Infrastructure Flashcards

1
Q

What relies on well-known FortiOS features such as IPSec, auto-discovery VPN, link monitoring, advanced routing, internet service database (ISDB), traffic shaping, UTM inspection, and load balancing.

A

SD-WAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the default operation mode on for the Fortigate

A

NAT Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Standard routing table containing connected, static, and dynamic routes

A

RIB (Routing Information Base) table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Routing table from kernel point-of-view, contains RIB and specific system entries

A

FIB (Forwarding Information Base) table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which route table does the Fortigate perform route lookups from?

A

FIB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

“get router info kernel” does what?

A

CLI command to show the FIB table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Subsequent packets are routed according to what?

A

Session table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the first tiebreaker that routers use for best route?

A

Distance or Administrative Distance (AD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If distance is the same on 2 or more dynamic routes, what is used to determine best route?

A

Metric (lower takes priority)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Two or more duplicate static routes with same distance and priority is what?

A

ECMP (Equal Cost Multi-Path) routes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Default priority for static routes?

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 4 algorithms for ECMP

A

1) Source IP (default)
2) Source-Destination IP
3) Weighted
4) Usage (Spillover)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Reducing costs by steering more traffic over low-cost fast internet links rather than high-cost slow private links

A

Hybrid WAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Most common use case for SD-WAN?

A

Direct Internet Access (DIA) or local breakout

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SD-WAN steering rules are based on what?

A

Matching traffic criteria, Performance, and Preference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Where in the order does SD-WAN routes get processed?

A

Before FIB (routing table)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is replaced with load-balance-mode when SD-WAN is enabled?

A

v4-ecmp-mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the default ECMP algorithm on Fortigate

A

Source IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How does Fortigate load balance traffic when using the spillover algorithm in ECMP routing?

A

Session are distributed based on interface thresholds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the mechanism that protects Fortigate and the network from IP spoofing attacked by checking for a return path to the source in the route table?

A

Return Path Forwarding (RPF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the two types of RPF?

A

Feasible Path and Strict

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does strict RPF do that Feasible Path RPF doesn’t?

A

Verifies that the matching source address and interface matches the best route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What satisfies the default RPF check?

A

Routing table has a route fro the source IP of the packet through the incoming interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Static routes are kept in the routing table unless:

A

associated interface is admin down, OR the link goes down, OR a duplicate route with a lower distance is present

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Enables the Fortigate to detect dead links what the failure is beyond the local connection

A

Link Health Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Default number of failed and successful probes to change the status with Link Health Monitor

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Most accurate Link Health Monitor Protocol?

A

TWAMP (Two-Way Active Measurement Protocol)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Most deployed Link Health Monitor protocol?

A

PING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the 5 options for Link Health Montior Protocols

A

Ping, TCP Echo, UDP Echo, TWAMP, and HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What mechanism on the Fortigate brings down the alert interface after the monitoring interface is detected dead

A

Update cascade interface

31
Q

When using link health monitoring, which route attribute can you configure to achieve route failover protection?

A

Distance

32
Q

Command to show the active routes on CLI

A

get router info routing-table all

33
Q

Command to show all active and in-active routes on CLI

A

get router info routing-table database

34
Q

CLI command to show policy routes

A

diagnose firewall proute list

35
Q

What are the ID values for the 3 types of policy routes?

A

1) Regular Policy Routes - <= 65535
2) ISDB Routes - > 65535 + has the vwl_service attribute
3) SD-WAN Routes - > 65535

36
Q

CLI command for packet sniffer

A

diagnose sniffer packet <interface> <"filters"></interface>

37
Q

What filter syntax does the packet sniffer use?

A

Berkeley Packet Filter (BPF)

38
Q

Most commonly used verbosity levels for packet sniffer

A

4, 3, 6

39
Q

What is the distance value for the following route?

“10.200.2.0/24 [100/2] via 10.200.2.254, [25/0]”

A

110

40
Q

Firewall configuration that allows for multiple logical devices and divides one security domain into multiple security domains?

A

VDOMs

41
Q

What are the two types of VDOMs?

A

Admin and Traffic

42
Q

Which traffic is always generated from the management VDOM?

A

Fortiguard

43
Q

What accounts can configure and backup all VDOMs?

A

Admin account and accounts assigned the Super_admin user profile

44
Q

What is the traditional NGFW mode where UTM profiles are applied to each policy?

A

Profile based

45
Q

What is the new NGFW mode where you add applications and web-filtering categories directly to a policy without creating a profile?

A

Policy-Based

46
Q

What are the Global settings in a multi-VDOM Fortigate?

A

Hostname, HA settings, Fortiguard, System time, and Admin accounts

47
Q

True/False: You can create global profiles for AV, Application Control, IPS, and Webfilter?

A

True

48
Q

What is the virtual link that routes between VDOMs?

A

Inter-VDOM links

49
Q

Which troubleshooting tool is most suitable when trying to verify the firewall policy used by an inter-VDOM link?

A

Packet Flow Trace

50
Q

Which FSSO deployment mode does not require a collector agent?

A

Polling Mode

51
Q

In FSSO, Fortigate allows network access based on what?

A

Passive user ID, IP address, and Group Membership

52
Q

How do you fix a double DNS issue with FSSO collector agent?

A

Configure the following registry key on the DC:
“donot_resolve = (Dword) 1”
Location = HKLM/Software/Fortinet/FSAE/dcagent

53
Q

What does the collector agent send?

A

Username, Hostname, IP address, User Groups

54
Q

What port does the FSSO collector agent use to communicate with the Foritgate?

A

TCP/8000

55
Q

What protocol does the FSSO collector agent use to communicate with the domain controller?

A

SMB (TCP/445)

56
Q

What are the 3 methods for Polling Mode Collector Agent for collecting login info?

A

WMI, WinSecLog, and NetAPI

57
Q

What two windows security log events that FSSO Agentless Polling use?

A

4768 and 4769

58
Q

If you have collector agents using either the DC agent mode or the collector agent-based polling mode, which fabric connector should you select on the Fortigate?

A

Fortinet Single Sign-On Agent

59
Q

Which naming conventions does the FSSO collector agent use to access the Windows AD in Standard access mode?

A

Windows convention - NetBios: Domain\groups

60
Q

What CLI command do you run to display the list of FSSO users that are currently logged in?

A

diagnose debug authd fsso list

61
Q

CLI command to manually refresh user group information from any directory service servers connected to the FortiGate

A

execute fsso refresh

62
Q

Show status of communication between Fortigate and each collector agent

A

diagnose debug authd fsso server-status

Requires the use of “diag debug enable”

63
Q

The command diagnose debug fsso-polling detail displays information for which mode of FSSO?

A

Agentless polling

64
Q

An access control method that uses client device identification, authentication, and zero-trust tags to provide role-based application access

A

ZTNA

65
Q

ZTNA has two modes:

A

ZTNA access proxy and IP/MAC filtering

66
Q

What information does FortiClient provide to the FortiClient EMS when it registers?

A
  • Device Info (network details, os, model, etc.)
  • Logged in user info
  • Security posture (on-fabric and off-fabric, antivirus, vulnerability status, etc.)
67
Q

What does the FortClient request on its first attempt to connect to the access proxy (ForiClient EMS)?

A

client device certificate from the EMS ZTNA CA.

68
Q

What is required to make FortiClient work for ZTNA?

A

FortiClient EMS

69
Q

When the endpoint network changes or a user login and logout events occur, what happens?

A

The ForitClient triggers an X-FFCK-TAG message to the EMS even if there are no tag changes.

70
Q

What is the default ZTNA CA that FortiClient EMS uses?

A

default_ZTNARootCA

71
Q

What CLI command do you use to verify the client UID and certificate SN for a matching endpoint record on the FortiGate?

A

diagnose endpoint record list

72
Q

What happens to the certificate when the endpoint disconnects or is unregistered from the ForitClient EMS?

A

The client certificate is removed from the certificate store and revokes on FortiClient EMS. The endpoint obtains a certificate again when it reconnects to EMS.

73
Q

If the client cancels and responds with an empty client certificate, what has to be set in order to allow the client to continue with ZTNA proxy rule processing?

A

empty-cert-action accept

74
Q
A