLI to enable load balancing.