Which statements about FortiGate inspection modes are true? (Choose two.)

Which statements about FortiGate inspection modes are true? (Choose two.)
A. The default inspection mode is proxy based.
B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.
C. Proxy-based inspection is not available in VDOMs operating in transparent mode.
D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.

Answer: A,C

What statement describes what DNS64 does?

What statement describes what DNS64 does?
A. Converts DNS A record lookups to AAAA record lookups.
B. Translates the destination IPv6 address of the DNS traffic to an IPv4 address.
C. Synthesizes DNS AAAA records from A records.
D. Translates the destination IPv4 address of the DNS traffic to an IPv6 address.

Answer: B

Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)
A. FQDN address
B. IP pool
C. User or user group
D. Firewall service

Answer: B,C

Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)

Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)
A. The antivirus engine starts scanning a file after the last packet arrives.
B. It does not support FortiSandbox inspection.
C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.
D. It uses the compact antivirus database.

Answer: A,C

Which of the following statements about central NAT are true? (Choose two.)

Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT, using central NAT, requires at least one central SNAT policy.
D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.

Answer: A,C

What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
A. Code blocks
B. SMS phone message
C. FortiToken
D. Browser pop-up window
E. Email

Answer: B,C,E

Which statement about the VLAN IDs in this scenario is true?

A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.
Which statement about the VLAN IDs in this scenario is true?
A. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
B. The two VLAN sub-interfaces must have different VLAN IDs.
C. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in the same subnet.
D. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.

Answer: C

Which statements about One-to-One IP pool are true? (Choose two.)

Which statements about One-to-One IP pool are true? (Choose two.)
A. It allows configuration of ARP replies.
B. It allows fixed mapping of an internal address range to an external address range.
C. It is used for destination NAT.
D. It does not use port address translation.

Answer: B,D

An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?

An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?
A. The administrator is running the sniffer on the internal interface only.
B. The filter used in the sniffer matches the traffic only in one direction.
C. The FortiGate is doing content inspection.
D. TCP traffic is being offloaded to an NP6.

Answer: D