[Free] Download New Latest (January 2016) Fortinet NSE4 Real Exam 61-70

Ensurepass

QUESTION 61

Examine the exhibit; then answer the question below.

 

clip_image002

 

The Vancouver FortiGate initially had the following information in its routing table:

 

S 172.20.0.0/16 [10/0] via 172.21.1.2, port2

 

C 172.21.0.0/16 is directly connected, port2

 

C 172.11.11.0/24 is directly connected, port1

 

Afterwards, the following static route was added:

 

config router static

 

edit 6

 

set dst 172.20.1.0 255.255.255.0

 

set pririoty 0

 

set device port1

 

set gateway 172.11.12.1

 

next

 

end

 

Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

 

A.

The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.

B.

The ‘gateway’ IP address is NOT in the same subnet as the IP address of port1.

C.

The priority is 0, which means that the route will remain inactive.

D.

The static route configuration is missing the distance setting.

 

Correct Answer: B

 

 

 

 

 

 

 

 

 

QUESTION 62

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. What would be a possible cause for this problem?

 

A.

The administrator does not have the proper permissions to reassign the dmz interface.

B.

The dmz interface is referenced in the configuration of another VDOM.

C.

Non-management VDOMs cannot reference physical interfaces.

D.

The dmz interface is in PPPoE or DHCP mode.

 

Correct Answer: B

 

 

QUESTION 63

A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface. Which one of the following statements is correct regarding the VLAN IDs in this scenario?

 

A.

The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.

B.

The two VLAN sub-interfaces must have different VLAN IDs.

C.

The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.

D.

The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

 

Correct Answer: B

 

 

QUESTION 64

Which statements are correct for port pairing and forwarding domains? (Choose two.)

 

A.

They both create separate broadcast domains.

B.

Port Pairing works only for physical interfaces.

C.

Forwarding Domain only applies to virtual interfaces.

D.

They may contain physical and/or virtual interfaces.

 

Correct Answer: AD

 

 

QUESTION 65

In transparent mode, forward-domain is an CLI setting associate with ______________.

 

A.

a static route.

B.

a firewall policy.

C.

an interface.

D.

a virtual domain.

 

Correct Answer: C

 

 

 

QUESTION 66

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.)

 

clip_image004

 

A.

The administrator can configure inter-VDOM links to avoid using external interfaces and routers.

B.

As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links.

C.

This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing.

D.

Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.

E.

As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.

 

Correct Answer: ABE

 

 

 

 

 

 

 

 

QUESTION 67

Which statements correctly describe transparent mode operation? (Choose three.)

 

A.

The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

B.

Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.

C.

The transparent FortiGate is clearly visible to network hosts in an IP trace route.

D.

Permits inline traffic inspection and firewalling without changing the IP scheme of the network.

E.

All interfaces of the transparent mode FortiGate device must be on different IP subnets.

 

Correct Answer: ABD

 

 

QUESTION 68

Examine the following spanning tree configuration on a FortiGate in transparent mode:

 

config system interface

 

edit <interface name>

 

set stp-forward enable

 

end

 

Which statement is correct for the above configuration?

 

A.

The FortiGate participates in spanning tree.

B.

The FortiGate device forwards received spanning tree messages.

C.

Ethernet layer-2 loops are likely to occur.

D.

The FortiGate generates spanning tree BPDU frames.

 

Correct Answer: B

 

 

QUESTION 69

Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device. Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)

 

Exhibit A:

clip_image006

 

Exhibit B:

clip_image008

 

A.

STUDENT is likely to be the master device.

B.

Session-pickup is likely to be enabled.

C.

The cluster mode is active-passive.

D.

There is not enough information to determine the cluster mode.

 

Correct Answer: AD

 

QUESTION 70

An administrator has formed a high availability cluster involving two FortiGate units.

 

[ Multiple upstream Layer 2 switches] — [ FortiGate HA Cluster ] — [ Multiple downstream Layer 2 switches ]

 

The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.

 

Which of the following options describes the best step the administrator can take?

 

The administrator should _____________________.

 

A.

Increase the number of FortiGate units in the cluster and configure HA in active-active mode.

B.

Enable monitoring of all active interfaces.

C.

Set up a full-mesh design which uses redundant interfaces.

D.

Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.

 

Correct Answer: C

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in NSE4 Real Exam (January 2016) and tagged , , , , , , . Bookmark the permalink.