Q18. An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.
Which statement about this setting is true?

Q19. Examine the output from the ‘diagnose debug authd fsso list’ command; then answer the question below.
diagnose debug authd fsso list -FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

Q20. An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP.
The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

Q21. View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn’t the tunnel come up?

Q22. Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?

Q23. Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

Q24. Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id=”xxxxxxx”
log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg=”NAT port is exhausted.”
What does the log mean?

Q25. Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

Q26. Examine the output of the ‘diagnose debug rating’ command shown in the exhibit; then answer the question below.

Which statement are true regarding the output in the exhibit? (Choose two.)

Q27. View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.

The administrator does not have access to the remote gateway.
Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

Q28. View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

Q29. An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2
What information is included in the output of the sniffer? (Choose two.)

Q30. View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

Q31. Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

Q32. Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

Q33. What is the diagnose test application ipsmonitor 99 command used for?