QUESTION 36An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this? A.tcp_port_scanB.ip_dst_sessionC.udp_floodD.ip_src_sessionCorrect Answer: A
Section: (none) Explanation Explanation/Reference: QUESTION 37Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels? A Explanation Explanation/Reference: QUESTION 38Examine this output from a debug flow:Why did the FortiGate drop the packet?
. D Section: (none) Explanation Explanation/Reference: QUESTION 39View the exhibit:The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:What should be done next to troubleshoot the problem? .
C Section: (none) Explanation Explanation/Reference: QUESTION 40Which of the following statements about policy-based IPsec tunnels are true? (Choose two.) A.They can be configured in both NAT/Route and transparent operation modes.B.They support L2TP-over-IPsec.C.They require two firewall policies: one for each directions of traffic flow.D.They support GRE-over-IPsec.Correct Answer: ABSection: (none) Explanation Explanation/Reference: QUESTION 41An employee connects to the on the Internet using a web browser. The web server’s certificate was signed by a private internal CA. TheFortiGate that is inspecting this traffic is configured for full SSL inspection.This exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the policy that is invoked in this instance. All other settings are setto defaults. No certificates have been imported into FortiGate. View the exhibit and answer the question that follows.
You've reached the end of your free preview.
Want to read all 49 pages?
- Fall '19
- IP address, FortiGate