Refer to the exhibit, which shows a revision history window in the FortiManager device layer.

The IT team is trying to identify the administrator responsible for the most recent update in the FortiGate device database.
Which conclusion can you draw about this scenario?

1. A. This retrieved process was automatically triggered by a Remote FortiGate Directly (via CLI) script.
2. B. The user script_manager is an API user from the Fortinet Developer Network (FDN) retrieving a configuration.
3. C. To identify the user who created the event, check it on the Configuration and Installation widget on FortiGate within the FortiManager device layer.
4. D. Find the user in the FortiManager system logs and use the type=script command to find the administrator user in the user field.

Correct Answer: D
TheConfiguration Revision Historywindow inFortiManagershows that the most recent configuration change (ID 10) was created byscript_managerwith the actionRetrieved.
Sincescript_manageris a system-level script execution user, the IT team needs to find who actually triggered this script. This can be done by:
Checking theFortiManager system logsforscript execution events.
Using thetype=scriptfilter to locate the administrator associated with the script execution.

An administrator is designing an ADVPN network for a large enterprise with spokes that have varying numbers of internet links. They want to avoid a high number of routes and peer connections at the hub.
Which method should be used to simplify routing and peer management?

1. A. Deploy a full-mesh VPN topology to eliminate hub dependency.
2. B. Implement static routing over IPsec interfaces for each spoke.
3. C. Use a dynamic routing protocol using loopback interfaces to streamline peers and routes.
4. D. Establish a traditional hub-and-spoke VPN topology with policy routes.

Correct Answer: C
When designing anADVPN (Auto-Discovery VPN) networkfor alarge enterprisewith spokes that havevarying numbers of internet links, the main challenge is tominimize the number of peer connections and routesat the hub while maintainingscalability and efficiency.
Using a dynamic routing protocol (such as BGP or OSPF) with loopback interfaces helps in several ways:
Reduces the number of peer connectionsat the hub byusing a single loopback address per spokeinstead of individual physical interfaces.
Enables simplified route advertisementby dynamically learning and propagating routes instead of manually configuring static routes.
Supports multiple internet links per spokeefficiently, as dynamic routing can automatically adjust to the best available path.
Allows seamless failoverif a spoke??s internet link fails, ensuring continuous connectivity.

A FortiGate device with UTM profiles is reaching the resource limits, and the administrator expects the traffic in the enterprise network to increase.
The administrator has received an additional FortiGate of the same model.
Which two protocols should the administrator use to integrate the additional FortiGate device into this enterprise network? (Choose two.)

1. A. FGSP with external load balancers
2. B. FGCP in active-active mode and with switches
3. C. FGCP in active-passive mode and with VDOM disabled
4. D. VRRP with switches

Correct Answer: AB
Whenadding an additional FortiGateto an enterprise network that is already reaching itsresource limits, the goal is to distribute traffic efficiently and ensurehigh availability.
FGSP (FortiGate Session Life Support Protocol) with external load balancers
FGSP allowssession-aware load balancingbetween multiple FortiGate units without
requiring them to be in an HA (High Availability) cluster.
Withexternal load balancers, incoming traffic isevenly distributedacross multiple FortiGate devices.
This approach is useful forscaling outtraffic handling capacity while ensuring that sessions remainsynchronizedbetween firewalls.
FGSP is effectivewhen stateful failover is requiredbut without the constraints of traditional HA.
FGCP (FortiGate Clustering Protocol) in active-active mode and with switches FGCPactive-active modeenables multiple FortiGate devices toshare traffic loads,
increasing throughput and efficiency.
Active-active mode is suitable forbalancing UTM processingacross multiple FortiGates, making it ideal whenresource limits are a concern.
Usingswitchesensures redundancy and avoids single points of failure in the network.
This mode is commonly used inenterprise networkswhere bothscalability and redundancyare required.

An administrator is checking an enterprise network and sees a suspicious packet with the MAC address e0:23:ff:fc:00:86.
What two conclusions can the administrator draw? (Choose two.)

1. A. The suspicious packet is related to a cluster that has VDOMs enabled.
2. B. The network includes FortiGate devices configured with the FGSP protocol.
3. C. The suspicious packet is related to a cluster with a group-id value lower than 255.
4. D. The suspicious packet corresponds to port 7 on a FortiGate device.

Correct Answer: AC
The MAC addresse0:23:ff:fc:00:86follows the format used in FortiGate High Availability (HA) clusters. When FortiGate devices are in an HA configuration, they use virtual MAC addresses for failover and redundancy purposes.
The suspicious packet is related to a cluster that has VDOMs enabled:FortiGate devices with Virtual Domains (VDOMs)enabled use specific MAC address ranges to differentiate HA-related traffic. This MAC address is likely part of that mechanism.
The suspicious packet is related to a cluster with a group-id value lower than 255: FortiGate HA clusters assign virtual MAC addresses based on thegroup ID. The last octet (00:86) corresponds to agroup IDthat isbelow 255, confirming this option.

Refer to the exhibits.



with FortiGate interfaces set to an MTU of1000bytes, and the results of PC1 pinging
server172.16.0.254are shown.
Why is the user in Windows PC1 unable to ping server172.16.0.254and is seeing the message:Packet needs to be fragmented but DF set?

1. A. Option ip.flags.mf must be set to enable on FortiGat
2. B. The user has to adjust the ping MTU to 1000 to succeed.
3. C. Fragmented packets must be encrypte
4. D. To connect any application successfully, the user must install the Fortinet_CA certificate in the Microsoft Management Console.
5. E. FortiGate honors the do not fragment bit and the packets are droppe
6. F. The user has to adjust the ping MTU to 972 to succeed.
7. G. The user must trigger different traffic because path MTU discovery techniques do not recognize ICMP payloads.

Correct Answer: C
The issue occurs because FortiGate enforces the "do not fragment" (DF) bit in the packet, and the packet size exceeds the MTU of the network path. When the Windows PC1 (with an MTU of 1500 bytes) attempts to send a 1400-byte packet, the FortiGate interface (with an MTU of 1000 bytes) needs to fragment it. However, since the DF bit is set, FortiGate drops the packet instead of fragmenting it.
To resolve this, the user should adjust the ping packet size to fit within the path MTU. In this case, reducing the packet size to972 bytes(1000 bytes MTU minus 28 bytes for the IP and ICMP headers) should allow successful transmission.