Consider the following FortiGate configuration: Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate?

A. block

B. inspect

C. allow

D. ignore

Refer to the exhibit.

Given the configuration shown in the exhibit, which two statements are true? (Choose two.)

A. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802.3ad trunk on another device.

B. LAG-1 and LAG-2 should be connected to a 4-port single 802.3ad trunk on another device.

C. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B.

D. LAG-1 and LAG-2 should be connected to a single 4-port 802.3ad interface on the FortiGate-A.

An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.

Which action will reduce the WAN usage by the monitoring system?

A. Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.

B. Install both Supervisor and Collector on each remote site.

C. Install local Collectors on each remote site.

D. Disable real-time log upload on the remote sites.

Refer to the exhibit.

You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of member options.

Referring to the exhibit, which statement is correct in this situation?

A. The FortiGate interfaces are defective and require replacement.

B. The FortiGate model does not have an Integrated Switch Fabric (ISF).

C. The FortiGate model being used does not support LAG.

D. The FortiGate SFP+ slot does not have the correct module.

Refer to the exhibit.

The exhibit shows a topology where a FortiGate is split into two VDOMs, root and vd-lan. The root VDOM

provides external SSL-VPN access, where the users are authenticated by a FortiAuthenticator. The vd-lan

VDOM provides internal access to a Web server.

For the remote users to access the internal Web server, there are a few requirements as follows:

All traffic must come from the SSL-VPN.

The vd-lan VDOM only allows authenticated traffic to the Web server.

Users must only authenticate once, using the SSL-VPN portal.

SSL-VPN uses RADIUS-based authentication.

Given these requirements and the topology shown in the exhibit, which two statements are true? (Choose

two.)

A. vd-lan connects to FortiAuthenticator as a regular FSSO client.

B. root is configured for FSSO while vd-lan is configured for RSSO.

C. root sends "RADIUS Accounting Messages" to FortiAuthenticator

D. vd-lan receives authentication messages from root using FSSO.

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.

E-mails can only be accepted if a valid e-mail account exists. Only authenticated users can send e-mails out.

Which two actions will satisfy the requirements? (Choose two.)

A. Configure recipient address verification.

B. Configure inbound recipient policies.

C. Configure outbound recipient policies.

D. Configure access control rules.

You must create a High Availability deployment with two FortiWebs in Amazon Web Services (AWS); each on different Availability Zones (AZ) from the same region. At the same time, each FortiWeb should be able to deliver content from the Web servers of both of the AZs.

Which deployment would fulfill this requirement?

A. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic Load Balancer (ELB) for the internal Web servers.

B. Use AWS Elastic Load Balancer (ELB) for both the FortiWebs in standalone mode and the internal Web servers in an ELB sandwich.

C. Configure the FortiWebs in Active-Active HA mode and use AWS Route 53 to load balance the internal Web servers.

D. Use AWS Route 53 to load balance the FortiWebs in standalone mode and use AWS Virtual Private Cloud (VPC) Peering to load balance the internal Web servers.

Refer to the exhibit.

An administrator wants to implement a multi-chassis link aggregation (MCLAG) solution using two FortiSwitch 448D devices and one FortiGate 3700D. As described in the network topology shown in the exhibit, two links are already connected from the FortiGate to each FortiSwitch.

What is required to implement this solution? (Choose two.)

A. Replace the FortiGate as this one does not have an ISF.

B. Create two separate link aggregated (LAG) interfaces on the FortiGate side for each FortiSwitch.

C. Add set fortilink-split-interface disable on the FortiLink interface.

D. An ICL link between both FortiSwitch devices needs to be added.

Refer to the exhibit.

Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate-B to reach the server.

Referring to the exhibit, which two actions satisfy this requirement? (Choose two.)

A. Use Kerberos authentication.

B. Use the Collector Agent.

C. Use FortiAuthenticator.

D. FortiGate-A must generate a RADIUS accounting packet.

Refer to the exhibit.

Central NAT was configured on a FortiGate firewall. A sniffer shows ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP (VIP) that was configured

Referring to the exhibit, which configuration change will ensure that ICMP traffic is also translated?

A. Option A

B. Option B

C. Option C

D. Option D