Fortinet Network Security Expert 6 v7.0 (NSE6)

Page:    1 / 4   
Total 60 questions

Which FortiADC features can be used to harden the device and server security? (Choose two.)

  • A. Web filtering
  • B. FortiGuard IP reputation
  • C. Connection limits
  • D. Antivirus scanning

Answer : B,C

Which protocols can FortiSandbox use to connect to a network file share? (Choose two.)

  • A. FTP
  • B. HTTP
  • C. NFSv2
  • D. CIFS

Answer : A,B

Which devices can receive logs from FortiSandbox? (Choose two.)

  • A. SNMP manager
  • B. FortiAnalyzer
  • C. FortiManager
  • D. FortiGate

Answer : B,D

Which is not a supported captive portal authentication method?

  • A. SMS self-registration
  • B. Facebook authentication
  • C. Apple ID authentication
  • D. MAC address authentication

Answer : D

In transparent mode, when choosing between using the built-in MTA or using the transparent proxy, what difference might be encountered regarding mail routing?

  • A. The transparent proxy can only be enabled on a route mode interface.
  • B. In split-horizon DNS setups, the transparent proxy will get confused and route mail back to the sender.
  • C. The built-in MTA may decide to route the message to a different next-hop MTA.
  • D. The transparent proxy may decide to route the message to a different next-hop MTA.

Answer : D

Which behavior does not exist for certificate revocation lists (CRLs) on FortiAuthenticator?

  • A. All local CAs share the same CRLs
  • B. CRLs can be exported
  • C. Revoked certificates are automatically placed on the CRL
  • D. SCEP can be used to distribute CRLs

Answer : C

Which CLI command on FortiAuthenticator is not used for troubleshooting network connectivity issues?

  • A. ping
  • B. tcpdump
  • C. traceroute
  • D. NTRADPing

Answer : D

Which configuration object in FortiMail would be used to attach the string [SPAM
DETECTED] to the subject header of email messages determined by FortiMail to be spam? (Choose one.)

  • A. Content profile
  • B. Antivirus action profile
  • C. Antispam profile
  • D. Antispam action profile

Answer : A,C

Which Fortinet Single Sign-on (FSSO) user identity discovery method can
FortiAuthenticator use if the device or user identity cannot be established transparently, such as with non-domain BYOD devices?

  • A. External Syslog
  • B. RADIUS accounting
  • C. Active Directory polling
  • D. Portal authentication

Answer : D

Which statements are true about the FortiAuthenticator CLI? (Choose two.)

  • A. The CLI is used for initial configuration, factory resets, and debugging only
  • B. The CLI is accessible through the dashboard of the Web-based manager
  • C. The CLI is accessible through a terminal emulation application using the SSH protocol
  • D. The CLI is used to configure DNS server addresses

Answer : A,C

What mechanism does FortiGate use to avoid sending a file that has been already inspected to FortiSandbox?

  • A. FortiGate sends the file name to FortiGuard. FortiGuard checks if a file with that name has been already inspected.
  • B. FortiGate sends the file name to FortiSandbox. FortiSandbox checks if it has already inspected a file with that name.
  • C. FortiGate sends a hash of the file to FortiSandbox. FortiSandbox checks if it has already inspected a file with that hash.
  • D. FortiGate searches its cache of a list of file names that it has already inspected.

Answer : B

Which two types of digital certificates can you create in FortiAuthenticator? (Choose two.)

  • A. 3rd-party root certificate
  • B. Local services certificate
  • C. User certificate
  • D. CRL

Answer : B,C

Two FortiADC devices from an HA cluster. What information can be synchronized between both FortiADC devices? (Choose three.)

  • A. Layer 4 persistence pickup
  • B. Layer 4 session pickup
  • C. HTTP persistence pickup
  • D. SNMP system information
  • E. RAID settings

Answer : A,B,C

What is the maximum number of sites (or peers) supported in a global load-balancing solution based on FortiADC?

  • A. 32
  • B. 2
  • C. 64
  • D. 256

Answer : D

What actions can a FortiADC take for HTTP traffic that is coming from an IP address that is blacklisted in the FortiGuard IP reputation database? (Choose two.)

  • A. Redirect the traffic to a different URL
  • B. Apply a stricter profile to the traffic
  • C. Forward the traffic to FortiAnalyzer
  • D. Block the traffic

Answer : A,D

Page:    1 / 4   
Total 60 questions