Achieve New Updated (September) Fortinet NSE4 Examination questions Topic 4, Firewall Authentication

Ensurepass

Topic 4, Firewall Authentication

 

 

QUESTION 18  (Topic 4)

 

 

 

 

Which two statements are true regarding firewall policy disclaimers? (Choose two.)

 

A.

They cannot be used in combination with user authentication.

B.

They can only be applied to wireless interfaces.

C.

Users must accept the disclaimer to continue.

D.

The disclaimer page is customizable.

 

Answer: CD

 

 

QUESTION 19  (Topic 4)

 

Which statement regarding the firewall policy authentication timeout is true?

 

A.

It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP.

B.

It is a hard timeout. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired.

C.

It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC.

D.

It is a hard timeout. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired.

 

Answer: A

 

 

QUESTION 20  (Topic 4)

 

What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.)

 

A.

Browser pop-up window.

B.

FortiToken.

C.

Email.

D.

Code books.

E.

SMS phone message.

 

Answer: BCE

 

 

QUESTION 21  (Topic 4)

 

 

 

 

When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)

 

A.

SMTP

B.

POP3

C.

HTTP

D.

FTP

 

Answer: CD

 

 

QUESTION 22  (Topic 4)

 

The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.

 

clip_image002

 

Based on the firewall configuration illustrated in the exhibit, which statement is correct?

 

A.

< p class="MsoNormal" style="margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.

B.

A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.

C.

A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.

D.

DNS Internet access is always allowed, even for users that has not authenticated.

 

Answer: D

 

 

QUESTION 23  (Topic 4)

 

Which statements are true regarding local user authentication? (Choose two.)

 

 

 

 

 

A.

Two-factor authentication can be enabled on a per user basis.

B.

Local users are for administration accounts only and cannot be used to authenticate network users.

C.

Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate.

D.

Both the usernames and passwords can be stored locally on the FortiGate

 

Answer: AD

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in NSE4 Examination questions (September) and tagged , , , , , , . Bookmark the permalink.