- Email support@dumps4free.com
Refer to the exhibit, which shows a network diagram.
Which IPsec phase 2 configuration should you impalement so that only one remote site is connected at any time?
A. Set route-overlap to allow.
B. Set single-source to enable
C. Set route-overlap to either use—new or use-old
D. Set net-device to enable
Refer to the exhibit, which shows an error in system fortiguard configuration.
What is the reason you cannot set the protocol to udp in config system fortiguard?
A. udp is not a protocol option.
B. fortiguard-anycast is set to enable. Most Voted.
C. You do not have the corresponding write access.
D. FortiManager provides FortiGuard.
Which two statements about the neighbor-group command are true? (Choose two.)
A. It applies common settings in an OSPF area
B. You can apply it in Internal BGP (IBGP) and External BGP (EBGP)
C. You can configure it on the GUI
D. It is combined with the neighbor-range parameter
Which two statements about IKE version 2 fragmentation are true? (Choose two.)
A. Only some IKE version 2 packets are considered fragmentable
B. The reassembly timeout default value is 30 seconds
C. It is performed at the IP layer
D. The maximum number of IKE version 2 fragments is 128
Which statement about network processor (NP) offloading is true?
A. For TCP traffic FortiGate CPU offloads the first packets of SYN/ACK and ACK of the three-way handshake to NP
B. The NP provides IPS signature matching
C. You can disable the NP for each firewall policy using the command np-acceleration st to loose.
D. The NP checks the session key or IPSec SA
Explanation:
Network processors (NPs) are specialized hardware within FortiGate devices that accelerate certain security functions. One of the primary functions of NPs is to provide IPS signature matching (B), allowing for high-speed inspection of traffic against a database of known threat signatures.
| Page 1 out of 6 Pages |