Fortinet Network Security Expert 4 v12.0 (NSE4)

Page:    1 / 21   
Total 304 questions

Which user group types does FortiGate support for firewall authentication? (Choose three.)

  • A. RSSO
  • B. Firewall
  • C. LDAP
  • D. NTLM
  • E. FSSO


Answer : A,B,E

Which of the following settings can be configured per VDOM? (Choose three)

  • A. Operating mode (NAT/route or transparent)
  • B. Static routes
  • C. Hostname
  • D. System time
  • E. Firewall Policies


Answer : A,B,E

Which best describes the mechanism of a TCP SYN flood?

  • A. The attackers keeps open many connections with slow data transmission so that other clients cannot start new connections.
  • B. The attackers sends a packets designed to sync with the FortiGate
  • C. The attacker sends a specially crafted malformed packet, intended to crash the target by exploiting its parser.
  • D. The attacker starts many connections, but never acknowledges to fully form them.


Answer : D

What attributes are always included in a log header? (Choose three.)

  • A. policyid
  • B. level
  • C. user
  • D. time
  • E. subtype
  • F. duration


Answer : B,D,E

When does a FortiGate load-share traffic between two static routes to the same destination subnet?

  • A. When they have the same cost and distance.
  • B. When they have the same distance and the same weight.
  • C. When they have the same distance and different priority.
  • D. When they have the same distance and same priority.


Answer : D

Which statement is in advantage of using a hub and spoke IPsec VPN configuration instead of a fully-meshed set of IPsec tunnels?

  • A. Using a hub and spoke topology provides full redundancy.
  • B. Using a hub and spoke topology requires fewer tunnels.
  • C. Using a hub and spoke topology uses stronger encryption protocols.
  • D. Using a hub and spoke topology requires more routes.


Answer : B

An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

  • A. The IPsec firewall policies must be placed at the top of the list.
  • B. This VPN cannot be used as a part of a hub and spoke topology.
  • C. Routes are automatically created based on the quick mode selectors.
  • D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.


Answer : D

Which of the following email spam filtering features is NOT supported on a FortiGate unit?

  • A. Multipurpose Internet Mail Extensions (MIME) Header Check
  • B. HELO DNS Lookup
  • C. Greylisting
  • D. Banned Word


Answer : C

Which IPSec mode includes the peer id information in the first packet?

  • A. Main mode.
  • B. Quick mode.
  • C. Aggressive mode.
  • D. IKEv2 mode.


Answer : C

What actions are possible with Application Control? (Choose three.)

  • A. Warn
  • B. Allow
  • C. Block
  • D. Traffic Shaping
  • E. Quarantine


Answer : B,C,D

Which is not a FortiGate feature?

  • A. Database auditing
  • B. Intrusion prevention
  • C. Web filtering
  • D. Application control


Answer : A

In FortiOS session table output, what is the correct proto_state number for an established, non-proxied TCP connection?

  • A. 00
  • B. 11
  • C. 01
  • D. 05


Answer : C

A FortiGate devices is configured with four VDOMs: 'root' and 'vdom1' are in NAT/route mode; 'vdom2' and 'vdom2' are in transparent mode. The management VDOM is 'root'.
Which of the following statements are true? (Choose two.)

  • A. An inter-VDOM link between 'root' and 'vdom1' can be created.
  • B. An inter-VDOM link between 'vdom1' and vdom2' can created.
  • C. An inter-VDOM link between 'vdom2' and vdom3' can created.
  • D. Inter-VDOM link links must be manually configured for FortiGuard traffic.


Answer : A,B

Examine the following log message attributes and select two correct statements from the list below. (Choose two.) hostname=www.youtube.com profiletype="Webfilter_Profile" profile="default" status="passthrough" msg="URL belongs to a category with warnings enabled"

  • A. The traffic was blocked.
  • B. The user failed authentication.
  • C. The category action was set to warning.
  • D. The website was allowed


Answer : C,D

Which of the following statements are true about PKI users created in a FortiGate device?
(Choose two.)

  • A. Can be used for token-based authentication
  • B. Can be used for two-factor authentication
  • C. Are used for certificate-based authentication
  • D. Cannot be members of user groups


Answer : A,B

Page:    1 / 21   
Total 304 questions