Started on

Sunday, February 4, 2024, 10:34 AM

State

Finished

Completed on

Sunday, February 4, 2024, 12:02 PM

Time taken

1 hour 27 mins

Points

37/40

Grade

93 out of 100

Feedback

Congratulations, you passed!

FotiGate 7.4 Operator Self.pdf

tarted on

Top of Form

Question 1

Correct

1 points out of 1

Flag question

Question text

When is remote authentication preferred over local authentication?

Select one:

When the network does not have an available authentication server

When multiple FortiGate devices need to authenticate the same users or user groups

When FortiGate needs to give lower priority to the traffic from local user accounts

When FortiGate does not support local user accounts

Question 2

Correct

1 points out of 1

Flag question

Question text

Which condition could prevent a configured route from being added to the FortiGate routing table?

Select one:

The incorrect distance being set for the default gateway IP address

The absence of administrative access protocols on the interface

The presence of a better route for the same destination

The DHCP server associated with the route being disabled

Question 3

Correct

1 points out of 1

Flag question

Question text

Which inspection mode examines traffic as a whole before determining an action?

Select one:

Application-level inspection

Stateful inspection

Flow-based inspection

Proxy-based inspection

Question 4

Correct

1 points out of 1

Flag question

Question text

What is the security rating in the Fortinet Security Fabric, and how is it calculated?

Select one:

It represents the current level of network performance.

It is calculated based on the number of security logs generated.

It is a numerical value based on device settings and best practices.

It indicates the level of compatibility with third-party devices.

Question 5

Correct

1 points out of 1

Flag question

Question text

Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate? (Choose two.)

Select one or more:

Default gateway

Interface Alias

Subnet object

Address range

Question 6

Correct

1 points out of 1

Flag question

Question text

What is a characteristic of a firewall policy used to allow the traffic from Secure Socket Layer Virtual Private Network (SSL VPN) connections?

Select one:

It encapsulates the traffic using the VPN settings configured.

It assigns SSL certificates to user groups trying to connect.

It uses a virtual tunnel interface in the source field.

It defines the port number used for the SSL VPN portal.

Question 7

Correct

1 points out of 1

Flag question

Question text

Which piece of information does FortiGate know about the user without firewall authentication?

Select one:

The originating domain name

The source IP address

The user login name

The application being used

Question 8

Correct

1 points out of 1

Flag question

Question text

Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?

Select one:

Stateful inspection

Proxy-based inspection

Flow-based inspection

Application-level inspection

Question 9

Correct

1 points out of 1

Flag question

Question text

Which protocol is used for the authentication and encryption of the data in an IPSec VPN implementation?

Select one:

Secure Hash Algorithm (SHA)

Transport Layer Security (TLS)

Advanced Encryption Standard (AES)

Encapsulation Security Payload (ESP)

Question 10

Correct

1 points out of 1

Flag question

Question text

Which actions can you apply to application categories in the Application Control profile?

Select one:

Monitor, allow, block, or quarantine

Allow, encrypt, compress, or redirect

Authenticate, log, encrypt, or back up

Monitor, optimize, redirect, or shape

Question 11

Correct

1 points out of 1

Flag question

Question text

Which two steps are involved in configuring web filtering based on FortiGuard category filters? (Choose two.)

Select one or more:

Create a web filtering security profile using FortiGuard category-based filters.

Apply the web filter security profile to the appropriate firewall policy.

Upgrade FortiOS to obtain the latest database from FortiGuard.

Identify the specific websites to be blocked or allowed.

Question 12

Correct

1 points out of 1

Flag question

Question text

Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?

Select one:

Antivirus scan

Machine learning (ML)/artificial intelligence (AI) scan

Behavioral analysis scan

Grayware scan

Question 13

Correct

1 points out of 1

Flag question

Question text

Which category of services does FortiGuard Labs provide as part of FortiGuard Security Services?

Select one:

Advanced threat intelligence and prevention

Endpoint protection and vulnerability management

Data encryption and secure communications

Network segmentation and access control

Question 14

Correct

1 points out of 1

Flag question

Question text

What is the purpose of the FortiGuard Labs signature database?

Select one:

To keep FortiGate firewalls protected against the latest malware variants

To identify and correct vulnerabilities in FortiGate firewalls

To give FortiGate firewalls the ability to track network traffic and usage patterns

To provide secure configuration templates to FortiGate firewalls

Question 15

Correct

1 points out of 1

Flag question

Question text

How does FortiGate intrusion prevention system (IPS) detect anomalous traffic patterns that do not conform to established protocol requirements and standards?

Select one:

By analyzing Secure Sockets Layer (SSL) certificates

By decrypting network packets

By monitoring user behavior

By using protocol decoders

Question 16

Correct

1 points out of 1

Flag question

Question text

Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?

Select one:

User groups simplify the firewall configuration.

User groups provide stronger encryption for authentication.

User groups contain all individual user accounts by default.

User groups make it easier to monitor authenticated users.

Question 17

Correct

1 points out of 1

Flag question

Question text

Why is it important to back up FortiGate system configurations regularly?

Select one:

To avoid errors while upgrading FortiOS

To ensure optimal performance of FortiGate

To save time and effort in case of a hardware failure

To prevent unexpected configuration changes

Question 18

Correct

1 points out of 1

Flag question

Question text

When configuring antivirus scanning on a firewall policy, which antivirus item should you select?

Select one:

Antivirus exclusion list

Antivirus engine version

Antivirus schedule

Antivirus profile

Question 19

Correct

1 points out of 1

Flag question

Question text

What are two activities that cybercriminals can perform using malware? (Choose two.)

Select one or more:

Damage physical ports

Extort money

Trigger a high availability (HA) failover

Steal intellectual property

Question 20

Incorrect

0 points out of 1

Flag question

Question text

How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?

Select one:

By blocking all network traffic

By monitoring user activity on websites

By comparing network packets to known threats

By decrypting Secure Sockets Layer (SSL)-encrypted traffic

Question 21

Correct

1 points out of 1

Flag question

Question text

Why is the order of firewall policies important?

Select one:

To allow for a faster processing of high priority traffic

To ensure that the security traffic is logged before the normal traffic

To ensure more granular policies are checked and applied before more general policies

To avoid conflicts with other policies in the table with similar parameters

Question 22

Correct

1 points out of 1

Flag question

Question text

What is a recommended best practice when configuring Secure Socket Layer Virtual Private Network (SSL VPN)?

Select one:

Use local users for authentication.

Use the principle of least privilege.

Allow connections from all locations.

Import the self-signed SSL certificate.

Question 23

Correct

1 points out of 1

Flag question

Question text

In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on FortiGate? (Choose two.)

Select one or more:

Number of days for licenses to expire

Number of SSL sessions

Number of local users and user groups

Number of active VPN tunnels

Question 24

Correct

1 points out of 1

Flag question

Question text

You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?

Select one:

Log and Report > Security Events > Application Control

Log and Report > Security Events > WebFilter

Log and Report > Security Events > Antivirus

Log and Report > Security Events > Intrusion Prevention

Question 25

Correct

1 points out of 1

Flag question

Question text

What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet?

Select one:

Monitoring and logging

Firewall authentication

Security scanning

Virtual private networks

Question 26

Correct

1 points out of 1

Flag question

Question text

How does an IPS protect networks from threats?

Select one:

By blocking all incoming network traffic from new sources

By allowing only secure access to network resources

By encrypting all network traffic from untrusted IP addresses

By analyzing traffic and identifying potential threats

Question 27

Incorrect

0 points out of 1

Flag question

Question text

Which two criteria can be matched in the Source field of a firewall policy?

Select one:

Address group and hostname

IP address and user

Interface and service type

MAC address and domain name

Question 28

Correct

1 points out of 1

Flag question

Question text

What is grayware?

Select one:

Known malware with existing signatures

Unsolicited programs installed without user consent

Malicious files sent to the sandbox for inspection

New and unknown malware variants

Question 29

Correct

1 points out of 1

Flag question

Question text

What is the purpose of creating a firewall address object?

Select one:

To define the action for a firewall policy

To specify the source and destination interfaces

To match the source or destination IP subnet

To enable web filtering for a specific address

Question 30

Correct

1 points out of 1

Flag question

Question text

How does FortiGate application control address evasion techniques used by peer-to-peer protocols?

Select one:

By examining a URL block list

By analyzing flow-based inspection

By allowing traffic from only well-known ports.

By monitoring traffic for known patterns

Question 31

Correct

1 points out of 1

Flag question

Question text

Which action can you take to improve the security rating provided by the Fortinet Security Fabric?

Select one:

Upgrade FortiGate to the latest mature version available.

Run the integrity check on all end devices.

Create a configuration revision or back up the configuration.

Apply one or more of the suggested best practices.

Question 32

Correct

1 points out of 1

Flag question

Question text

What are two consequences of allowing a FortiGate license to expire? (Choose two.)

Select one or more:

Inability to monitor system logs and generate network reports

Disruption of network services and potential legal issues

Reduced FortiGate performance and increased vulnerability to security threats

Loss of access to software updates and technical support

Question 33

Incorrect

0 points out of 1

Flag question

Question text

How can you modify the security settings of a VPN tunnel created from a template in FortiGate?

Select one:

Use the custom tunnel creation option

Convert the template to a custom tunnel

Edit the template directly

Choose a different template for the tunnel

Question 34

Correct

1 points out of 1

Flag question

Question text

What is the potential security risk associated with Hypertext Transfer Protocol Secure (HTTPS)?

Select one:

Certificate errors during SSL handshake

Encrypted malicious traffic

Incompatibility with certain web browsers

Increased network latency

Question 35

Correct

1 points out of 1

Flag question

Question text

What is a scenario where automation is used in the Fortinet Security Fabric?

Select one:

Automatically quarantining a computer with malicious activity

Assigning security ratings to newly added devices

Monitoring disk space utilization on FortiAnalyzer

Generating weekly reports for management review

Question 36

Correct

1 points out of 1

Flag question

Question text

What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?

Select one:

No need to install client software

Ability to perform client integrity checks

Support for a wide range of applications and protocols

Access to all network resources for remote users

Question 37

Correct

1 points out of 1

Flag question

Question text

In which architecture is the need to control application traffic becoming increasingly relevant?

Select one:

Distributed architecture

Peer-to-peer architecture

Cloud-based architecture

Traditional client-server architecture

Question 38

Correct

1 points out of 1

Flag question

Question text

Which two protocols can you use for administrative access on a FortiGate interface?

Select one:

Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH)

Remote Desktop Protocol (RDP) and Hypertext Transfer Protocol (HTTP)

Simple Mail Transfer Protocol (SMTP) and Secure Sockets Layer (SSL)

Telnet and Simple Network Management Protocol (SNMP)

Question 39

Correct

1 points out of 1

Flag question

Question text

What is the purpose of firewall policies on FortiGate?

Select one:

To block all incoming traffic

To monitor network traffic

To control network traffic

To encrypt network traffic

Question 40

Correct

1 points out of 1

Flag question

Question text

How are websites filtered using FortiGuard category filters?

Select one:

By scanning the website for malware in real time

By denying access based on the website IP address

By blocking access based on the website content

By examining the HTTP headers from the website

Bottom of Form