NEW QUESTION NO: 7
Examine the output of the 'get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?
A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.
B. The TCP session for the BGP connection to 10.200.3.1 is down.
C. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.
D. The local peer has received the BGP prefixed from the remote peer.
Answer: B

NEW QUESTION NO: 8
View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
A. 10.0.1.240
B. 10.0.1.244
C. 10.0.1.242
D. One of the public FortiGuard distribution servers
Answer: D

NEW QUESTION NO: 9
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?
A. diagnose sniffer packet any 'esp'
B. diagnose sniffer packet any 'udp port 500 or udp port 4500'
C. diagnose sniffer packet any 'udp port 500'
D. diagnose sniffer packet any 'udp port 4500'
Answer: A

NEW QUESTION NO: 10
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
A. Policy monitor.
B. Logs.
C. Firewall monitor.
D. Crashlogs.
Answer: B,D

NEW QUESTION NO: 11
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?
A. Group ID.
B. Gratuitous ARPs.
C. Session pickup.
D. Group name.
Answer: A

NEW QUESTION NO: 12
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)
A. In the network on port4, two OSPF routers are down.
B. The local FortiGate has been elected as the OSPF backup designated router.
C. Port4is connected to the OSPF backbone area.
D. The local FortiGate's OSPF router ID is 0.0.0.4
Answer: C,D

NEW QUESTION NO: 13
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3
ipsengine exit log"
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?
A. IPS engine memory consumption has exceeded the model-specific predefined value.
B. There are communication problems between the IPS engine and the management database.
C. All IPS-related features have been disabled in FortiGate's configuration.
D. IPS daemon experienced a crash.
Answer: D

NEW QUESTION NO: 14
What events are recorded in the crashlogs of a ForitGate device? (Choose two.)
A. System entering to and leaving from the proxy conserve mode.
B. Configuration changes.
C. A process crash.
D. Changes in the status of any of the FortiGuard licenses.
Answer: A,C

NEW QUESTION NO: 15
View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?
A. This session is for HA heartbeat traffic.
B. This session cannot be synced with the slave unit.
C. This session is synced with the slave unit.
D. The inspection of this session has been offloaded to the slave unit.
Answer: C

NEW QUESTION NO: 16
Examine the output of the 'diagnose ips anomaly list' command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?
A. Those whose traffic exceeded a threshold of a matching DoS policy.
B. Those whose traffic matches an IPS sensor.
C. Those whose traffic matches a DoS policy.
D. Those whose traffic was detected as an anomaly by an IPS sensor.
Answer: C

NEW QUESTION NO: 17
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?
A. dirty.
B. nds.
C. redir.
D. synced
Answer: D