Started on
Sunday, February 4, 2024, 10:34 AM
State
Finished
Completed on
Sunday, February 4, 2024, 12:02 PM
Time taken
1 hour 27 mins
Points
37/40
Grade
93 out of 100
Feedback
Congratulations, you passed!
pdf.pdfFotiGate 7.4 Operator Self.pdfpdf pdf.pdftarted on
Top of Form
Question 1
Correct
1 points out of 1
Flag question
Question text
When is remote authentication preferred over local authentication?
Select one:
When the network does not have an available authentication server
When multiple FortiGate devices need to authenticate the same users or user groups
When FortiGate needs to give lower priority to the traffic from local user accounts
When FortiGate does not support local user accounts
Question 2
Correct
1 points out of 1
Flag question
Question text
Which condition could prevent a configured route from being added to the FortiGate routing table?
Select one:
The incorrect distance being set for the default gateway IP address
The absence of administrative access protocols on the interface
The presence of a better route for the same destination
The DHCP server associated with the route being disabled
Question 3
Correct
1 points out of 1
Flag question
Question text
Which inspection mode examines traffic as a whole before determining an action?
Select one:
Application-level inspection
Stateful inspection
Flow-based inspection
Proxy-based inspection
Question 4
Correct
1 points out of 1
Flag question
Question text
What is the security rating in the Fortinet Security Fabric, and how is it calculated?
Select one:
It represents the current level of network performance.
It is calculated based on the number of security logs generated.
It is a numerical value based on device settings and best practices.
It indicates the level of compatibility with third-party devices.
Question 5
Correct
1 points out of 1
Flag question
Question text
Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate? (Choose two.)
Select one or more:
Default gateway
Interface Alias
Subnet object
Address range
Question 6
Correct
1 points out of 1
Flag question
Question text
What is a characteristic of a firewall policy used to allow the traffic from Secure Socket Layer Virtual Private Network (SSL VPN) connections?
Select one:
It encapsulates the traffic using the VPN settings configured.
It assigns SSL certificates to user groups trying to connect.
It uses a virtual tunnel interface in the source field.
It defines the port number used for the SSL VPN portal.
Question 7
Correct
1 points out of 1
Flag question
Question text
Which piece of information does FortiGate know about the user without firewall authentication?
Select one:
The originating domain name
The source IP address
The user login name
The application being used
Question 8
Correct
1 points out of 1
Flag question
Question text
Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?
Select one:
Stateful inspection
Proxy-based inspection
Flow-based inspection
Application-level inspection
Question 9
Correct
1 points out of 1
Flag question
Question text
Which protocol is used for the authentication and encryption of the data in an IPSec VPN implementation?
Select one:
Secure Hash Algorithm (SHA)
Transport Layer Security (TLS)
Advanced Encryption Standard (AES)
Encapsulation Security Payload (ESP)
Question 10
Correct
1 points out of 1
Flag question
Question text
Which actions can you apply to application categories in the Application Control profile?
Select one:
Monitor, allow, block, or quarantine
Allow, encrypt, compress, or redirect
Authenticate, log, encrypt, or back up
Monitor, optimize, redirect, or shape
Question 11
Correct
1 points out of 1
Flag question
Question text
Which two steps are involved in configuring web filtering based on FortiGuard category filters? (Choose two.)
Select one or more:
Create a web filtering security profile using FortiGuard category-based filters.
Apply the web filter security profile to the appropriate firewall policy.
Upgrade FortiOS to obtain the latest database from FortiGuard.
Identify the specific websites to be blocked or allowed.
Question 12
Correct
1 points out of 1
Flag question
Question text
Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?
Select one:
Antivirus scan
Machine learning (ML)/artificial intelligence (AI) scan
Behavioral analysis scan
Grayware scan
Question 13
Correct
1 points out of 1
Flag question
Question text
Which category of services does FortiGuard Labs provide as part of FortiGuard Security Services?
Select one:
Advanced threat intelligence and prevention
Endpoint protection and vulnerability management
Data encryption and secure communications
Network segmentation and access control
Question 14
Correct
1 points out of 1
Flag question
Question text
What is the purpose of the FortiGuard Labs signature database?
Select one:
To keep FortiGate firewalls protected against the latest malware variants
To identify and correct vulnerabilities in FortiGate firewalls
To give FortiGate firewalls the ability to track network traffic and usage patterns
To provide secure configuration templates to FortiGate firewalls
Question 15
Correct
1 points out of 1
Flag question
Question text
How does FortiGate intrusion prevention system (IPS) detect anomalous traffic patterns that do not conform to established protocol requirements and standards?
Select one:
By analyzing Secure Sockets Layer (SSL) certificates
By decrypting network packets
By monitoring user behavior
By using protocol decoders
Question 16
Correct
1 points out of 1
Flag question
Question text
Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?
Select one:
User groups simplify the firewall configuration.
User groups provide stronger encryption for authentication.
User groups contain all individual user accounts by default.
User groups make it easier to monitor authenticated users.
Question 17
Correct
1 points out of 1
Flag question
Question text
Why is it important to back up FortiGate system configurations regularly?
Select one:
To avoid errors while upgrading FortiOS
To ensure optimal performance of FortiGate
To save time and effort in case of a hardware failure
To prevent unexpected configuration changes
Question 18
Correct
1 points out of 1
Flag question
Question text
When configuring antivirus scanning on a firewall policy, which antivirus item should you select?
Select one:
Antivirus exclusion list
Antivirus engine version
Antivirus schedule
Antivirus profile
Question 19
Correct
1 points out of 1
Flag question
Question text
What are two activities that cybercriminals can perform using malware? (Choose two.)
Select one or more:
Damage physical ports
Extort money
Trigger a high availability (HA) failover
Steal intellectual property
Question 20
Incorrect
0 points out of 1
Flag question
Question text
How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?
Select one:
By blocking all network traffic
By monitoring user activity on websites
By comparing network packets to known threats
By decrypting Secure Sockets Layer (SSL)-encrypted traffic
Question 21
Correct
1 points out of 1
Flag question
Question text
Why is the order of firewall policies important?
Select one:
To allow for a faster processing of high priority traffic
To ensure that the security traffic is logged before the normal traffic
To ensure more granular policies are checked and applied before more general policies
To avoid conflicts with other policies in the table with similar parameters
Question 22
Correct
1 points out of 1
Flag question
Question text
What is a recommended best practice when configuring Secure Socket Layer Virtual Private Network (SSL VPN)?
Select one:
Use local users for authentication.
Use the principle of least privilege.
Allow connections from all locations.
Import the self-signed SSL certificate.
Question 23
Correct
1 points out of 1
Flag question
Question text
In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on FortiGate? (Choose two.)
Select one or more:
Number of days for licenses to expire
Number of SSL sessions
Number of local users and user groups
Number of active VPN tunnels
Question 24
Correct
1 points out of 1
Flag question
Question text
You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?
Select one:
Log and Report > Security Events > Application Control
Log and Report > Security Events > WebFilter
Log and Report > Security Events > Antivirus
Log and Report > Security Events > Intrusion Prevention
Question 25
Correct
1 points out of 1
Flag question
Question text
What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet?
Select one:
Monitoring and logging
Firewall authentication
Security scanning
Virtual private networks
Question 26
Correct
1 points out of 1
Flag question
Question text
How does an IPS protect networks from threats?
Select one:
By blocking all incoming network traffic from new sources
By allowing only secure access to network resources
By encrypting all network traffic from untrusted IP addresses
By analyzing traffic and identifying potential threats
Question 27
Incorrect
0 points out of 1
Flag question
Question text
Which two criteria can be matched in the Source field of a firewall policy?
Select one:
Address group and hostname
IP address and user
Interface and service type
MAC address and domain name
Question 28
Correct
1 points out of 1
Flag question
Question text
What is grayware?
Select one:
Known malware with existing signatures
Unsolicited programs installed without user consent
Malicious files sent to the sandbox for inspection
New and unknown malware variants
Question 29
Correct
1 points out of 1
Flag question
Question text
What is the purpose of creating a firewall address object?
Select one:
To define the action for a firewall policy
To specify the source and destination interfaces
To match the source or destination IP subnet
To enable web filtering for a specific address
Question 30
Correct
1 points out of 1
Flag question
Question text
How does FortiGate application control address evasion techniques used by peer-to-peer protocols?
Select one:
By examining a URL block list
By analyzing flow-based inspection
By allowing traffic from only well-known ports.
By monitoring traffic for known patterns
Question 31
Correct
1 points out of 1
Flag question
Question text
Which action can you take to improve the security rating provided by the Fortinet Security Fabric?
Select one:
Upgrade FortiGate to the latest mature version available.
Run the integrity check on all end devices.
Create a configuration revision or back up the configuration.
Apply one or more of the suggested best practices.
Question 32
Correct
1 points out of 1
Flag question
Question text
What are two consequences of allowing a FortiGate license to expire? (Choose two.)
Select one or more:
Inability to monitor system logs and generate network reports
Disruption of network services and potential legal issues
Reduced FortiGate performance and increased vulnerability to security threats
Loss of access to software updates and technical support
Question 33
Incorrect
0 points out of 1
Flag question
Question text
How can you modify the security settings of a VPN tunnel created from a template in FortiGate?
Select one:
Use the custom tunnel creation option
Convert the template to a custom tunnel
Edit the template directly
Choose a different template for the tunnel
Question 34
Correct
1 points out of 1
Flag question
Question text
What is the potential security risk associated with Hypertext Transfer Protocol Secure (HTTPS)?
Select one:
Certificate errors during SSL handshake
Encrypted malicious traffic
Incompatibility with certain web browsers
Increased network latency
Question 35
Correct
1 points out of 1
Flag question
Question text
What is a scenario where automation is used in the Fortinet Security Fabric?
Select one:
Automatically quarantining a computer with malicious activity
Assigning security ratings to newly added devices
Monitoring disk space utilization on FortiAnalyzer
Generating weekly reports for management review
Question 36
Correct
1 points out of 1
Flag question
Question text
What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?
Select one:
No need to install client software
Ability to perform client integrity checks
Support for a wide range of applications and protocols
Access to all network resources for remote users
Question 37
Correct
1 points out of 1
Flag question
Question text
In which architecture is the need to control application traffic becoming increasingly relevant?
Select one:
Distributed architecture
Peer-to-peer architecture
Cloud-based architecture
Traditional client-server architecture
Question 38
Correct
1 points out of 1
Flag question
Question text
Which two protocols can you use for administrative access on a FortiGate interface?
Select one:
Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH)
Remote Desktop Protocol (RDP) and Hypertext Transfer Protocol (HTTP)
Simple Mail Transfer Protocol (SMTP) and Secure Sockets Layer (SSL)
Telnet and Simple Network Management Protocol (SNMP)
Question 39
Correct
1 points out of 1
Flag question
Question text
What is the purpose of firewall policies on FortiGate?
Select one:
To block all incoming traffic
To monitor network traffic
To control network traffic
To encrypt network traffic
Question 40
Correct
1 points out of 1
Flag question
Question text
How are websites filtered using FortiGuard category filters?
Select one:
By scanning the website for malware in real time
By denying access based on the website IP address
By blocking access based on the website content
By examining the HTTP headers from the website
Bottom of Form