[Free] Download New Latest (January 2016) Fortinet NSE4 Real Exam 31-40

Ensurepass

QUESTION 31

An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

 

A.

Create firewall policies to allow and control traffic between the source and destination IP addresses.

B.

Configure the appropriate user groups to allow users access to the tunnel.

C.

Set the operating mode to IPsec VPN mode.

D.

Define the phase 2 parameters.

E.

Define the Phase 1 parameters.

 

Correct Answer: ADE

 

 

 

 

QUESTION 32

What is IPsec Perfect Forwarding Secrecy (PFS)?

 

A.

A phase-1 setting that allows the use of symmetric encryption.

B.

A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.

C.

A `key-agreement’ protocol.

D.

A `security-association-agreement’ protocol.

 

Correct Answer: B

 

 

QUESTION 33

An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

 

A.

The IPsec firewall policies must be placed at the top of the list.

B.

This VPN cannot be used as part of a hub and spoke topology.

C.

Routes are automatically created based on the quick mode selectors.

D.

A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

 

Correct Answer: D

 

 

QUESTION 34

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which are two reasons for this problem? (Choose two.)

 

A.

The FortiGate is connected to multiple ISPs.

B.

There is a NAT device between the FortiGate and the FortiGuard Distribution Network.

C.

The FortiGate is in Transparent mode.

D.

The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.

 

Correct Answer: BD

 

 

QUESTION 35

Which statement is correct regarding virus scanning on a FortiGate unit?

 

A.

Virus scanning is enabled by default.

B.

Fortinet customer support enables virus scanning remotely for you.

C.

Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.

D.

Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.

 

Correct Answer: C

 

 

QUESTION 36

Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols?

 

A.

Proxy-based.

B.

DNS-based.

C.

Flow-based.

D.

Man-in-the-middle.

 

Correct Answer: C

 

 

QUESTION 37

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)

 

A.

Manual update by downloading the signatures from the support site.

B.

Pull updates from the FortiGate.

C.

Push updates from a FortiAnalyzer.

D.

execute fortiguard-AV-AS command from the CLI.

 

Correct Answer: AB

 

 

QUESTION 38

Examine the exhibit; then answer the question below. Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

 

clip_image002

 

A.

They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network.

B.

They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.

C.

They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network.

D.

They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network.

 

Correct Answer: D

 

 

 

QUESTION 39

Which statements regarding banned words are correct? (Choose two.)

 

A.

Content is automatically blocked if a single instance of a banned word appears.

B.

The FortiGate updates banned words on a periodic basis.

C.

The FortiGate can scan web pages and email messages for instances of banned words.

D.

Banned words can be expressed as simple text, wildcards and regular expressions.

 

Correct Answer: CD

 

 

QUESTION 40

Examine the following FortiGate web proxy configuration; then answer the question below:

 

config web-proxy explicit

 

set pac-file-server-status enable

 

set pac-file-server-port 8080

 

set pac-file-name wpad.dat

 

end

 

Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet browser use to download the PAC file?

 

A.

https://10.10.1.1:8080

B.

https://10.10.1.1:8080/wpad.dat

C.

http://10.10.1.1:8080/

D.

http://10.10.1.1:8080/wpad.dat

 

Correct Answer: D

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in NSE4 Real Exam (January 2016) and tagged , , , , , , . Bookmark the permalink.