×
Detail Form
We will send your result on your email id and phone no. please fill detail
1.
An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings. Which of the following statements are correct regarding the IPSec VPN configuration?
2.
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)
3.
What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels?
4.
A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office. The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers. What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?
5.
A FortiClient fails to establish a VPN tunnel with a FortiGate unit.
The following information is displayed in the FortiGate unit logs:
msg=Initiator: sent 192.168.11.101 main mode message #1 (OK)
msg=Initiator: sent 192.168.11.101 main mode message #2 (OK)
msg=Initiator: sent 192.168.11.101 main mode message #3 (OK)
msg=Initiator: parsed 192.168.11.101 main mode message #3 (DONE)
msg=Initiator: sent 192.168.11.101 quick mode message #1 (OK)
msg=Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa
msg=Initiator: sent 192.168.11.101 quick mode message #2 (DONE)
msg=Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5
msg=Failed to acquire an IP address
Which of the following statements is a possible cause for the failure to establish the VPN tunnel?
The following information is displayed in the FortiGate unit logs:
msg=Initiator: sent 192.168.11.101 main mode message #1 (OK)
msg=Initiator: sent 192.168.11.101 main mode message #2 (OK)
msg=Initiator: sent 192.168.11.101 main mode message #3 (OK)
msg=Initiator: parsed 192.168.11.101 main mode message #3 (DONE)
msg=Initiator: sent 192.168.11.101 quick mode message #1 (OK)
msg=Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa
msg=Initiator: sent 192.168.11.101 quick mode message #2 (DONE)
msg=Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5
msg=Failed to acquire an IP address
Which of the following statements is a possible cause for the failure to establish the VPN tunnel?
6.
An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121. Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message. Which of the following statements represents the best solution to this problem?
7.
Which of the following Session TTL values will take precedence?
8.
Which of the following items is NOT a packet characteristic matched by a firewall service object?
9.
When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions?
10.
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the DOS prompt on the PC and from
the CLI.
== [ internal ]
namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forwarD. disable typE. physical mtu-overridE. disable
== [ vlan1 ]
namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=274 msg=vd-root received a packet(proto=6, 10.0.1.130:47927->10.0.1.1:443) from internal.
id=20085 trace_id=274 msg=allocate a new session-00000b1b
id=20085 trace_id=274 msg=find SNAT: IP-10.0.1.1, port-43798
id=20085 trace_id=274 msg=iprope_in_check() check failed, drop
Based on the output from these commands, which of the following s is a possible cause of the problem?
The following troubleshooting commands are executed from the DOS prompt on the PC and from
the CLI.
C:\>ping 10.0.1.1
Pinging 10.0.1.1 with 32 bytes of data:
Reply from 10.0.1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
user1 # get system interfacePinging 10.0.1.1 with 32 bytes of data:
Reply from 10.0.1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
== [ internal ]
namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forwarD. disable typE. physical mtu-overridE. disable
== [ vlan1 ]
namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=274 msg=vd-root received a packet(proto=6, 10.0.1.130:47927->10.0.1.1:443) from internal.
id=20085 trace_id=274 msg=allocate a new session-00000b1b
id=20085 trace_id=274 msg=find SNAT: IP-10.0.1.1, port-43798
id=20085 trace_id=274 msg=iprope_in_check() check failed, drop
Based on the output from these commands, which of the following s is a possible cause of the problem?