Simulado NSE 4 (7.2)

Please wait - loading…

Question 1 of 64

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway
What must the administrator do to achieve this objective?

Select one of the following:

The administrator must use a FortiAuthenticator device
The administrator must use a third-party RADIUS OTP server
The administrator must use the user self-registration server
The administrator must register the same FortiToken on more than one FortiGate device

Explanation

Question 2 of 64

What is a reason for triggering IPS fail open?

Select one of the following:

The IPS socket buffer 1s full and the IPS engine cannot process additional packets.
The IPS engine cannot decode a packet.
The administrator enabled NTurbo acceleration
The IPS engine is upgraded.

Explanation

Question 3 of 64

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection

Which FortiGate configuration can achieve this goal?

Select one of the following:

SSL VPN quick connection
SSL VPN bookmark
SSL VPN tunnel
Zero trust network access

Explanation

Question 4 of 64

Refer to the exhibit
The exhibit shows the FortiGuard Category Based Filter section of a corporate web
filter profile
An administrator must block access to download.com, which belongs to the Freeware
and Software Downloads category The administrator must also allow other websites in
the same category
What are two solutions for satisfying the requirement? (Choose two.)

Select one or more of the following:

Configure a separate firewall policy with action Deny and an FQDN address object for
*, download.com as destination address
Set the Freeware and Software Downloads category Action to Warning
Configure a static URL filter entry for download.com with Type and Action set to
Wildcard and Block, respectively
Configure a web override rating for downlead. com and select Malicious Websites
as the subcategory.

Explanation

Question 5 of 64

What are two features of collector agent advanced mode? (Choose two.)

Select one or more of the following:

Advanced mode supports nested or inherited groups
In advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate
Advanced mode uses the Windows convention—NetBios: Domain\Username
In advanced mode, security profiles can be applied only to user groups, not individual users.

Explanation

Question 6 of 64

Refer to the exhibits
Exhibit A shows a network diagram. Exhibit B
shows the firewall policy configuration and a VIP ”
object configuration
|
The WAN (port1) interface has the IP address
10.200.1.1/24
The LAN (port3) interface has the IP address
10.0.1.254/24. 10.200.1.1/24
The administrator disabled the WebServer firewall policy.
Which IP address will be used to source NAT the traffic, if a user with address 10.0.1.10 connects over SSH to the host with address 10.200.3.17

Select one of the following:

10.200.3.1
10.200.1.10
10.200.1.1
10.0.1.254

Explanation

Question 7 of 64

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

Select one of the following:

The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions
The full SSL inspection feature does not have a valid license.
The matching firewall policy is set to proxy inspection mode
The browser does not trust the certificate used by FortiGate for SSL inspection

Explanation

Question 8 of 64

Which three methods are used by the collector agent for AD polling? (Choose three.)

Select one or more of the following:

FortiGate polling
NetAPI
WinSeclLog
FSSO RESTAPI
WMl

Explanation

Question 9 of 64

Refer to the exhibit
Based on the administrator profile settings. what permissions must the administrator set
torun the diagnose firewall auth list CLI command on FortiGate?

Select one of the following:

Read/Write permission for Firewall
Custom permission for Network
CLI diagnostics commands permission
Read/Write permission for Log & Report

Explanation

Question 10 of 64

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

Select one or more of the following:

Extended authentication (XAuth) to request the remote peer to provide a username and password
No certificate is required on the remote peer when you set the certificate signature as the authentication method
Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
Pre-shared key and certificate signature as authentication methods

Explanation

Question 11 of 64

What is the primary FortiGate election process when the HA override setting is disabled?

Select one of the following:

Connected monitored ports > HA uptime > Priority > FortiGate serial number
Connected monitored ports > System uptime > Priority > FortiGate serial number
Connected monitored ports > Priority > System uptime > FortiGate serial number
Connected monitored ports > Priority > HA uptime > FortiGate serial number

Explanation

Question 12 of 64

Refer to the exhibit, which contains a static route configuration
An administrator created a static route for Amazon Web Services.
Which CLI command must the administrator use to view the route?

Select one of the following:

get internet-service route list
get router info routing-table database
get router info routing-table all
diagnose firewall proute list

Explanation

Question 13 of 64

Refer to the exhibit
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local
VDOMs are configured in transparent mode
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users
to access the internet. The To_Internet VDOM is the only VDOM with internet access
and is directly connected to the ISP modem
What can you conclude about this configuration?

Select one of the following:

default static route is not required on the To_lnternet VDOM to allow LAN users to
access the intemet.
Inter-VDOM links are required to allow traffic between the Local and Root VDOMs
Inter-VDOM links are not required between the Root and To_Internet VDOMs
because the Root VDOM is used only as a management VDOM
Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs

Explanation

Question 14 of 64

How can you disable RPF checking?

Select one of the following:

Unset fail-alert-interfaces on the interface level settings
Disable src-check on the interface level settings
Disable strict-sre-check under system settings
Disable fail-detect on the interface level settings

Explanation

Question 15 of 64

You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk
What is the default behavior when the local disk is full?

Select one of the following:

No new log is recorded until you manually clear logs from the local disk
Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%
Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%
No new log is recorded after the warning is issued when log disk use reaches the threshold of 95%

Explanation

Question 16 of 64

Which timeout setting can be responsible for deleting SSL VPN associated sessions?

Select one of the following:

SSLVPN dtls-helle-timeout
SSLVPN idle-timeocut
SSLVPN http-request-body-timecut
SSLVPN login-timsout

Explanation

Question 17 of 64

An administrator wants to simplify remote access without asking users to provide user credentials
Which access control method provides this solution?

Select one of the following:

L2TP
ZTNA IP/MAC filtering mode
SSL VPN
ZTNA access proxy

Explanation

Question 18 of 64

Refer to the exhibits
The exhibits show a firewall policy (ExhibitA ) and an antivirus profile (Exhibit B)
Why is the user unable to receive a block replacement message when downloading an
infected file for the first time?

Select one of the following:

The volume of traffic being inspected is too high for this model of FortiGate
The intrusion prevention security profile must be enabled when using flow-based
inspection mode.
Flow-based inspection is used, which resets the last packet to the user
The firewall policy performs a full content inspection on the file

Explanation

Question 19 of 64

Refer to the exhibits
The exhibits contain a network interface configuration, firewall policies, and a CLI :
console configuration
How will the FortiGate device handle user authentication for traffic that arrives on the LAN interface?

Select one of the following:

All users will be prompted for authentication; users from the sales group can
authenticate successfully with the correct credentials.
Authentication is enforced only at a policy level, all users will be prompted for
authentication.
If there is a fall-through policy in place, users will not be prompted for authentication.
All users will be prompted for authentication; users from the HR group can
authenticate successfully with the correct credentials

Explanation

Question 20 of 64

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

Select one or more of the following:

FortiGuard update servers
NGFW mode
System time
Operating mode

Explanation

Question 21 of 64

Which three CLI commands can you use to troubleshoot Layer 3 issues, if the issue is in neither the physical layer nor the link layer? (Choose three)

Select one or more of the following:

O diagnose sys top
Diagnose sniffer packet any
get system arp
execute ping
execute traceroute

Explanation

Question 22 of 64

Refer to the exhibits
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in
the security fabric. After synchronization, this object is not available on the downstream & Qs
FortiGate (ISFW)
What must the administrator do to synchronize the address object?

Select one of the following:

Change the csf setting on ISFW (downstream)to set authorization-request-type certificate
Change the csf setting on ISFW (downstream)to set configuraticn-sync
local
Change the csf setting on both devices to set downstream-access enable.
Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

Explanation

Question 23 of 64

Refer to the exhibit
The exhibit shows a diagram of a FortiGate device connected to the network and the
firewall policy and IP pool configuration on the FortiGate device
Which two actions does FortiGate take on internet traffic sourced from the subscribers?(Choose two.)

Select one or more of the following:

FortiGate allocates port blocks per user, based on the configured range of internal IP addresses
FortiGate allocates 128 port blocks per user
FortiGate generates a system event log for every port block allocation made per user.
FortiGate allocates port blocks on a first-come, first-served basis

Explanation

Question 24 of 64

Refer to the exhibit
The exhibit shows a diagram of a FortiGate device connected to the network and the
firewall policy and IP pool configuration on the FortiGate device
Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet
successfully However, when the administrator adds a third PC to the network (PC3), the
PC cannot connect to the internet.
Based on the information shown in the exhibit, which three configuration changes should
the administrator make to fix the connectivity issue for PC3? (Choose three )

Select one or more of the following:

Configure 192.2.0.12/24 as the secondary IP address on port1 .
In the IP pool configuration, set type to overload
Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list
In the firewall policy disable ippool.
In the IP pool configuration, set endip to 192.2.0.12

Explanation

Question 25 of 64

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

Select one of the following:

Each VDOM in the environment can be part of a different Security Fabric.
Downstream devices can connect to the upstream device from any of their VDOMs
Security rating reports can be run individually for each configured VDOM
VDOMSs without ports with connected devices are not displayed in the topology.

Explanation

Question 26 of 64

FortiGate is integrated with FortiAnalyzer and FortiManager
When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager?

Select one of the following:

Log ID
Sequence ID
Universally Unique Identifier
Policy ID

Explanation

Question 27 of 64

Refer to the exhibit
Based on the raw log, what can you
conclude from the output? (Choose two.)

Select one or more of the following:

Log severity is set to error on
FortiGate
Traffic belongs to the root VDOM
This is a security log.
Traffic is blocked because Action is set
to DENY in the firewall policy.

Explanation

Question 28 of 64

What are two functions of the ZTNA rule? (Choose two.)

Select one or more of the following:

It defines the access proxy.
It applies security profiles to protect traffic
It enforces access control
It redirects the client request to the access proxy.

Explanation

Question 29 of 64

Refer to the exhibit
Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit
What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

Select one of the following:

Traffic matching the signature will be silently dropped and logged.
The signature setting includes a group of other signatures
Traffic matching the signature will be allowed and logged
The signature setting uses a custom rating threshold.

Explanation

Question 30 of 64

Refer to the exhibit to view the firewall policy
Why would the firewall policy not block a well-known virus. for example eicar?

Select one of the following:

The firewall policy is not configured in proxy-based inspection mode
The firewall policy does not apply deep content inspection
Web filter is not enabled on the firewall policy to complement the antivirus profile.
The action on the firewall policy is not set to deny

Explanation

Question 31 of 64

Refer to the exhibits
Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.
Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.

Select one or more of the following:

For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.
The traffic sourced from the client and destined to the
server is sent to FGT-1.
The cluster can load balance ICMP connections to the
secondary
For non-load balanced connections, packets forwarded by cluster to the server contain the virtual MAC address of port2 as source

Explanation

Question 32 of 64

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.
What is true about the DNS connection to a FortiGuard server?

Select one or more of the following:

It uses UDP 53
It uses DNS over HTTPS
It uses UDP 8888
It uses DNS over TLS

Explanation

Question 33 of 64

If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?

Select one or more of the following:

User or User Group
FQDN address
No other object can be added
IP address

Explanation

Question 34 of 64

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Select one or more of the following:

The collector agent must search Windows application event logs.
NetAPI polling can increase bandwidth usage in large networks.
The NetSessionEnum function is used to track user logouts
The collector agent uses a Windows API to query DCs for user logins.

Explanation

Question 35 of 64

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.
What is true about the DNS connection to a FortiGuard server?

Select one or more of the following:

lt uses UDP 53
It uses DNS over HTTPS
It uses UDP 8888
It uses DNS over TLS

Explanation

Question 36 of 64

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Select one or more of the following:

FortiGate automatically negotiates a new security association after the existing security association expires
FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
FortiGate automatically negotiates different local and remote addresses with the remote peer
FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel

Explanation

Question 37 of 64

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile
Which order must FortiGate use when the web filter profile has features such as safe search enabled?

Select one or more of the following:

DNS-based web filter and proxy-based web filter
FortiGuard category filter and rating filter
Static domain filter, SSL inspection filter, and external connectors filters
Static URL filter, FortiGuard category filter, and advanced filters

Explanation

Question 38 of 64

The IPS engine is used by which three security features? (Choose three.)

Select one or more of the following:

DNS filter
Application control
Web filter in flow-based inspection
Web application firewall
Antivirus in flow-based inspection

Explanation

Question 39 of 64

Refer to the exhibit showing a FortiGuard connection debug output
Based on the output, which two facts does the administrator know about the FortiGuard
connection? (Choose two.)

Select one or more of the following:

One server was contacted to retrieve the contract information
There is at least one server that lost packets consecutively.
FortiGate is using default FortiGuard communication settings
A local FortiManager is one of the servers FortiGate communicates with

Explanation

Question 40 of 64

What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)

Select one or more of the following:

FortiGate allocates two sessions per connection
FortiGate uses fewer resources
FortiGate performs a more exhaustive inspection on traffic
FortiGate adds less latency to traffic.

Explanation

Question 41 of 64

What is the imitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

Select one or more of the following:

It limits the scanning of application traffic to use parent signatures only
It limits the scanning of application traffic to the DNS protocol only
It limits the scanning of application traffic to the application category only
It limits the scanning of application traffic to the browser-based technology category only.

Explanation

Question 42 of 64

What are two scanning techniques supported by FortiGate? (Choose two.)

Select one or more of the following:

Trojan scan
Machine learning scan
Ransomware scan
Antivirus scan

Explanation

Question 43 of 64

An employee needs to connect to the office through a high-latency internet connection
Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

Select one of the following:

udp-idle-timer
sessiocn=-ttl
idle-timeout
login-timeout

Explanation

Question 44 of 64

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

Select one or more of the following:

The subject alternative name (SAN) field in the server certificate
The server name indication (SNI) extension in the client hello message
The subject field in the server certificate
The serial number in the server certificate
The host field in the HTTP header

Explanation

Question 45 of 64

Refer to the exhibits
Exhibit A shows a network diagram. Exhibit B shows the central SNAT policy and IP pool
configuration
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP 10.0.1.254/24.
A firewall policy is configured to allow all destinations from LAN (port3) to WAN (port1)
Central NAT is enabled, so NAT settings from matching central SNAT policies will be
applied.
Which IP address will be used to source NAT (SNAT) the traffic, if the user on LocalClient (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

Select one of the following:

10.200.1.99
10.200.1.1
10.200.1.49
10.200.1.149

Explanation

Question 46 of 64

Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate
devices The administrator has determined that phase 1 status is up, but phase 2 fails to
come up.
Based on the phase 2 configuration shown in the exhibit, which configuration change will
bring phase 2 up?

Select one or more of the following:

On HQ-FortiGate, set Encryption to AES256.
On HQ-FortiGate, enable Auto-negotiate.
On Remote-FortiGate, set Seconds to 43200.
On HQ-FortiGate, enable Diffie-Hellman Group 2.

Explanation

Question 47 of 64

Which two statements describe how the RPF check is used? (Choose two.)

Select one or more of the following:

The RPF check is run on the first reply packet of any new session.
The RPF check is run on the first sent packet of any new session
The RPF check is a mechanism that protects FortiGate and the network from IP spoofing attacks
The RPF check is run on the first sent and reply packet of any new session.

Explanation

Question 48 of 64

n administrator needs to increase network bandwidth and provide redundancy.
Which interface type must the administrator select to bind multiple FortiGate interfaces?

Select one or more of the following:

Software switch interface
VLAN interface
Aggregate interface
Redundant interface

Explanation

Question 49 of 64

Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate
devices. The administrator has determined that phase 1 failed to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make
sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two
configuration changes can the administrator make to bring phase 1 up? (Choose two.)

Select one or more of the following:

On HQ-FortiGate, set IKE mode to Main (ID protection).
On HQ-FortiGate, disable Diffie-Helman group 2.
On Remote-FortiGate, set port2 as Interface.
On both FortiGate devices, set Dead Peer Detection to On Demand. i)

Explanation

Question 50 of 64

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes
All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be
able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

Select one or more of the following:

Configure a lower distance on the static route for the primary tunnel. and a higher distance on the static route for the secondary tunnel
Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
Enable Dead Peer Detection
Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels

Explanation

Question 51 of 64

Which inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

Select one or more of the following:

Full content inspection
Certificate inspection
Flow-based inspection
Proxy-based inspection

Explanation

Question 52 of 64

Refer to the exhibit
Why did FortiGate drop the packet?

Select one or more of the following:

It matched an explicitly configured firewall policy with the action DENY
It matched the default implicit firewall policy.
It failed the RPF check
The next-hop IP address is unreachable

Explanation

Question 53 of 64

Refer to the exhibit
Why did Fortigate drop the packet?

Select one or more of the following:

It matched an explicity configured firewall policy with the action DENY
It matched the default
implicit firewall policy
It failed the RPF
check
The next-hop IP
address is
unreachable

Explanation

Question 54 of 64

Which statement about video filtering on FortiGate is true?

Select one or more of the following:

It does not require a separate FortiGuard license.
It is available only on a proxy-based firewall policy
Full SSL inspection is not required
Video filtering FortiGuard categories are based on web filter FortiGuard categories.

Explanation

Question 55 of 64

An administrator configures outgoing interface any in a firewall policy
What is the result of the policy list view?

Select one or more of the following:

Search option is disabled
Policy lookup is disabled
Interface Pair view is disabled.
By Sequence view is disabled

Explanation

Question 56 of 64

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)

Select one or more of the following:

A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
Heartbeat interfaces have virtual IP addresses that are manually assigned
The primary device in the cluster is alwa ed IP address 16%.254.0.1
Virtual IP addresses are used to distingui een cluster members

Explanation

Question 57 of 64

Refer to the exhibits
The exhibits show a network diagram and firewall configurations
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2.
Remote-User1 must be able to access the Webserver. Remote-User2 must not be able fo access the Webserver.
In this scenario, which two changes can th ator make to deny Webserver access for Remote-User2? (Choose two.)

Select one or more of the following:

Enable match-vip in the Deny policy
Set the Destination address as Webserver in the Deny policy.
Disable match-vip in the Deny policy
Set the Destination address as Deny_IP in the Allow_access policy

Explanation

Question 58 of 64

Refer to the exhibits
The exhibits show a network diagram and firewall
configurations
An administrator created a Deny policy with
default settings to deny Webserver access for
Remote-User2
Remote-User1 must be able to access the
Webserver. Remote-User2 must not be able to
access the Webserver.
In this scenario, which two changes can the
administrator make to deny Webserver access for
Remote-User2? (Choose two )

Select one or more of the following:

Enable match-vip in the Deny policy
Set the Destination address as Webserver in
the Deny policy
Disable match-vip in the Deny policy.
Set the destination address as DENY_IP in the Allow_access policy

Explanation

Question 59 of 64

What are two features of the NGFW policy-based mode? (Choose two)

Select one or more of the following:

NGFW policy-based mode policies support only flow inspection
NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
NGFW policy-based mode does not require the use of central source NAT policy
NGFW policy-based mode can only be applied globally and not on individual VDOMs

Explanation

Question 60 of 64

Refer to the exhibits
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24
The LAN (port3) interface has the IP address 10.0.1.254/24
The administrator disabled the WebServer firewall policy.
Which IP address will be used to source NAT the traffic, if a user with address 10.0.1.10 connects over SSH to the host with address 10.200.3.1?

Select one or more of the following:

10.200.1.10
10.0.1.254
10.200.1.1
10.200.3.1

Explanation

Question 61 of 64

Refer to the exhibits
Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive Bandwidth and Apple filter details
Based on the configuration, what will happen to Apple FaceTime if there are only a few
calls originating or incoming?

Select one of the following:

Apple FaceTime will be allowed, based on the Apple filter configuration.
Apple FaceTime will be allowed, based on the Categories configuration.
Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter
configuration.
Apple FaceTime will be allowed only if the Apple filter in Application and Filter
Overrides is set to Allow.

Explanation

Question 62 of 64

Which statement is correct regarding the security fabric?

Select one of the following:

FortiGate devices must be operating in NAT mode
FortiGate Cloud cannot be used for logging purposes.
FortiManager is one of the required member devices
A minimum of two Fortinet devices is required.

Explanation

Question 63 of 64

Refer to the exhibit
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output shown in the exhibit.

Select one of the following:

Run a sniffer on the web server
Capture the traffic using an external sniffer connected to port1.
Execute another sniffer on FortiGate, this time with the filter "host 10.0.1.10" .
Execute a debug flow

Explanation

Question 64 of 64

Refer to the exhibits Exhibit A
The exhibits show the firewall policies and the objects used in the firewall policies.
The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.
Which policy will be highlighted, based on the input criteria?

Select one of the following:

Policies with ID 2 and 3.
Policy with ID 1.
Policy with ID 4.
Policy with ID 5.

Explanation

Check answer

["https://cdn.goconqr.com/uploads/media/image/50653039/desktop_3772869b-8269-4d5f-a019-918dde182ae8.png","https://cdn.goconqr.com/uploads/media/image/50653090/desktop_23851695-3b55-4a27-905e-af106a9ba625.png","https://cdn.goconqr.com/uploads/media/image/50653092/desktop_1635f21a-a457-4aa6-a72c-d4b425b5c484.png","https://cdn.goconqr.com/uploads/media/image/50653100/desktop_423c3646-3076-40ad-8c50-8817cbf90808.png","https://cdn.goconqr.com/uploads/media/image/50654016/desktop_f246a362-97e2-4781-9fe8-90c4d2e5c69d.png","https://cdn.goconqr.com/uploads/media/image/50653132/desktop_0069be04-856e-4aef-83ff-04231071125d.png","https://cdn.goconqr.com/uploads/media/image/50653136/desktop_5702d794-2f67-47d6-8667-572ee16cd73d.png","https://cdn.goconqr.com/uploads/media/image/50653179/desktop_c9210f54-4d94-4e1c-8f78-685b688eed3c.png","https://cdn.goconqr.com/uploads/media/image/50653199/desktop_0623ab79-f7c0-4117-898f-36e512e6c7b8.png","https://cdn.goconqr.com/uploads/media/image/50653215/desktop_5aaafa33-a17f-43f1-a4f6-b0a38bd06729.png","https://cdn.goconqr.com/uploads/media/image/50654040/desktop_14b7b4f9-b0a8-40c4-9ce2-970162a94c97.png","https://cdn.goconqr.com/uploads/media/image/50653242/desktop_07b4a64c-3b2f-4035-a30d-c45f782ab7f6.png","https://cdn.goconqr.com/uploads/media/image/50653249/desktop_9799be23-984a-454f-9d17-3c29747be278.png","https://cdn.goconqr.com/uploads/media/image/50653805/desktop_6c3b7870-c7c7-4c0c-8ae6-d169d4a3d7d6.png","https://cdn.goconqr.com/uploads/media/image/50654053/desktop_00b22241-92da-405c-a389-2ad1db298e32.png","https://cdn.goconqr.com/uploads/media/image/50654058/desktop_21b710b9-1c27-49ea-b21c-41c2ae9ddc19.png","https://cdn.goconqr.com/uploads/media/image/50653858/desktop_f4560b93-81de-44ed-ac8c-4a067ea8e0a3.png","https://cdn.goconqr.com/uploads/media/image/50654068/desktop_cfc2beeb-2961-4346-a7fa-66790d1df0d7.png","https://cdn.goconqr.com/uploads/media/image/50654071/desktop_44cddf2b-4ad9-4c43-bdce-9fead1d9d67e.png","https://cdn.goconqr.com/uploads/media/image/50654079/desktop_11b27bcd-23e6-4cfc-98b4-f0b9c18b2d27.png","https://cdn.goconqr.com/uploads/media/image/50654084/desktop_d34ac431-20b8-4e76-834f-52f3c5e1d54c.png","https://cdn.goconqr.com/uploads/media/image/50653898/desktop_68a70e60-252c-460d-99e9-0707c960d6e8.png","https://cdn.goconqr.com/uploads/media/image/50653909/desktop_f8e8e0ea-7674-4d03-8abd-a8df6ef1b2b2.png","https://cdn.goconqr.com/uploads/media/image/50654098/desktop_a0dd71f4-a622-4ae2-9ca2-ba0bf7fa5098.png"]

	Created by Lucas Roveda about 1 year ago

Treinamento prova NSE 4 (7.2)

Simulado NSE 4 (7.2)

Question 1 of 64

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway What must the administrator do to achieve this objective?

Select one of the following:

Explanation

Question 2 of 64

What is a reason for triggering IPS fail open?

Select one of the following:

Explanation

Question 3 of 64

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection Which FortiGate configuration can achieve this goal?

Select one of the following:

Explanation

Question 4 of 64

Select one or more of the following:

Explanation

Question 5 of 64

What are two features of collector agent advanced mode? (Choose two.)

Select one or more of the following:

Explanation

Question 6 of 64

Select one of the following:

Explanation

Question 7 of 64

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

Select one of the following:

Explanation

Question 8 of 64

Which three methods are used by the collector agent for AD polling? (Choose three.)

Select one or more of the following:

Explanation

Question 9 of 64

Refer to the exhibit Based on the administrator profile settings. what permissions must the administrator set torun the diagnose firewall auth list CLI command on FortiGate?

Select one of the following:

Explanation

Question 10 of 64

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

Select one or more of the following:

Explanation

Question 11 of 64

What is the primary FortiGate election process when the HA override setting is disabled?

Select one of the following:

Explanation

Question 12 of 64

Refer to the exhibit, which contains a static route configuration An administrator created a static route for Amazon Web Services. Which CLI command must the administrator use to view the route?

Select one of the following:

Explanation

Question 13 of 64

Select one of the following:

Explanation

Question 14 of 64

How can you disable RPF checking?

Select one of the following:

Explanation

Question 15 of 64

You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk What is the default behavior when the local disk is full?

Select one of the following:

Explanation

Question 16 of 64

Which timeout setting can be responsible for deleting SSL VPN associated sessions?

Select one of the following:

Explanation

Question 17 of 64

An administrator wants to simplify remote access without asking users to provide user credentials Which access control method provides this solution?

Select one of the following:

Explanation

Question 18 of 64

Refer to the exhibits The exhibits show a firewall policy (ExhibitA ) and an antivirus profile (Exhibit B) Why is the user unable to receive a block replacement message when downloading an infected file for the first time?

Select one of the following:

Explanation

Question 19 of 64

Refer to the exhibits The exhibits contain a network interface configuration, firewall policies, and a CLI : console configuration How will the FortiGate device handle user authentication for traffic that arrives on the LAN interface?

Select one of the following:

Explanation

Question 20 of 64

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

Select one or more of the following:

Explanation

Question 21 of 64

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway
What must the administrator do to achieve this objective?

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection

Which FortiGate configuration can achieve this goal?

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

Refer to the exhibit
Based on the administrator profile settings. what permissions must the administrator set
torun the diagnose firewall auth list CLI command on FortiGate?

Refer to the exhibit, which contains a static route configuration
An administrator created a static route for Amazon Web Services.
Which CLI command must the administrator use to view the route?

You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk
What is the default behavior when the local disk is full?

An administrator wants to simplify remote access without asking users to provide user credentials
Which access control method provides this solution?

Refer to the exhibits
The exhibits show a firewall policy (ExhibitA ) and an antivirus profile (Exhibit B)
Why is the user unable to receive a block replacement message when downloading an
infected file for the first time?

Refer to the exhibits
The exhibits contain a network interface configuration, firewall policies, and a CLI :
console configuration
How will the FortiGate device handle user authentication for traffic that arrives on the LAN interface?

Refer to the exhibits
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in
the security fabric. After synchronization, this object is not available on the downstream & Qs
FortiGate (ISFW)
What must the administrator do to synchronize the address object?

Refer to the exhibit
The exhibit shows a diagram of a FortiGate device connected to the network and the
firewall policy and IP pool configuration on the FortiGate device
Which two actions does FortiGate take on internet traffic sourced from the subscribers?(Choose two.)

FortiGate is integrated with FortiAnalyzer and FortiManager
When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager?

Refer to the exhibit
Based on the raw log, what can you
conclude from the output? (Choose two.)

Refer to the exhibit
Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit
What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

Refer to the exhibit to view the firewall policy
Why would the firewall policy not block a well-known virus. for example eicar?

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.
What is true about the DNS connection to a FortiGuard server?

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.
What is true about the DNS connection to a FortiGuard server?

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile
Which order must FortiGate use when the web filter profile has features such as safe search enabled?