[Free] Download New Latest (January 2016) Fortinet NSE4 Real Exam 11-20

Ensurepass

QUESTION 11

Regarding the header and body sections in raw log messages, which statement is correct?

 

A.

The header and body section layouts change depending on the log type.

B.

The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type.

C.

Some log types include multiple body sections.

D.

Some log types do not include a body section.

 

Correct Answer: B

 

 

QUESTION 12

For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?

 

A.

The traffic is allowed and no log is generated.

B.

The traffic is allowed and logged.

C.

The traffic is blocked and no log is generated.

D.

The traffic is blocked and logged.

 

Correct Answer: C

 

 

QUESTION 13

Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)

 

A.

IP address pool.

B.

Virtual IP address.

C.

IP address.

D.

IP address group.

E.

MAC address.

 

Correct Answer: BCD

QUESTION 14

Which header field can be used in a firewall policy for traffic matching?

 

A.

ICMP type and code.

B.

DSCP.

C.

TCP window size.

D.

TCP sequence number.

 

Correct Answer: A

 

 

QUESTION 15

The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?

 

A.

set order

B.

edit policy

C.

reorder

D.

move

 

Correct Answer: D

 

 

QUESTION 16

Examine the following CLI configuration:

 

config system session-ttl

 

set default 1800

 

end

 

What statement is true about the effect of the above configuration line?

 

A.

Sessions can be idle for no more than 1800 seconds.

B.

The maximum length of time a session can be open is 1800 seconds.

C.

After 1800 seconds, the end user must re-authenticate.

D.

After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

 

Correct Answer: A

 

 

QUESTION 17

In which order are firewall policies processed on a FortiGate unit?

 

A.

From top to down, according with their sequence number.

B.

From top to down, according with their policy ID number.

C.

Based on best match.

D.

Based on the priority value.

 

Correct Answer: A

 

QUESTION 18

Which statements are true regarding local user authentication? (Choose two.)

 

A.

Two-factor authentication can be enabled on a per user basis.

B.

Local users are for administration accounts only and cannot be used to authenticate network users.

C.

Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate.

D.

Both the usernames and passwords can be stored locally on the FortiGate

 

Correct Answer: AD

 

 

QUESTION 19

What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.)

 

A.

Browser pop-up window.

B.

FortiToken.

C.

Email.

D.

Code books.

E.

SMS phone message.

 

Correct Answer: BCE

 

 

QUESTION 20

The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below. Based on the firewall configuration illustrated in the exhibit, which statement is correct?

 

clip_image001

 

A.

A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.

B.

A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.

C.

A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.

D.

DNS Internet access is always allowed, even for users that has not authenticated.

 

Correct Answer: D

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …