Get all latest (August) Fortinet FCNSP.v5 Actual Test 51-60

Ensurepass

 

QUESTION 51

The following diagnostic output is displayed in the CLI:

 

diag firewall auth list

 

policy id. 9, src. 192.168.3.168, action: accept, timeout: 13427

 

user: forticlient_chk_only, group:

 

flag (80020): auth timeout_ext, flag2 (40): exact

 

group id. 0, av group: 0

 

—– 1 listed, 0 filtered ——

 

Based on this output, which of the following statements is correct?

 

A.

Firewall policy 9 has endpoint compliance enabled but not firewall authentication.

B.

The client check that is part of an SSL VPN connection attempt failed.

C.

This user has been associated with a guest profile as evidenced by the group id of 0.

D.

An auth-keepalive value has been enabled.

 

Correct Answer: A

 

 

QUESTION 52

A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office. The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers. What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?

 

A.

Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

B.

Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

C.

Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.

D.

Dynamic routing protocols cannot be used over IPSec VPN tunnels.

 

Correct Answer: A

 

 

QUESTION 53

Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?

 

A.

TCP connection

B.

File attachments

C.

Message headers

D.

Message body

 

Correct Answer: A

 

QUESTION 54

A FortiClient fails to establish a VPN tunnel with a FortiGate unit.

 

The following information is displayed in the FortiGate unit logs:

 

msg=”Initiator: sent 192.168.11.101 main mode message #1 (OK)”

 

msg=”Initiator: sent 192.168.11.101 main mode message #2 (OK)”

 

msg=”Initiator: sent 192.168.11.101 main mode message #3 (OK)”

 

msg=”Initiator: parsed 192.168.11.101 main mode message #3 (DONE)”

 

msg=”Initiator: sent 192.168.11.101 quick mode message #1 (OK)”

 

msg=”Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa”

 

msg=”Initiator: sent 192.168.11.101 quick mode message #2 (DONE)”

 

msg=”Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5″

 

msg=”Failed to acquire an IP address

 

Which of the following statements is a possible cause for the failure to establish the VPN tunnel?

 

A.

An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.

B.

There is no IPSec firewall policy configured for the policy-based VPN.

C.

There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.

D.

The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.

 

Correct Answer: A

 

 

QUESTION 55

An administrator is examining the attack logs and notices the following entry:

 

type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192.168.1.100 src_port=80 dst_port=4887 src_int=wlan dst_int=internal status=detected proto=6 service=4887/tcp user=N/A group=N/A msg=web_client: IE.IFRAME.BufferOverflow.B

 

Based on the information displayed in this entry, which of the following statements are correct? (Select all that apply.)

 

A.

This is an HTTP server attack.

B.

The attack was detected and blocked by the FortiGate unit.

C.

The attack was against a FortiGate unit at the 192.168.1.100 IP address.

D.

The attack was detected and passed by the FortiGate unit.

 

Correct Answer: CD

 

 

 

 

QUESTION 56

When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?

 

A.

Common Name

B.

Organization

C.

Organizational Unit

D.

Serial Number

E.

Validity

 

Correct Answer: A

 

 

QUESTION 57

Which of the following statements is correct based on the firewall configuration illustrated in the exhibit?

 

clip_image002

 

A.

A user can access the Internet using only the protocols that are supported by user authentication.

B.

A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access.

C.

A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.

D.

A user cannot access the Internet using any protocols unless the user has passed firewall authentication.

 

Correct Answer: D

 

 

QUESTION 58

Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?

 

A.

The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out.

B.

The proxy sends the file to the server while simultaneously buffering it.

C.

The proxy removes the infected file from the server by sending a delete command on behalf of the client.

D.

If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.

 

Correct Answer: A

 

 

 

QUESTION 59

A static route is configured for a FortiGate unit from the CLI using the following commands:

 

config router static

 

edit 1

 

set device “wan1”

 

set distance 20

 

set gateway 192.168.100.1

 

next

 

end

 

Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit’s routing table?

 

A.

The Administrative Status of the wan1 interface is displayed as Up.

B.

The Link Status of the wan1 interface is displayed as Up.

C.

All other default routes should have an equal or higher distance.

D.

You must disable DHCP client on that interface.

 

Correct Answer: D

 

 

QUESTION 60

Which of the following must be configured on a FortiGate unit to redirect content requests to remote web cache servers?

 

A.

WCCP must be enabled on the interface facing the Web cache.

B.

You must enabled explicit Web-proxy on the incoming interface.

C.

WCCP must be enabled as a global setting on the FortiGate unit.

D.

WCCP must be enabled on all interfaces on the FortiGate unit through which HTTP traffic is passing.

 

Correct Answer: A

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in FCNSP.v5 Real Exam (August) and tagged , , , , , , . Bookmark the permalink.