Question 1
What output profiles can you limit for reporting event notifications? (Choose two)
a.SMS
B. Forward to another FortiAnaiyzer device
C.Upload to a server
e. Email
Answer: C, D
Question 2
Which statements are true regarding the content file, also known as a data leak prevention (DLP) file? (Choose two)
A. Allow full and summary file
B. It is set globally for all policies.
C. The default behavior is to perform a full archive.
D. The DLP engine examines email, FTP, NNTP, and web traffic.
Answer: A, D
Question 3
Since the antivirus and IPS update service is enabled, and the FortiGuard configuration as shown in the exhibit. The desired behavior is for managed devices to use public servers for these updates in case FortiManager becomes inaccessible, which is not the case with the current configuration. What two actions are necessary to correct this? (Choose two)
A. Change the server override mode from strict to flexible.
B. Change the pat from 8890 to 443 in the Use override server address for FortiGate/FortiMail setting.
C. Uncheck the Use override server address for FortiGate/FortiMail option.
D. Change the IP address to a public FDS server and access 443 in the Use override server address for FortiGate/FortiMail setting.
Answer: A, C
Question: 4
What remote authentication servers can you configure to validate your FortiAnalyzer administrator logins? (Choose three)
A.RADIO
B.Local
c.LDAP
DPKI
E. TACACS+
Answer: A, C, E
Question: 5
Which two statements are correct regarding synchronization between primary and secondary devices on a FortManager HA Duster? (Choose two)
A. All global ncbdng device configuration databases are synchronized across the HA cluster,
B. Each appliance in the cluster downloads the FortiGuard databases separately.
C. FortiGuard databases are downloaded by the primary FortManager appliance and then synchronized with all secondary appliances.
D. Local registries and registry configuration values are synchronized to the high availability cluster.
Answer: A, B
Question: 6
What new permissions does workflow mode introduce for Super_Admin administrative users?
A. Self-Approval, Approval, Rejection
B. Self Disapproval, Approval, Accept
C. Approval, Self-Approval, Change Notice
D. Notice of change, own disapproval, submission
Answer: C
Question: 7
Which two statements are correct regarding the header and footer policies? (Choose two)
A. Header and footer policies can only be created by the root ADOM.
B. Header and footer policies can only be created in the global ADOM.
C. Header and footer policies are created in policy packages and assigned to ADOM policy packages.
D. Header and footer policies can be modified in the assigned ADOM policy package.
Answer: B, C
Question: 8
Which two statements are correct regarding administrative users and accounts? (Choose two)
A. Administrative user accounts can exist locally or remotely.
B. Administrative user login information is available to all administrators via the Web.
C. Administrative users must be assigned an administrative profile.
D. Administrative user access is restricted only by administrative profiles.
Answer: A, C
Question: 9
Which statement correctly compares physical and virtual FortiManager appliances?
A. FortiManger physical and virtual appliances can consume unlimited devices and have unrestricted storage.
B. FortiManger physical and virtual appliances use licenses to increase managed device and storage capacity limits.
C. Physical and virtual FortiManger appliances have an unrestricted daily check-in rate.
D. Physical and virtual FortiManger appliances use model types and licenses, respectively, to differentiate managed device and storage capacity limits.
Answer: D
Question: 10
What is the purpose of blocking an ADOM revision?
A. To prevent further changes from Device Manager,
B. To disable revision history.
C. To prevent automatic deletion.
D. To lock the Policy and Objects tab.
Answer: C
Question: 11
Which two statements describe the configuration status of a “modified” device in the Configuration and Installation Status widget of a managed FortiGate device?
A. Configuration changes were made directly on the managed device,
B. Configuration changes were made from Device Imager for a managed FortiGate device.
C. Rebuttal changes were instituted on a managed FortiGate device.
D. Confutation changes in Device Manager no longer calculate the last revision in the device’s revision history.
Answer: B
Question: 12
What effect do administrative domains (ADCM) have on reporting settings? (Choose two)
A. perfect. ADOMs cannot be used with reports.
B. Reports must be configured with (your own ADOM.
C. The graphics library, macro library, dataset library, and output profile become ADOM-specific.
D. The dataset library becomes global to all ADOMs.
Answer: B, C
Question: 13
Which statements are true regarding the disk log quota? (Choose two)
A. The FortiAnalyzer stops logging once the disk log quota is reached.
B. The FortiAnalyzer automatically sets the disk log quota based on the device.
C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is reached.
D. The FortiAnalyzer disk logging quota is configurable, but has a minimum or maximum of 100mb depending on system reserved space.
Answer: C, D
Question: 14
What ports does FortWanager commonly use? (Choose two)
A. TCP 541 for remote management of a ForUGate unit.
B. TCP 5199 HA heartbeat or sync (FortMaTager HA cluster).
C. TCP 703 HA heartbeat or sync (fortiManager HA duster).
D. TCP 514 for remote management of a FortiGate urat.
Answer: A, B
Question: 15
Which statements are true regarding the FortiAnalyzer’s treatment of HA dusters? (Choose two)
A. FortiAnalyzer distinguishes different devices by their serial number.
B. FortiAnalyzer receives logs from d devices in a duster.
C. FortiAnalyzer receives bgs only from the primary device in the cluster.
D. FortiAnalyzer only needs to know (the serial number of the primary device in the cluster), it automatically discovers the other devices.
Answer: A, B
Question: 16
If RAID is not supported, what are other types of backup mechanisms (i.e. methods to preserve your log data in the event of disk failure, deletion, or corruption? (Choose three)
A. Log backup via web-based manager or CLI.
B. Forwarding logs to the syslog server.
C. Upload logs to an FTP, SFTP, or SCP server.
D. Records file.
E. Enabling Full Archiving.
Answer: A, B, C
Question: 17
Which statement correctly names the administrative domain modes supported in FortiManager?
A. Normal and Analyzer
B. Backup and Analyzer
C. Normal, Backup and Collector
D. Normal and backup,
Answer: D
Question: 18
What tabs are available in the FortiManger web-based manager? (Choose two)
A.Device Manager
B. Policy and Objects
C.FortiGate
D. Database
Answer: A, B
Question: 19
What are the FortiAnalyzer modes of operation? (Choose two)
A.Independent
B Manager
C.Analyzer
D. Collector
Answer: C, D
Question: 20
What are the three different methods you can use to send event notifications when an event occurs that matches a configured event handler that matches a configured event handler?
A. Email
B.SMS
c.SNMP
SUN
E. Syslog
Answer: A, C, E
Question: 21
What is ‘hot swapping’?
A. Hot swapping means administrators can limit FortiAnalyzer to writing to all hard drives to make the array fault tolerant.
B. Hot-swapping means administrators can replace a failed drive in software RAID-enabled devices while the device is still running.
C. Hot-swapping means administrators can ensure that a redundant drive’s parity data is valid while the device is still running.
D. Hot swapping means administrators can replace a predestined d* on devices that support hardware RAID while the device is still running.
Answer: D
Question: 22
Check out the presentation. What does the clock icon next to the Application and Bandwidth Report indicate?
A. It is a custom report.
B. It is a report delivered from a different FortiAnalyzer appliance or a different (but compatible) ADOM.
C. It is the process of generating.
D. It is a scheduled report.
Answer: D
