Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

1. A. Source defined as Internet Services in the firewall policy.
2. B. Destination defined as Internet Services in the firewall policy.
3. C. Highest to lowest priority defined in the firewall policy.
4. D. Services defined in the firewall policy.
5. E. Lowest to highest policy ID number.

Correct Answer: ABD
When a packet arrives, how does FortiGate find a matching policy? Each policy has match criteria, which you can define using the following objects:
• Incoming Interface
• Outgoing Interface
• Source: IP address, user, internet services
• Destination: IP address or internet services
• Service: IP protocol and port number
• Schedule: Applies during configured times

A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be
downloaded.
What is the reason for the failed virus detection by FortiGate?

1. A. The website is exempted from SSL inspection.
2. B. The EICAR test file exceeds the protocol options oversize limit.
3. C. The selected SSL inspection profile has certificate inspection enabled.
4. D. The browser does not trust the FortiGate self-signed CA certificate.

Correct Answer: AC
SSL Inspection Profile, on the Inspection method there are 2 options to choose from, SSL Certificate Inspection or Full SSL Inspection. FG SEC 7.2 Studi Guide: Full SSL Inspection level is the only choice that allows antivirus to be effective.

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

1. A. By default, all interfaces are part of the same broadcast domain.
2. B. The existing network IP schema must be changed when installing a transparent mode.
3. C. Static routes are required to allow traffic to the next hop.
4. D. FortiGate forwards frames without changing the MAC address.

Correct Answer: AD

Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24.


If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

1. A. 10.0.1.254, 10.0.1.10, and 443, respectively
2. B. 10.0.1.254, 10.200.1.10, and 443, respectively
3. C. 10.200.3.1, 10.0.1.10, and 443, respectively
4. D. 10.0.1.254, 10.0.1.10, and 10443, respectively

Correct Answer: C
The host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, which is the external IP address of the VIP object named VIP in Exhibit B1. The VIP object maps the external IP address and port to the internal IP address and port of the server 10.0.1.10 and 443, respectively1. The VIP object also enables NAT, which means that the source address of the packet will be translated to the IP address of the outgoing interface2.
The firewall policy ID 1 in Exhibit B allows traffic from WAN (port1) to LAN (port3) with the destination address of VIP and the service of HTTPS1. The policy also enables NAT, which means that the source address of the packet will be translated to the IP address of the outgoing interface2.
Therefore, after FortiGate forwards the packet to the destination, the source address, destination address, and destination port of the packet will be 10.200.3.1, 10.0.1.10, and 443, respectively.
You can find more information about VIP objects and firewall policies in the Fortinet Documentation

On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

1. A. System event logs
2. B. Forward traffic logs
3. C. Local traffic logs
4. D. Security logs

Correct Answer: C