Refer to the exhibit.

You created a custom health-check for your FortiWeb deployment. Given the output shown in the exhibit, which statement is true?

A. The FortiWeb must receive an RST packet from the server.

B. The FortiWeb must receive an HTTP 200 response code from the server.

C. The FortiWeb must match the hash value of the page index.html.

D. The FortiWeb must receive an ICMP Echo Request from the server.

Refer to the exhibit.

A VPN IPsec is connecting the headquarters office (HQ) with a branch office (BO). OSPF is used to redistribute routes between the offices. After deployment, a server with IP address 10.10.10.35 located on the DMZ network of the BO FortiGate, was reported unreachable from hosts located on the LAN network of the same FortiGate.

Referring to the exhibit, which statement is true?

A. The ICMP packets are being blocked by an implicit deny policy.

B. A directly connected subnet is being partially superseded by an OSPF redistributed subnet.

C. Enabling NAT on the VPN firewall policy will solve the problem.

D. The incoming access list should have an accept action instead of a deny action to solve the problem.

Refer to the exhibit.

Referring to the firewall polices shown in exhibit, which two statements are true? (Choose two.)

A. The IPv4 policy is allowing security profile groups.

B. The IPv6 traffic for nse8user is filtered using the DNS profile.

C. The IPv4 traffic for nse8user is filtered using the DNS profile.

D. The Web traffic for nse8user is being filtered differently in IPv4 and IPv6.

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.

E-mails can only be accepted if a valid e-mail account exists. Only authenticated users can send e-mails out.

Which two actions will satisfy the requirements? (Choose two.)

A. Configure recipient address verification.

B. Configure inbound recipient policies.

C. Configure outbound recipient policies.

D. Configure access control rules.

A FortiGate is used as a VPN hub for a number of remote spoke VPN units (Group A) spokes using a phase 1 main mode dial-up tunnel and pre-shared keys. You are asked to establish VPN connectivity for a newly acquired organization's sites for which new devices will be provisioned Group B spokes.

Both existing Group A and new Group B spoke units are dynamically addressed through a single public IP Address on the hub. You are asked to ensure that spokes from Group B have different access permissions than the existing VPN spokes units Group A.

Which two solutions meet the requirements for the new spoke group? (Choose two.)

A. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spokes.

B. Implement a new phase 1 dial-up main mode tunnel with certificate authentication.

C. Implement a new phase 1 dial-up main mode tunnel with pre-shared keys and XAuth.

D. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID.