[Free] Download New Latest (January 2016) Fortinet NSE4 Real Exam 51-60

Ensurepass

QUESTION 51

A static route is configured for a FortiGate unit from the CLI using the following commands:

 

config router static

 

edit 1

 

set device “wan1”

 

set distance 20

 

set gateway 192.168.100.1

 

next

 

end

 

Which of the following conditions are required for this static default route to be displayed in the FortiGate unit’s routing table? (Choose two.)

 

A.

The administrative status of the wan1 interface is displayed as down.

B.

The link status of the wan1 interface is displayed as up.

C.

All other default routes should have a lower distance.

D.

The wan1 interface address and gateway address are on the same subnet.

 

Correct Answer: BD

 

 

QUESTION 52

When does a FortiGate load-share traffic between two static routes to the same destination subnet?

 

A.

When they have the same cost and distance.

B.

When they have the same distance and the same weight.

C.

When they have the same distance and different priority.

D.

When they have the same distance and same priority.

 

Correct Answer: D

 

 

QUESTION 53

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?

 

A.

A lookup is done only when the first packet coming from the client (SYN) arrives.

B.

A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.

C.

Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).

D.

A lookup is always done each time a packet arrives, from either the server or the client side.

 

Correct Answer: B

 

 

 

QUESTION 54

Examine the static route configuration shown below; then answer the question following it.

 

config router static

 

edit 1

 

set dst 172.20.1.0 255.255.255.0

 

set device port1

 

set gateway 17
2.11.12.1

 

set distance 10

 

set weight 5

 

next

 

edit 2

 

set dst 172.20.1.0 255.255.255.0

 

set blackhole enable

 

set distance 5

 

set weight 10

 

next

 

end

 

Which of the following statements correctly describes the static routing configuration provided? (Choose two.)

 

A.

All traffic to 172.20.1.0/24 is dropped by the FortiGate.

B.

As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route.

C.

The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route.

D.

The FortiGate unit creates a session entry in the session table when the traffic is being routed by the blackhole route.

 

Correct Answer: AC

 

 

 

 

 

 

 

 

 

 

QUESTION 55

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.

 

config router static

 

edit 1

 

set dst 172.20.168.0 255.255.255.0

 

set distance 20

 

set priority 10

 

set device port1

 

next

 

edit 2

 

set dst 172.20.168.0 255.255.255.0

 

set distance 20

 

set priority 20

 

set device port2

 

next

 

end

 

Which of the following statements correctly describes the static routing configuration provided above?

 

A.

The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.

B.

The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.

C.

The FortiGate sends all the traffic to 172.20.168.0/24 through port1.

D.

Only the route that is using port1 will show up in the routing table.

 

Correct Answer: C

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 56

Examine the exhibit below; then answer the question following it.

 

clip_image002

 

In this scenario, the FortiGate unit in Ottawa has the following routing table:

 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2

 

C 172.20.167.0/24 is directly connected, port1

 

C 172.20.170.0/24 is directly connected, port2

 

Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets?

 

A.

The forward policy check.

B.

The reverse path forwarding check.

C.

The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate’s routing table.

D.

The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.

 

Correct Answer: B

 

 

QUESTION 57

A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs?

 

A.

The FortiGate must be a model 1000 or above to support multiple VDOMs.

B.

A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled.

C.

Changing the operational mode of a VDOM requires a reboot of the FortiGate.

D.

The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes.

 

Correct Answer: D

 

 

 

 

 

 

QUESTION 58

Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it. Which two statements are correct regarding this output? (Choose two.)

 

clip_image004

 

A.

There will be six routes in the routing table.

B.

There will be seven routes in the routing table.

C.

There will be two default routes in the routing table.

< /td>

D.

There will be two routes for the 10.0.2.0/24 subnet in the routing table.

 

Correct Answer: AC

 

 

QUESTION 59

Which statements are correct regarding virtual domains (VDOMs)? (Choose two.)

 

A.

VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs.

B.

A management VDOM handles SNMP, logging, alert email, and FDN-based updates.

C.

VDOMs share firmware versions, as well as antivirus and IPS databases.

D.

Different time zones can be configured in each VDOM.

 

Correct Answer: BC

 

 

QUESTION 60

A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following settings will this administrator be able to configure? (Choose two.)

 

A.

Firewall addresses.

B.

DHCP servers.

C.

FortiGuard Distribution Network configuration.

D.

System hostname.

 

Correct Answer: AB

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in NSE4 Real Exam (January 2016) and tagged , , , , , , . Bookmark the permalink.