Infrastructure

Question 1

What relies on well-known FortiOS features such as IPSec, auto-discovery VPN, link monitoring, advanced routing, internet service database (ISDB), traffic shaping, UTM inspection, and load balancing.

Answer 1

SD-WAN

Question 2

What is the default operation mode on for the Fortigate

Answer 2

NAT Mode

Question 3

Standard routing table containing connected, static, and dynamic routes

Answer 3

RIB (Routing Information Base) table

Question 4

Routing table from kernel point-of-view, contains RIB and specific system entries

Answer 4

FIB (Forwarding Information Base) table

Question 5

Which route table does the Fortigate perform route lookups from?

Answer 5

FIB

Question 6

“get router info kernel” does what?

Answer 6

CLI command to show the FIB table

Question 7

Subsequent packets are routed according to what?

Answer 7

Session table

Question 8

What is the first tiebreaker that routers use for best route?

Answer 8

Distance or Administrative Distance (AD)

Question 9

If distance is the same on 2 or more dynamic routes, what is used to determine best route?

Answer 9

Metric (lower takes priority)

Question 10

Two or more duplicate static routes with same distance and priority is what?

Answer 10

ECMP (Equal Cost Multi-Path) routes

Question 11

Default priority for static routes?

Answer 11

1

Question 12

What are the 4 algorithms for ECMP

Answer 12

1) Source IP (default)
2) Source-Destination IP
3) Weighted
4) Usage (Spillover)

Question 13

Reducing costs by steering more traffic over low-cost fast internet links rather than high-cost slow private links

Answer 13

Hybrid WAN

Question 14

Most common use case for SD-WAN?

Answer 14

Direct Internet Access (DIA) or local breakout

Question 15

SD-WAN steering rules are based on what?

Answer 15

Matching traffic criteria, Performance, and Preference

Question 16

Where in the order does SD-WAN routes get processed?

Answer 16

Before FIB (routing table)

Question 17

What is replaced with load-balance-mode when SD-WAN is enabled?

Answer 17

v4-ecmp-mode

Question 18

What is the default ECMP algorithm on Fortigate

Answer 18

Source IP

Question 19

How does Fortigate load balance traffic when using the spillover algorithm in ECMP routing?

Answer 19

Session are distributed based on interface thresholds

Question 20

What is the mechanism that protects Fortigate and the network from IP spoofing attacked by checking for a return path to the source in the route table?

Answer 20

Return Path Forwarding (RPF)

Question 21

What are the two types of RPF?

Answer 21

Feasible Path and Strict

Question 22

What does strict RPF do that Feasible Path RPF doesn’t?

Answer 22

Verifies that the matching source address and interface matches the best route

Question 23

What satisfies the default RPF check?

Answer 23

Routing table has a route fro the source IP of the packet through the incoming interface

Question 24

Static routes are kept in the routing table unless:

Answer 24

associated interface is admin down, OR the link goes down, OR a duplicate route with a lower distance is present

Question 25

Enables the Fortigate to detect dead links what the failure is beyond the local connection

Answer 25

Link Health Monitor

Question 26

Default number of failed and successful probes to change the status with Link Health Monitor

Answer 26

5

Question 27

Most accurate Link Health Monitor Protocol?

Answer 27

TWAMP (Two-Way Active Measurement Protocol)

Question 28

Most deployed Link Health Monitor protocol?

Answer 28

PING

Question 29

What are the 5 options for Link Health Montior Protocols

Answer 29

Ping, TCP Echo, UDP Echo, TWAMP, and HTTP

Question 30

What mechanism on the Fortigate brings down the alert interface after the monitoring interface is detected dead

Answer 30

Update cascade interface

Question 31

When using link health monitoring, which route attribute can you configure to achieve route failover protection?

Answer 31

Distance

Question 32

Command to show the active routes on CLI

Answer 32

get router info routing-table all

Question 33

Command to show all active and in-active routes on CLI

Answer 33

get router info routing-table database

Question 34

CLI command to show policy routes

Answer 34

diagnose firewall proute list

Question 35

What are the ID values for the 3 types of policy routes?

Answer 35

1) Regular Policy Routes - <= 65535
2) ISDB Routes - > 65535 + has the vwl_service attribute
3) SD-WAN Routes - > 65535

Question 36

CLI command for packet sniffer

Answer 36

diagnose sniffer packet <interface> <"filters"></interface>

Question 37

What filter syntax does the packet sniffer use?

Answer 37

Berkeley Packet Filter (BPF)

Question 38

Most commonly used verbosity levels for packet sniffer

Answer 38

4, 3, 6

Question 39

What is the distance value for the following route?

“10.200.2.0/24 [100/2] via 10.200.2.254, [25/0]”

Answer 39

110

Question 40

Firewall configuration that allows for multiple logical devices and divides one security domain into multiple security domains?

Answer 40

VDOMs

Question 41

What are the two types of VDOMs?

Answer 41

Admin and Traffic

Question 42

Which traffic is always generated from the management VDOM?

Answer 42

Fortiguard

Question 43

What accounts can configure and backup all VDOMs?

Answer 43

Admin account and accounts assigned the Super_admin user profile

Question 44

What is the traditional NGFW mode where UTM profiles are applied to each policy?

Answer 44

Profile based

Question 45

What is the new NGFW mode where you add applications and web-filtering categories directly to a policy without creating a profile?

Answer 45

Policy-Based

Question 46

What are the Global settings in a multi-VDOM Fortigate?

Answer 46

Hostname, HA settings, Fortiguard, System time, and Admin accounts

Question 47

True/False: You can create global profiles for AV, Application Control, IPS, and Webfilter?

Answer 47

True

Question 48

What is the virtual link that routes between VDOMs?

Answer 48

Inter-VDOM links

Question 49

Which troubleshooting tool is most suitable when trying to verify the firewall policy used by an inter-VDOM link?

Answer 49

Packet Flow Trace

Question 50

Which FSSO deployment mode does not require a collector agent?

Answer 50

Polling Mode

Question 51

In FSSO, Fortigate allows network access based on what?

Answer 51

Passive user ID, IP address, and Group Membership

Question 52

How do you fix a double DNS issue with FSSO collector agent?

Answer 52

Configure the following registry key on the DC:
“donot_resolve = (Dword) 1”
Location = HKLM/Software/Fortinet/FSAE/dcagent

Question 53

What does the collector agent send?

Answer 53

Username, Hostname, IP address, User Groups

Question 54

What port does the FSSO collector agent use to communicate with the Foritgate?

Answer 54

TCP/8000

Question 55

What protocol does the FSSO collector agent use to communicate with the domain controller?

Answer 55

SMB (TCP/445)

Question 56

What are the 3 methods for Polling Mode Collector Agent for collecting login info?

Answer 56

WMI, WinSecLog, and NetAPI

Question 57

What two windows security log events that FSSO Agentless Polling use?

Answer 57

4768 and 4769

Question 58

If you have collector agents using either the DC agent mode or the collector agent-based polling mode, which fabric connector should you select on the Fortigate?

Answer 58

Fortinet Single Sign-On Agent

Question 59

Which naming conventions does the FSSO collector agent use to access the Windows AD in Standard access mode?

Answer 59

Windows convention - NetBios: Domain\groups

Question 60

What CLI command do you run to display the list of FSSO users that are currently logged in?

Answer 60

diagnose debug authd fsso list

Question 61

CLI command to manually refresh user group information from any directory service servers connected to the FortiGate

Answer 61

execute fsso refresh

Question 62

Show status of communication between Fortigate and each collector agent

Answer 62

diagnose debug authd fsso server-status

Requires the use of “diag debug enable”

Question 63

The command diagnose debug fsso-polling detail displays information for which mode of FSSO?

Answer 63

Agentless polling

Question 64

An access control method that uses client device identification, authentication, and zero-trust tags to provide role-based application access

Answer 64

ZTNA

Question 65

ZTNA has two modes:

Answer 65

ZTNA access proxy and IP/MAC filtering

Question 66

What information does FortiClient provide to the FortiClient EMS when it registers?

Answer 66

• Device Info (network details, os, model, etc.)
• Logged in user info
• Security posture (on-fabric and off-fabric, antivirus, vulnerability status, etc.)

Question 67

What does the FortClient request on its first attempt to connect to the access proxy (ForiClient EMS)?

Answer 67

client device certificate from the EMS ZTNA CA.

Question 68

What is required to make FortiClient work for ZTNA?

Answer 68

FortiClient EMS

Question 69

When the endpoint network changes or a user login and logout events occur, what happens?

Answer 69

The ForitClient triggers an X-FFCK-TAG message to the EMS even if there are no tag changes.

Question 70

What is the default ZTNA CA that FortiClient EMS uses?

Answer 70

default_ZTNARootCA

Question 71

What CLI command do you use to verify the client UID and certificate SN for a matching endpoint record on the FortiGate?

Answer 71

diagnose endpoint record list

Question 72

What happens to the certificate when the endpoint disconnects or is unregistered from the ForitClient EMS?

Answer 72

The client certificate is removed from the certificate store and revokes on FortiClient EMS. The endpoint obtains a certificate again when it reconnects to EMS.

Question 73

If the client cancels and responds with an empty client certificate, what has to be set in order to allow the client to continue with ZTNA proxy rule processing?

Answer 73

empty-cert-action accept