多选题

The administrator configured the IPsec tunnel VPN1 on a FortiGate device with the parameters shown in exhibit. Based on the configuration, which three conclusions can you draw about the characteristics and requirements of the VPN tunnel? (Choose three.)

A、

The tunnel interface IP address on the spoke side is provided by the hub.

B、

The remote end can be a third-party IPsec device.

C、

The administrator must manually assign the tunnel interface IP address on the hub side

D、

The remote end must support IKEv2.

E、

This configuration allows user-defined overlay IP addresses.

下载APP答题
由4l***i7提供 分享 举报 纠错

相关试题

单选题 ae92b559a9e1e087777bf072ecb2c5e2.png

You use FortiManager to manage the branch devices and configure the SD-WAN template. You have configured direct internet access (DIA) for the IT department users. Now. you must configure secure internet access (SIA) for all local LAN users and have set the firewall policies as shown in the second exhibit. Then, when you use the install wizard to install the configuration and the policy package on the branch devices, FortiManager reports an error as shown in the third exhibit. Which statement describes why FortiManager could not install the configuration on the branches?

A、

You must direct SIA traffic to a VPN tunnel.

B、

You cannot install firewall policies that reference an SD-WAN zone.

C、

You cannot install firewall policies that reference an SD-WAN member.

D、

You cannot install SIA and DIA rules on the same device.

单选题 You configured an SD-WAN rule with the best quality strategy and selected the predefined health check, Default_FortiGuard, to check the link performances against FortiGuard servers. For the quality criteria, you selected Custom-profile-1. Which factors does FortiGate use, and in which order. to determine the link that it should use to steer the traffic?

A、

Latency – Member configuration order – Link cost threshold

B、

Links that meet the SLA targets – Member configuration order – Member local cost

C、

Link quality index – Member configuration order – Link cost threshold

D、

Latency – Jitter - Packet loss – Bibandwidth – Member configuration order

单选题 387704afd5493f886c8d82c3c5c7c955.png

You want to configure SD-WAN on a network, as shown in the exhibit. The network contains many FortiGate devices. Some are used as next-generation firewalls (NGFW), and some are installed with extensions such as FortiSwitch, FortiAP, or FortiExtender. Which factors should you consider when planning your deployment?

A、

You can build an SD-WAN topology that includes all devices. The hubs must be devices without extensions

B、

You should build multiple SD-WAN topologies. Each topology should contain only one type of extension

C、

You can build an SD-WAN topology that includes all devices. The hubs can be FortiGate devices with FortiExtender.

D、

You should exclude the FortiGate devices with FortiLink connection from the SD-WAN topology

单选题 9622ea5675e8f29d28434cbf9f2dc7d1.png

Based on the exhibit, which change in the measured latency will first make HUB1-VPN3 the new preferred member?

A、

When HUB1-VPN3 has a lower latency than HUB1-VPN1 and HUB1-VPN2

B、

When HUB1-VPN3 has a latency of 80 ms

C、

When HUB1-VPN3 has a latency of 90 ms

D、

When HUB1-VPN1 has a latency of 200 ms

单选题 9fe73915aa4ac66f694c4c91594f52e4.png

The event log on a FortiGate device is shown. Based on the output shown in the exhibit, what can you conclude about the tunnels on this device? (Choose one answer))

A、

There is one shortcut tunnel built from the master tunnel VPN4.

B、

The voice traffic is steered through the VPN tunnel HUB1-VPN3.

C、

The VPN tunnel HUB1-VPN1_0 is a shortcut tunnel.

D、

The master tunnel HUB2-VPN3 cannot accept Auto-Discovery VPN (ADVPN) shortcuts.

单选题 An SD-WAN member is no longer used to steer SD-WAN traffic. The administrator updated the SD-WAN configuration and deleted the unused member. After the configuration update, users report that some destinations are unreachable. You confirm that the affected flow does not match an SD-WAN rule. What could be a possible cause of the traffic interruption?

A、

FortiGate, with SD-WAN enabled, cannot route traffic through interfaces that are not SD-WAN members.

B、

FortiGate can remove some static routes associated with an interface when the member is removed from SD-WAN.

C、

FortiGate removes the layer 3 settings for interfaces that are removed from the SD-WAN configuration.

D、

FortiGate administratively brings down interfaces when they are removed from the SD-WAN configuration

单选题 110311a8f9d98c5ddd4886429c3a2b60.png

The exhibits show the SD-WAN zone configuration of an SD-WAN template prepared on FortiManager and the policy package configuration. When the administrator tries to install the configuration changes, FortiManager fails to commit. What should the administrator do to fix the issue

A、

Configure branch1_fgt as the installation target for policy 3.

B、

Configure HUB1 as the destination of policy 3.

C、

Configure a normalized interface for the IPsec tunnel HUB1-VPN1.

D、

Configure both HUB1-VPN1 and HUB1-VPN2 as the destination of policy 3

单选题 Which statement describes FortiGate behavior when you reference a zone in a static route?

A、

FoftiGate installs ECMP static routes for the first two members of the zone.

B、

FortiGate ignores the static routes defined through members referenced in the zone.

C、

FortiGate routes the traffic through the best performing member of the zone.

D、

FortiGate installs a static route for each member in the zone.