Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4 v8.0

Page:    1 / 4   
Exam contains 60 questions

An administrator observes that the port1 interface cannot be configured with an IP address.
What can be the reasons for that? (Choose three.)

  • A. The interface has been configured for one-arm sniffer.
  • B. The interface is a member of a virtual wire pair.
  • C. The operation mode is transparent.
  • D. The interface is a member of a zone.
  • E. Captive portal is enabled in the interface.


Answer : B,C,D

Which statement is true regarding the policy ID numbers of firewall policies?

  • A. Change when firewall policies are re-ordered.
  • B. Defined the order in which rules are processed.
  • C. Are required to modify a firewall policy from the CLI.
  • D. Represent the number of objects used in the firewall policy.


Answer : B

What traffic and attacks can be blocked by a web application firewall (WAF) profile?
(Choose three.)

  • A. Traffic to inappropriate web sites
  • B. SQL injection attacks
  • C. Server information disclosure attacks
  • D. Credit card data leaks
  • E. Traffic to botnet command and control (C&C) servers


Answer : B,C,E

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

  • A. The FortiGate unit’s public IP address
  • B. The FortiGate unit’s internal IP address
  • C. The remote user’s virtual IP address
  • D. The remote user’s public IP address


Answer : B

Which statements about application control are true? (Choose two.)

  • A. Enabling application control profile in a security profile enables application control for all the traffic flowing through the FortiGate.
  • B. It cannot take an action on unknown applications.
  • C. It can inspect encrypted traffic.
  • D. It can identify traffic from known applications, even when they are using non-standard TCP/UDP ports.


Answer : A,D

Which statements about One-to-One IP pool are true? (Choose two.)

  • A. It allows configuration of ARP replies.
  • B. It allows fixed mapping of an internal address range to an external address range.
  • C. It is used for destination NAT.
  • D. It does not use port address translation.


Answer : B,C

View the exhibit.


This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1.

In this scenario. FGT1 has the following routing table:

Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?

  • A. The port1 cable is disconnected.
  • B. The connection is dropped due to reverse path forwarding check.
  • C. The connection is denied due to forward policy check.
  • D. FGT1’s port1 interface is administratively down.


Answer : B

Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

  • A. It is only supported if DC agents are deployed.
  • B. FortiGate can act as an LDAP client configure the group filters.
  • C. It supports monitoring of nested groups.
  • D. It uses the Windows convention for naming, that is, Domain\Username.


Answer : B,D

View the exhibit.


A user behind the FortiGate is trying to go to http://www.addictinggames.com
(Addicting.Games). Based on this configuration, which statement is true?

  • A. Addicting.Games is allowed based on the Application Overrides configuration.
  • B. Addicting.Games is blocked based on the Filter Overrides configuration.
  • C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
  • D. Addicting.Games is allowed based on the Categories configuration.


Answer : D

Which of the following statements about NTLM authentication are correct? (Choose two.)

  • A. It is useful when users log in to DCs that are not monitored by a collector agent.
  • B. It takes over as the primary authentication method when configured alongside FSSO.
  • C. Multi-domain environments require DC agents on every domain controller.
  • D. NTLM-enabled web browsers are required.


Answer : A,C

Which statement about the FortiGuard services for the FortiGate is true?

  • A. Antivirus signatures are downloaded locally on the FortiGate.
  • B. FortiGate downloads IPS updates using UDP port 53 or 8888.
  • C. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
  • D. The web filtering database is downloaded locally on the FortiGate.


Answer : C

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

  • A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  • B. ADVPN is only supported with IKEv2.
  • C. Tunnels are negotiated dynamically between spokes.
  • D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.


Answer : A,C

View the exhibit.



Which of the following statements are correct? (Choose two.)

  • A. This is a redundant IPsec setup.
  • B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  • C. This setup requires at least two firewall policies with action set to IPsec.
  • D. Dead peer detection must be disabled to support this type of IPsec setup.


Answer : A,B

An administrator has configured two VLAN interfaces:


A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the
VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the
DHCP server. What is the cause of the problem?

  • A. Both interfaces must be in different VDOMs
  • B. Both interfaces must have the same VLAN ID.
  • C. The role of the VLAN10 interface must be set to server.
  • D. Both interfaces must belong to the same forward domain.


Answer : B

How does FortiGate verify the login credentials of a remote LDAP user?

  • A. FortiGate sends the user entered credentials to the LDAP server for authentication.
  • B. FortiGate re-generates the algorithm based on the login credentials and compares it against the algorithm stored on the LDAP server.
  • C. FortiGate queries its own database for credentials.
  • D. FortiGate queries the LDAP server for credentials.


Answer : D

Page:    1 / 4   
Exam contains 60 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.