Refer to the exhibit, which shows a revision history window in the FortiManager device layer.

The IT team is trying to identify the administrator responsible for the most recent update in the FortiGate device database.
Which conclusion can you draw about this scenario?

1. A. This retrieved process was automatically triggered by a Remote FortiGate Directly (via CLI) script.
2. B. The user script_manager is an API user from the Fortinet Developer Network (FDN) retrieving a configuration.
3. C. To identify the user who created the event, check it on the Configuration and Installation widget on FortiGate within the FortiManager device layer.
4. D. Find the user in the FortiManager system logs and use the type=script command to find the administrator user in the user field.

Correct Answer: D

An administrator received a FortiAnalyzer alert that a 1 disk filled up in a day. Upon investigation, they found thousands of unusual DNS log requests, such as JHCMQK.website.com, with no answers. They later discovered that DNS exfiltration was occurring through both UDP and TLS.
How can the administrator prevent this data theft technique?

1. A. Create an inline-CASB to protect against DNS exfiltration.
2. B. Configure a File Filter profile to prevent DNS exfiltration.
3. C. Enable DNS Filter to protect against DNS exfiltration.
4. D. Use an IPS profile and DNS exfiltration-related signatures.

Correct Answer: D

A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?

1. A. The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
2. B. The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
3. C. The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
4. D. The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Correct Answer: D

An administrator configured the FortiGate devices in an enterprise network to join the Fortinet Security Fabric. The administrator has a list of IP addresses that must be blocked by the data center firewall. This list is updated daily.
How can the administrator automate a firewall policy with the daily updated list?

1. A. With FortiNAC
2. B. With FortiAnalyzer
3. C. With a Security Fabric automation
4. D. With an external connector from Threat Feeds

Correct Answer: D

A company that acquired multiple branches across different countries needs to install new FortiGate devices on each of those branches. However, the IT staff lacks sufficient knowledge to implement the initial configuration on the FortiGate devices.
Which three approaches can the company take to successfully deploy advanced initial configurations on remote branches? (Choose three.)

1. A. Use metadata variables to dynamically assign values according to each FortiGate device.
2. B. Use provisioning templates and install configuration settings at the device layer.
3. C. Use the Global ADOM to deploy global object configurations to each FortiGate device.
4. D. Apply Jinja in the FortiManager scripts for large-scale and advanced deployments.
5. E. Add FortiGate devices on FortiManager as model devices, and use ZTP or LTP to connect to FortiGate devices.

Correct Answer: ABE