Get all latest (August) Fortinet FCNSP.v5 Actual Test 71-80

Ensurepass

QUESTION 71

SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?

 

A.

The file is buffered by the application proxy.

B.

The file is buffered by the SSL proxy.

C.

In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy.

D.

No file buffering is needed since a stream-based scanning approach is used for SSL content inspection.

 

Correct Answer: A

 

 

QUESTION 72

Which of the following statements is not correct regarding virtual domains (VDOMs)?

 

A.

VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.

B.

A management VDOM handles SNMP, logging, alert email, and FDN-based updates.

C.

A backup management VDOM will synchronize the configuration from an active management VDOM.

D.

VDOMs share firmware versions, as well as antivirus and IPS databases.

E.

Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.

 

Correct Answer: C

QUESTION 73

A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM. What would be a possible cause for this problem?

 

A.

The dmz interface is referenced in the configuration of another VDOM.

B.

The administrator does not have the proper permissions to reassign the dmz interface.

C.

Non-management VDOMs can not reference physical interfaces.

D.

The dmz interface is in PPPoE or DHCP mode.

E.

Reassigning an interface to a different VDOM can only be done through the CLI.

 

Correct Answer: A

 

 

QUESTION 74

You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route. Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)

 

A.

Create one firewall policy.

B.

Create two firewall policies.

C.

Add a route for the remote subnet.

D.

Add a route for incoming traffic.

E.

Create a phase 1 definition.

F.

Create a phase 2 definition.

 

Correct Answer: BCEF

 

 

QUESTION 75

In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?

 

A.

Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server

B.

Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server

C.

Request: Internal Host -> Slave FG -> Internet -> Web Server

D.

Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server

 

Correct Answer: A

 

 

QUESTION 76

The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)

 

A.

An FSAE Collector Agent must be installed on every domain controller.

B.

An FSAE Domain Controller Agent must be installed on every domain controller.

C.

The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.

D.

The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.

E.

For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.

 

Correct Answer: BD

 

 

QUESTION 77

Based on the web filtering configuration illustrated in the exhibit, which one of the following statements is not a reasonable conclusion?

 

clip_image001

 

A.

Users can access both the www.google.com site and the www.fortinet.com site.

B.

When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site.

C.

When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed.

D.

Downloaded content from www.google.com will be scanned for viruses if antivirus is enabled.

 

Correct Answer: B

 

 

QUESTION 78

When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit. Which of the following statements is correct regarding this entry?

 

clip_image003

 

A.

The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.

B.

The entry displays a ban that was triggered by HTTP traffic matching an IPS signature. This client is banned from receiving or sending any traffic through the FortiGate.

C.

The entry displays a quarantine, which could have been added by either IPS or DLP.

D.

This entry displays a ban entry that was added manually by the administrator on June11th.

 

Correct Answer: A

 

 

QUESTION 79

Which of the following statements is correct regarding the FortiGuard Services Web Filtering Override configuration as illustrated in the exhibit?

 

clip_image005

 

A.

Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/.

B.

A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site.

C.

A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs.

D.

A client with an IP address of 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009.

E.

Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ until August 7, 2009.

 

Correct Answer: C

 

 

QUESTION 80

Which of the following features could be used by an administrator to block FTP uploads while still allowing FTP downloads?

 

A.

Anti-Virus File-Type Blocking

B.

Data Leak Prevention

C.

Network Admission Control

D.

FortiClient Check

 

Correct Answer: B

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

 

This entry was posted in FCNSP.v5 Real Exam (August) and tagged , , , , , , . Bookmark the permalink.