Your client wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUL and provide different levels of access for different types of employees.

Which three actions required providing the requested functionality? (Choose three.)

A. Enable radius-vdom-override in the CLI.

B. Create a wildcard administrator on the FortGate

C. Enable occprofile-override in the CLI.

D. Set the RADIUS authencation type to MS-CHApV2.

E. Create multiple administrator profiles with matching RADIUS VSAs.

Exhibit Click the Exhibit button. You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of

member options. Referring to the exhibit, which statement is correct in this situation?

A. The FortiGate model being used does not support LAG.

B. The FortiGate model does not have an Integrated Switch Fabric (ISF).

C. The FortiGate SFP+ slot does not have the correct module.

D. The FortiGate interfaces are defective and require replacement.

You configure an outgoing firewall policy with a web filter for accessing the internet. The access to URL https// itacm.co and web belonging to the same category should be blocked. You notice that the Web server presents a certificate with CN=www acme.com. The www.it.acme site is as '' information Technology and the www.acme.com site is categorized as ''Business".

Which statements is correct in this scenario?

A. Category "information Technology" needs to blocked, the FortiGate is able to inspection the URL with HTTPS sessions.

B. Category "Business" need a to be block: the certificate name takes precedence over the SNI.

C. SSL inspection must be configured to deep-inspection: the category "information Technology "needs to be blocked.

D. Category :information Technology" needs to be blocked, the SNI takes precedence over the certificate name.

Click the exhibit button.

A FortiGate device is configured to authenticate SSL VPN users using digital certificates. Part of the

FortiGate configuration is shown in the exhibit.

Which two statements are true in this scenario? (Choose two.)

A. The authentication will fail if the OCSP server is down.

B. OCSP is used to verify that the user-signed certificate has not expired.

C. The authentication will fail if the certificate does not contain user principle name (UPN) information.

D. The authentication will fail if the user certificate does not contain the CA_Cert string in the Failed.

Exhibit An Administrator reports continuous high CPU utilization on a FortiGate device due to the IPS engine. The exhibit shows the global IPS configuration. Which two configuration actions will reduce the CPU usage? (Choose two.)

A. Disable fail open.

B. Enable intelligent mode.

C. Change the algorithm to low.

D. Reduce the number of packets logged.