TEST CERT

Question

For FortiGate devices equipped with Network Processor (NP) chips, which are true? (Choose three.)

Answer 1

For each new IP session, the first packet always goes to the CPU.

Answer 2

The kernel does not need to program the NPU. When the NPU sees the traffic, it determines by itself whether it can process the traffic.

Answer 3

Once offloaded, unless there are errors, the NP forwards all subsequent packets. The CPU does not process them.

Answer 4

When the last packet is sent or received, such as a TCP FIN or TCP RST signal, the NP returns this session to the CPU for tear down.

Answer 5

Sessions for policies that have a security profile enabled can be NP offloaded.

Answer 6

The packet matched the topmost policy in the list of firewall policies.

Answer 7

The packet matched the firewall policy whose policy ID is 1.

Answer 8

The packet matched a firewall policy which allows the packet and skips UTM checks.

Answer 9

The policy allowed the packet and applied session NAT.

Answer 10

A Block Size defines the number of connections.

Answer 11

Blocks Per User defines the number of connection blocks for each user.

Answer 12

An Internal IP Range defines the IP addresses permitted to use the pool.

Answer 13

An External IP Range defines the IP addresses in the pool.

Answer 14

No traffic log message is generated.

Answer 15

One traffic log message is generated.

Answer 16

Two traffic log messages are generated.

Answer 17

A log message is only generated if there is a security event.

Answer 18

Section View lists firewall policies primarily by their interface pairs.

Answer 19

Section View lists firewall policies primarily by their sequence number.

Answer 20

Global View lists firewall policies primarily by their interface pairs.

Answer 21

Global View lists firewall policies primarily by their policy sequence number.

Answer 22

The 'any' interface may be used with Section View.

Answer 23

NAT/PAT is shown in the central NAT table, not the session table.

Answer 24

It shows TCP connection states.

Answer 25

It shows IP, SSL, and HTTP sessions.

Answer 26

It does not show UDP or ICMP connection state codes, because those protocols are connectionless.

Answer 27

A physical interface may not be used.

Answer 28

A zone may not be used.

Answer 29

Multiple interfaces may not be used for both incoming and outgoing.

Answer 30

Source and destination interfaces are mandatory.

Answer 31

A source address object must be selected in the firewall policy.

Answer 32

A source user/group may be selected in the firewall policy.

Answer 33

A source device may be defined in the firewall policy.

Answer 34

A source interface must be selected in the firewall policy.

Answer 35

A source user/group and device must be specified in the firewall policy.

Answer 36

Device identification is enabled by default on all interfaces.

Answer 37

Enabling a source device in a firewall policy enables device identification on the source interfaces of that policy.

Answer 38

You cannot combine source user and source device in the same firewall policy.

Answer 39

FortiClient can be used as an agent based device identification technique.

Answer 40

Only agentless device identification techniques are supported.

Answer 41

ACCESS-CHALLENGE

Answer 42

ACCESS-RESTRICT

Answer 43

ACCESS-PENDING

Answer 44

ACCESS-REJECT

Answer 45

Hardware FortiToken

Answer 46

Web Portal

Answer 47

Software FortiToken (FortiToken mobile)

Answer 48

How long FortiGate waits for the user to enter his or her credentials.

Answer 49

How long a user is allowed to send and receive traffic before he or she must authenticate again.

Answer 50

How long an authenticated user can be idle (without sending traffic) before they must authenticate again.

Answer 51

How long a user-authenticated session can exist without having to authenticate again.

Answer 52

Remote Authentication Dial in User Service (RADIUS)

Answer 53

Lightweight Directory Access Protocol (LDAP)

Answer 54

Local Password Authentication

Answer 55

Remote Password Authentication

Answer 56

User password

Answer 57

Disclaimers can be used in conjunction with captive portal.

Answer 58

Disclaimers appear before users authenticate.

Answer 59

Disclaimers can be bypassed through security exemption lists.

Answer 60

Disclaimers must be accepted in order to continue to the authentication login or originally intended destination.

Answer 61

The name of the attribute that identifies each user (Common Name Identifier).

Answer 62

The user account or group element names (user DN).

Answer 63

The server secret to allow for remote queries (Primary server secret).

Answer 64

The credentials for an LDAP administrator (password).

Answer 65

Blocks SSL VPN connection attempts from users that has been blacklisted.

Answer 66

Detects the Windows client security applications running in the SSL VPN client's PCs

Answer 67

Validates the SSL VPN user credential.

Answer 68

Verifies which SSL VPN portal must be presented to each SSL VPN user.

Answer 69

Verifies that the latest SSL VPN client is installed in the client's PC.

Answer 70

The name of the virtual network adapter required in each user's PC for SSL VPN Tunnel mode.

Answer 71

he name of a virtual interface in the root VDOM where all the SSL VPN user traffic comes from

Answer 72

A Firewall Address object that contains the IP addresses assigned to SSL VPN users.

Answer 73

The virtual interface in the root VDOM that the remote SSL VPN tunnels connect to.

Answer 74

Remote Password Authentication (RADIUS, LDAP)

Answer 75

Two-Factor Authentication

Answer 76

Local Password Authentication

Answer 77

http://1.1.1.1:443/Training

Answer 78

https://1.1.1.1:443/STUDENTS

Answer 79

https://1.1.1.1/login

Answer 80

https://1.1.1.1/

Answer 81

It can only be used to connect to web services.

Answer 82

IP traffic is encapsulated over HTTPS.

Answer 83

Access to internal network resources is possible from the SSL VPN portal.

Answer 84

The standalone FortiClient SSL VPN client CANNOT be used to establish a Web-only SSL VPN.

Answer 85

It is not possible to connect to SSH servers through the VPN.

Answer 86

IP traffic is encapsulated over HTTPS.

Answer 87

The standalone FortiClient SSL VPN client can be used to establish a Tunnel mode SSL VPN.

Answer 88

A limited amount of IP applications are supported.

Answer 89

The FortiGate device will dynamically assign an IP address to the SSL VPN network adapter.

Answer 90

IPsec increases overhead and bandwidth.

Answer 91

IPsec operates at the layer 2 of the OSI model.

Answer 92

End-user's network applications must be properly pre-configured to send traffic across the IPsec VPN.

Answer 93

IPsec protects upper layer protocols.

Answer 94

IPsec operates at the layer 3 of the OSI model.

Answer 95

The firewall policies for policy-based are bidirectional. The firewall policies for route-based are unidirectional.

Answer 96

In policy-based VPNs the traffic crossing the tunnel must be routed to the virtual IPsec interface. In route-based, it does not.

Answer 97

The action for firewall policies for route-based VPNs may be Accept or Deny, for policy-based VPNs it is Encrypt.

Answer 98

Policy-based VPN uses an IPsec interface, route-based does not.

Answer 99

Policy-based IPsec only.

Answer 100

Route-based IPsec only.

Answer 101

Both policy-based and route-based VPN.

Answer 102

L2TP-over-IPSec is not supported by FortiGate devices.

Answer 103

Asymmetric Keys

Answer 104

CA root digital certificates

Answer 105

RSA signature

Answer 106

Pre-shared keys

Answer 107

Policy-based VPN only

Answer 108

Both policy-based and route-based VPN.

Answer 109

Route-based VPN only.

Answer 110

D. IPSec VPNs are not supported when the FortiGate is running in NAT mode.

Answer 111

Under the IPsec VPN global settings.

Answer 112

Under the phase 2 settings.

Answer 113

Under the phase 1 settings.

Answer 114

Under the firewall policy settings.

Answer 115

Aggressive mode

Answer 116

Quick mode

Answer 117

A symmetric encryption algorithm.

Answer 118

A "key-agreement" protocol.

Answer 119

A "Security-association-agreement" protocol.

Answer 120

An authentication algorithm

Answer 121

Traffic is dropped.

Answer 122

Traffic is routed across the default phase 2.

Answer 123

Traffic is routed to the next available route in the routing table.

Answer 124

Traffic is routed unencrypted to the interface where the IPsec VPN is terminating.

Answer 125

Test FortiGate I: 07. Explicit Proxy Quiz Question 1 of 6 An Internet browser is using the WPAD DNS method to discover the PAC file’s URL. The DNS server replies to the browser’s request with the IP address 10.100.1.10. Which URL will the browser use to download the PAC file? http://10.100.1.10/proxy.pac https://10.100.1.10/ http://10.100.1.10/wpad.dat https://10.100.1.10/proxy.pac

Answer 126

https://10.100.1.10/

Answer 127

http://10.100.1.10/wpad.dat

Answer 128

https://10.100.1.10/proxy.pac

Answer 129

The source IP address matches the client IP address.

Answer 130

The source IP address matches the proxy IP address.

Answer 131

The destination IP address matches the proxy IP address.

Answer 132

The destination IP address matches the server IP addresses.

Answer 133

The destination TCP port number is 80.

Answer 134

User is prompted to authenticate. Traffic from the user Student will be allowed by the policy #1. Traffic from any other user will be allowed by the policy #2.

Answer 135

User is not prompted to authenticate. The connection is allowed by the proxy policy #2.

Answer 136

User is not prompted to authenticate. The connection will be allowed by the proxy policy #1.

Answer 137

User is prompted to authenticate. Only traffic from the user Student will be allowed. Traffic from any other user will be blocked.

Answer 138

Decrease bandwidth utilization

Answer 139

Reduce server load

Answer 140

Reduce FortiGate CPU usage

Answer 141

Reduce FortiGate memory usage

Answer 142

Decrease traffic delay

Answer 143

More than one proxy is supported.

Answer 144

Can contain a list of destinations that will be exempt from the use of any proxy.

Answer 145

Can contain a list of URLs that will be exempted from the FortiGate web filtering inspection.

Answer 146

Can contain a list of users that will be exempted from the use of any proxy.

Answer 147

20 seconds

Answer 148

30 seconds

Answer 149

45 seconds

Answer 150

10 seconds

Answer 151

Operating system

Answer 152

The traffic was blocked.

Answer 153

The user failed authentication.

Answer 154

The category action was set to warning.

Answer 155

The website was allowed.

Answer 156

Authenticate

Answer 157

Proxy based mode allows for customizable block pages to display when sites are prevented.

Answer 158

Proxy based mode requires more resources than flow-based.

Answer 159

Flow based mode offers more settings under the advanced configuration section of the GUI.

Answer 160

Proxy based mode offers higher throughput than flow-based mode.

Answer 161

Proxy based

Answer 162

Policy based

Answer 163

Flow based

Answer 164

Application control is based on TCP destination port numbers.

Answer 165

Application control is proxy based.

Answer 166

Encrypted traffic can be identified by application control.

Answer 167

Traffic shaping can be applied to the detected application traffic.

Answer 168

All traffic that matches the internal signature for unknown applications.

Answer 169

Traffic that does not match the RFC pattern for its protocol.

Answer 170

Any traffic that does not match an application control signature.

Answer 171

A packet that fails the CRC check.

Answer 172

Traffic Shaping

Answer 173

Quarantine

Answer 174

Through FortiGuard updates.

Answer 175

Upgrade the FortiOS firmware to a newer release.

Answer 176

By running the Application Control auto-learning feature.

Answer 177

Signatures are hard coded to the device and cannot be updated.

Answer 178

Both routes will show up in the routing table.

Answer 179

The FortiGate unit will evenly share the traffic to 172.20.168.0/24 between both routes.

Answer 180

Only one route will show up in the routing table.

Answer 181

The FortiGate will route the traffic to 172.20.168.0/24 only through one route.

Answer 182

Source IP address

Answer 183

Source TCP/UDP port

Answer 184

Type of service

Answer 185

There can be only one virtual WAN Link per VDOM.

Answer 186

FortiGate can measure the quality of each link based on latency, jitter, or lost packets percentage.

Answer 187

Link health check can be performed over each link member of the virtual WAN interface.

Answer 188

Distance and priority values are configured in each link member of the virtual WAN interface.

Answer 189

There is only one active default route.

Answer 190

The distance value for the route to 192.168.1.0/24 is 200.

Answer 191

An IP address in the subnet 172.16.78.0/24 has been assigned to the dmz interface.

Answer 192

The FortiGate will route the traffic to 172.17.1.2 to the next hop with the IP address 192.168.11.254.

Answer 193

Packets are dropped.

Answer 194

Packets are routed based on the information in the policy-based routing table.

Answer 195

An ICMP error message is sent back to the originator.

Answer 196

Packets are routed back to the originator.

Answer 197

The routes with the ID numbers 2 and 3.

Answer 198

Only the route with the ID number 3.

Answer 199

Only the route with the ID number 2.

Answer 200

Only the route with the ID number 1.

Answer 201

The same priority.

Answer 202

The same distance and same priority.

Answer 203

The same distance.

Answer 204

The same metric.

Answer 205

All routes to the destination subnet configured in the link health monitor are removed from the routing table.

Answer 206

The distance values of all routes using the interface configured in the link health monitor are increased.

Answer 207

The priority values of all routes using the interface configured in the link health monitor are increased.

Answer 208

All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.

Answer 209

It is one of the secondary MAC addresses of the port1 interface.

Answer 210

It is the primary MAC address of the port1 interface.

Answer 211

It is the MAC address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.

Answer 212

It is the HA virtual MAC address.

Answer 213

Packet is allowed if RPF is configured as loose.

Answer 214

Packet is allowed if RPF is configured as strict.

Answer 215

Packet is blocked if RPF is configured as loose.

Answer 216

Packet is blocked if RPF is configured as strict.

Answer 217

Use the inter-VDOM links automatically created between all VDOMS.

Answer 218

Manually create and configure an inter-VDOM link between your two VDOMs.

Answer 219

Interconnect and configure an external physical interface in one VDOM to another physical interface in the second VDOM.

Answer 220

Configure both VDOMs to share the same routing table.

Answer 221

Operating mode (NAT/route or transparent)

Answer 222

Static routes

Answer 223

System time

Answer 224

Firewall policies

Answer 225

VDOMs divide a single FortiGate unit into two or more independent firewalls.

Answer 226

A management VDOM handles SNMP, logging, alert email, and FortiGuard updates.

Answer 227

Each VDOM can run different firmware versions.

Answer 228

Administrative users with a ‘super_admin’ profile can administrate only one VDOM.

Answer 229

FortiGate devices, from the FGT/FWF 60D and above, all support VDOMS.

Answer 230

All FortiGate devices scale to 250 VDOMS.

Answer 231

Each VDOM requires its own FortiGuard license.

Answer 232

FortiGate devices support more NAT/Route VDOMs than Transparent Mode VDOMs.

Answer 233

SNMP traps

Answer 234

FortiGuard

Answer 235

ICMP redirect

Answer 236

The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.

Answer 237

The two VLAN sub-interfaces must have different VLAN IDs.

Answer 238

The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.

Answer 239

The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

Answer 240

Different VLANs can share the same IP address as long as they have different VLAN IDs.

Answer 241

Different VLANs can share the same IP address as long as they are in different physical interfaces.

Answer 242

Different VLANs can share the same IP address as long as they are in different VDOMs.

Answer 243

Different VLANs can never share the same IP addresses.

Answer 244

An inter-VDOM link between 'root' and 'vdom1' can be created.

Answer 245

An inter-VDOM link between 'vdom1' and 'vdom2' can be created.

Answer 246

An inter-VDOM link between 'vdom2 ' and 'vdom3' can be created.

Answer 247

Inter-VDOM link links must be manually configured for FortiGuard traffic.

Answer 248

In transparent mode, interfaces do not have IP addresses.

Answer 249

Firewall policies are only used in NAT/route mode.

Answer 250

Static routes are only used in NAT/route mode.

Answer 251

Only transparent mode permits inline traffic inspection at layer 2.

Answer 252

port monitor, priority, uptime, serial number

Answer 253

port monitor, uptime, priority, serial number

Answer 254

priority, uptime, port monitor, serial number

Answer 255

uptime, priority, port monitor, serial number

Answer 256

To synchronize the ARP tables in all the FortiGate units that are part of the HA cluster.

Answer 257

To notify the network switches that a new HA master unit has been elected.

Answer 258

To notify the master unit that the slave devices are still up and alive.

Answer 259

To notify the master unit about the physical MAC addresses of the slave units.

Answer 260

IP addresses assigned to DHCP enabled interfaces.

Answer 261

The master device's hostname.

Answer 262

Routing configuration and state.

Answer 263

Reserved HA management interface IP configuration.

Answer 264

Firewall policies and objects.

Answer 265

System time zone

Answer 266

Packets are sent directly to the slave unit using the slave physical MAC address.

Answer 267

Packets are sent directly to the slave unit using the HA virtual MAC address.

Answer 268

Packets arrive at both units simultaneously, but only the slave unit forwards the session.

Answer 269

Packets are first sent to the master unit, which then forwards the packets to the slave unit.

Answer 270

To force an HA failover when the HA override setting is disabled.

Answer 271

To force an HA failover when the HA override setting is enabled.

Answer 272

To clear the HA counters.

Answer 273

To restart a FortiGate unit that is part of an HA cluster.

Answer 274

There should be only one master unit is each HA virtual cluster.

Answer 275

The master synchronizes cluster configuration with slaves.

Answer 276

Only the master has a reserved management HA interface.

Answer 277

Heartbeat interfaces are not required on a master unit.

Answer 278

By default, UDP sessions are not synchronized.

Answer 279

Up to four FortiGate devices in standalone mode are supported.

Answer 280

Only the master unit handles the traffic.

Answer 281

Allows per-VDOM session synchronization.

Answer 282

Static route

Answer 283

User group

Answer 284

Main mode must be used when there is more than one IPsec dialup VPN configure on the same FortiGate device.

Answer 285

A FortiGate device with an IPsec VPN configured as dialup can initiate the tunnel connection to any remote IP address.

Answer 286

Peer ID must be used when there is more than one aggressive-mode IPsec dialup VPN on the same FortiGate device.

Answer 287

The FortiGate will automatically add a static route to the source quick mode selector address received from each remote peer.

Answer 288

The FortiGate will accept IPsec VPN connections from any IP address.

Answer 289

The FQDN resolution of the local FortiGate IP address where the VPN is terminated must be provided by a dynamic DNS provider.

Answer 290

The FortiGate will accept IPsec VPN connections only from IP addresses included in a dynamic DNS access list.

Answer 291

The remote gateway IP address can change dynamically.

Answer 292

The quick mode selectors negotiated between both IPsec VPN peers is 0.0.0.0/32 for both the source and destination addresses.

Answer 293

The output corresponds to a phase 2 negotiation.

Answer 294

NAT-T is enabled and there is a third device in the path performing NAT of the traffic between both IPsec VPN peers.

Answer 295

The IP address of the remote IPsec VPN peer is 172.20.187.114.

Answer 296

Side A: main mode, remote gateway as static IP address, policy-based VPN. Side B: aggressive Mode, remote Gateway as static IP address, policy-based VPN.

Answer 297

Side A: main mode, remote gateway as static IP Address, policy-based VPN. Side B: main mode, remote gateway as static IP address, route-based VPN.

Answer 298

Side A: main mode, remote gateway as static IP address, route-based VPN. Side B: main mode, remote gateway as dialup, route-based VPN.

Answer 299

Side A: main mode, remote gateway as dialup, policy-based VPN. Side B: main mode, remote gateway as dialup, policy-based VPN.

Answer 300

The quick mode selector in the remote site must also be 0.0.0.0/0 for the source and destination addresses.

Answer 301

Only remote peers with the peer ID 'fortinet' will be able to establish a VPN.

Answer 302

The FortiGate device will automatically add a static route to the source quick mode selector address received from each remote VPN peer.

Answer 303

The configuration will work only to establish FortiClient-to-FortiGate tunnels. A FortiGate-to-FortiGate tunnel requires a different configuration.

Answer 304

All the aggressive mode dialup VPNs MUST accept connections from the same peer ID.

Answer 305

Each peer ID MUST match the FQDN of each remote peer.

Answer 306

Each aggressive mode dialup MUST accept connections from different peer ID.

Answer 307

The peer ID setting must NOT be used.

Answer 308

It can dynamically assign IP addresses to IPsec VPN clients.

Answer 309

It can dynamically assign DNS settings to IPsec VPN clients.

Answer 310

It uses the ESP protocol.

Answer 311

It can be enabled in the phase 2 configuration.

Answer 312

192.168.1.99

Answer 313

192.168.1.253

Answer 314

192.168.1.65

Answer 315

192.168.1.66

Answer 316

Database auditing

Answer 317

Intrusion prevention

Answer 318

Web filtering

Answer 319

Application control

Answer 320

Web Filtering

Answer 321

It cannot upgrade or downgrade firmware.

Answer 322

It can create and assign administrator accounts to parts of its own VDOM.

Answer 323

It can reset forgotten passwords for other administrator accounts such as "admin".

Answer 324

It has a smaller permissions scope than accounts with the "super_admin" profile.

Answer 325

FortiGate will still subject that person's traffic to firewall policies; it will not bypass them.

Answer 326

FortiGate will drop the packets and not respond.

Answer 327

FortiGate responds with a block message, indicating that it will not allow that person to log in.

Answer 328

FortiGate responds only if the administrator uses a secure protocol. Otherwise, it does not respond.

Answer 329

NAT mode with an interface in one-arm sniffer mode

Answer 330

Transparent mode

Answer 331

No appropriate operation mode exists

Answer 332

Log in with another administrator account that has "super_admin" profile permissions, then reset the password for the "admin" account.

Answer 333

Reboot the FortiGate. Via the local console, during the boot loader, use the menu to format the flash disk and reinstall the firmware. Then you can log in with the default password.

Answer 334

Power off the FortiGate. After several seconds, restart it. Via the local console, within 30 seconds after booting has completed, log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.

Answer 335

Reboot the FortiGate. Via the local console, during the boot loader, use the menu to log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.

Answer 336

Yes, but only if you replace the "#conf_file_ver" line so that it contains the serial number of that specific FortiWiFi 60D.

Answer 337

Yes, but only if it is running the same version of FortiOS, or a newer compatible version.

Answer 338

If you upload the firmware image via the boot loader's menu from a TFTP server, it will not preserve the configuration. But if you upload new firmware via the GUI or CLI, as long as you are following a supported upgrade path, FortiOS will attempt to convert the existing configuration to be valid with any new or changed syntax.

Answer 339

No settings are preserved. You must completely reconfigure.

Answer 340

No settings are preserved. After the upgrade, you must upload a configuration backup file. FortiOS will ignore any commands that are not valid in the new OS. In those cases, you must reconfigure settings that are not compatible with the new firmware.

Answer 341

You must use FortiConverter to convert a backup configuration file into the syntax required by the new FortiOS, then upload it to FortiGate.

Answer 342

Abnormal termination of a process

Answer 343

A process closed for any reason

Answer 344

Normal shutdown with no abnormalities

Answer 345

DHCP process crashed

Answer 346

Forward log

Answer 347

Traffic log

Answer 348

Security log

Answer 349

Firewall policy setting

Answer 350

Log Settings in the GUI

Answer 351

'config log' command in the CLI

Answer 352

Security log

Answer 353

Forward Traffic log

Answer 354

Alert Monitoring Console

Answer 355

Alert Emails

Answer 356

FortiAnalyzer

Answer 357

Alert Message Console

Answer 358

In the GUI, the log entry was located under “Log & Report > Event Log > User”.

Answer 359

In the GUI, the log entry was located under “Log & Report > Event Log > System”.

Answer 360

In the GUI, the log entry was located under “Log & Report > Traffic Log > Local Traffic”.

Answer 361

The connection was encrypted

Answer 362

The connection was unencrypted.

Answer 363

The IP of the FortiGate interface that “admin” connected to was 192.168.1.112.

Answer 364

The IP of the computer that “admin” connected from was 192.168.1.112.

Answer 365

FortiAnalyzer

Answer 366

Hard drive

Answer 367

FortiCloud

Answer 368

Security log

Answer 369

Forward log

Answer 370

Notification, Emergency

Answer 371

Information, Critical

Answer 372

Error, Critical

Answer 373

Information, Emergency

Answer 374

Information, Alert

	Created by sebastianzo over 8 years ago

Next up

TEST CERT

Description

Resource summary

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

Question 27

Question 28

Question 29

Question 30

Question 31

Question 32

Question 33

Question 34

Question 35

Question 36

Question 37

Question 38

Question 39

Question 40

Question 41

Question 42

Question 43

Question 44

Question 45

Question 46

Question 47

Question 48

Question 49

Question 50

Question 51

Question 52

Question 53

Question 54

Question 55

Question 56

Question 57

Question 58

Question 59

Question 60

Question 61

Question 62

Question 63

Question 64

Question 65

Question 66

Question 67

Question 68

Question 69

Question 70

Question 71

Question 72

Question 73

Question 74

Question 75

Question 76