FortiGate MCQs

FortiGate MCQs

These FortiGate multiple-choice questions and their answers will help you strengthen your grip on the subject of FortiGate. You can prepare for an upcoming exam or job interview with these FortiGate MCQs.
So scroll down and start answering.

1: Which of the following predefined dissector signature have configurable parameter?

A.   Http header

B.   IM

C.   Rcp decoder

D.   All of the above

2: When creating a protection profile with configuring antivirus scanning , we can disabling passing of fragment emails for ?


B.   FTP



E.   All of these

3: What port does Fortigate unit use to filtering web url in transparent mode ?

A.   8888

B.   8887

C.   8886

D.   8885

4: Which of the following statement is true about NAT/Route mode FortiGate unit?

A.   The FortiGate Unit used to apply firewall policies and services to traffic on a network without having to make any change to the network

B.   DMZ/HA is the interface to the DMZ network , DMZ/HA can also be connected to other FortiGate units if you are installing an HA cluster

C.   Internal is the interface to the internal network

D.   External is the interface to the external network(usually the internet)

5: What is the default ip address of FortiGate unit? (choose two)

A.   Internal

B.   External

C.   Internal

D.   External

6: What is the valid method to fixup Fortigate interface speed&duplex?

A.   Via web GUI

B.   Via CLI

C.   Via auto update

D.   Via foritlog

7: What is the default protection profile ?

A.   Strict

B.   Scan

C.   Web

D.   All of the above

8: Which of the following can be unused method to provide user authentication on a FortiGate?

A.   Radius Server

B.   LDAP Directory

C.   Local User Database

D.   Kerberos Server

9: Which port would need to be opened to allow SMTP using TLS protocol through a firewall?

A.   11

B.   25

C.   27

D.   443

10: Which step must be performed before you can set XAuth to "Enable as Server" in an IPSec VPN configuration?

A.   Purchase an additional license from Fortigate

B.   Select the "Dial-up User" remote gateway type

C.   Create a Firewall Authentication Policy

D.   Load an X.509 CA certificate

11: With HTTP virus scanning enabled on a FortiGate, which commands initiate virus scanning?





12: Which of the following actions are valid for the FortiGate IPS?

A.   Pass

B.   Redirect

C.   Clear

D.   None of the above

13: Which of the following describes a method of creating a policy to block access to an FTP site?

A.   Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list

B.   Create a Firewall Policy with Destination Address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny

C.   Both of the above

D.   None of the above

14: In the HA configuration, what priority value should a FortiGate unit have to ensure that it is selected as a Master in a cluster?

A.   1

B.   255

C.   It doesn't matter, as long as the value is higher than any other unit in the cluster.

D.   It doesn't matter, as long as the value is lower than any other unit in the cluster.

15: Which feature is designed to ensure that a tunnel will remain up in the absence of user data traffic?

A.   IPSec channel redundancy

B.   Dead peer detection

C.   Autokey keep alive

D.   Dead gateway detection