FORTISANDBOX Online Practice Questions and Answers

Which is true regarding Microsoft Office on FortiSandbox?

A. Microsoft Word documents (.docx) are not inspected.

B. Office 365 files are not supported.

C. Microsoft Office is not included. You must purchase it separately, then manually install it in the applicable VMs on FortiSandbox.

D. Office 2013 is installed in one of the VMs.

Which protocols can FortiSandbox use to connect to a network file share? (Choose two.)

A. FTP

B. HTTP

C. NFSv2

D. CIFS

When does a FortiSandbox categorize a file as suspicious?

A. When the file is detected as known greyware

B. When the file matches an antivirus signature that might detect false positives

C. When the file matches a signature in the extended antivirus database

D. When the file is not detected as a known malware, but it has some of the same behaviors as malware

What is the minimum FortiAnalyzer firmware version that supports FortiSandbox device registration?

A. 5.0.6

B. 5.0.11

C. 5.0.8

D. 5.2.1

FortiGate is configured to send suspicious files to a FortiSandbox for in-line inspection. The administrator

creates a new VDOM, and then generates some traffic so what the new VDOM sends a file to the

FortiSandbox for the first time.

Which is true regarding this scenario?

A. FortiSandbox will store the file, but not inspect it until the administrator manually authorizes the new VDOM.

B. Before generating traffic, the administrator can push the VDOM configuration from the FortiGate to the FortiSandbox. Then when FortiSandbox receives the file, FortiSandbox will inspect the file.

C. FortiSandbox can be pre-configured to automatically authorize the new VDOM and inspect the file.

D. FortiSandbox will store the file, but not inspect it until the administrator manually adds the new VDOM to the FortiSandbox configuration.

If FortiSandbox connects to FortiGuard through a web proxy server, which FortiSandbox interface must have access to the proxy server?

A. port3

B. port2

C. port1

D. port4

What mechanism does FortiGate use to avoid sending a file that has been already inspected to FortiSandbox?

A. FortiGate sends the file name to FortiGuard. FortiGuard checks if a file with that name has been already inspected.

B. FortiGate sends the file name to FortiSandbox. FortiSandbox checks if it has already inspected a file with that name.

C. FortiGate sends a hash of the file to FortiSandbox. FortiSandbox checks if it has already inspected a file with that hash.

D. FortiGate searches its cache of a list of file names that it has already inspected.

Based on the exhibit, which are true? (Choose two.)

A. Depending on the version indicated in the PDF file, FortiSandbox will scan using only one PDF reader (either Adobe Reader 9 or Adobe Reader 11).

B. If there are no Internet Explorer 10 installations in your network, you can safely disable the scanning of Adobe Flash with Microsoft Internet Explorer 10.

C. FortiSandbox will scan all Flash applications using Internet Explorer 10. This does not guarantee safety for Internet Explorer 8.

D. You can safely disable the PDF scanning with Acrobat Reader 9 because PDF scanning with Acrobat Reader 11 is enabled.

Which protocols are supported for archiving scan job reports? (Choose two.)

A. CIFS

B. NFSv2

C. SMB

D. FTP

The Windows licenses in a FortiSandbox could be locked because they have exceeded the maximum

number of allowed activations.

What should the administrator do to fix the problem?

A. Contact Microsoft support.

B. Restore a backup of the configuration taken before the licenses became locked.

C. Reinstall the license files.

D. Contact Fortinet support.