An administrator is designing an ADVPN network for a large enterprise with spokes that have varying numbers of internet links. They want to avoid a high number of routes and peer connections at the hub.
Which method should be used to simplify routing and peer management?

1. A. Deploy a full-mesh VPN topology to eliminate hub dependency.
2. B. Implement static routing over IPsec interfaces for each spoke.
3. C. Use a dynamic routing protocol using loopback interfaces to streamline peers and routes.
4. D. Establish a traditional hub-and-spoke VPN topology with policy routes.

Correct Answer: C

An administrator must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic.
Which SSL inspection setting helps reduce system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?

1. A. Use full SSL inspection to thoroughly inspect encrypted payloads.
2. B. Disable SSL inspection entirely to conserve resources.
3. C. Configure SSL inspection to handle HTTPS traffic efficiently.
4. D. Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.

Correct Answer: D

Refer to the exhibit.
A pre-run CLI template that is used in zero-touch provisioning (ZTP) and low-touch provisioning (LTP) with FortiManager is shown.

The template is not assigned even though the configuration has already been installed on FortiGate.
What is true about this scenario?

1. A. The administrator did not assign the template correctly when adding the model device because pre-CLI templates remain permanently assigned to the firewall
2. B. Pre-run CLI templates are automatically unassigned after their initial installation
3. C. Pre-run CLI templates for ZTP and LTP must be unassigned manually after the first installation to avoid conflicting error objects when importing a policy package
4. D. The administrator must use post-run CLI templates that are designed for ZTP and LTP

Correct Answer: B

Refer to the exhibits. The exhibits show a network topology, a firewall policy, and an SSL/SSH inspection profile configuration.



Why is FortiGate unable to detect HTTPS attacks on firewall policy ID 3 targeting the Linux server?

1. A. The administrator must set the policy to inspection mode to analyze the HTTPS packets as expected.
2. B. The administrator must enable HTTPS in the protocol port mapping of the deep- inspection SSL/SSH inspection profile.
3. C. The administrator must enable SSL inspection of the SSL server and upload the certificate of the Linux server website to the SSL/SSH inspection profile.
4. D. The administrator must enable cipher suites in the SSL/SSH inspection profile to decrypt the message.

Correct Answer: C

An administrator wants to scale the IBGP sessions and optimize the routing table in an IBGP network.
Which parameter should the administrator configure?

1. A. network-import-check
2. B. ibgp-enforce-multihop
3. C. neighbor-group
4. D. route-reflector-client

Correct Answer: D