[Free] Download New Latest (January 2016) Fortinet NSE4 Real Exam 71-80

Ensurepass

QUESTION 71

In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

 

A.

Request: internal host; slave FortiGate; master FortiGate; Internet; web server.

B.

Request: internal host; slave FortiGate; Internet; web server.

C.

Request: internal host; slave FortiGate; master FortiGate; Internet; web server.

D.

Request: internal host; master FortiGate; slave FortiGate; Internet; web server.

 

Correct Answer: D

 

 

QUESTION 72

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. Which one of the following is the most likely reason that the cluster fails to form?

 

Exhibit A:

clip_image001

 

Exhibit B

clip_image002

 

A.

Password

B.

HA mode

C.

Hearbeat

D.

Override

 

Correct Answer: B

 

 

 

 

 

QUESTION 73

In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below. Which statements are correct regarding this setting? (Choose two.)

 

clip_image004

 

A.

Interface settings on port7 will not be synchronized with other cluster members.

B.

The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.

C.

When connecting to port7 you always connect to the master device.

D.

A gateway address may be configured for port7.

 

Correct Answer: AD

 

 

QUESTION 74

The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members. What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.)

 

clip_image006

 

A.

Port3 is configured with an IP address for management access.

B.

The firewall rules are purged on the disconnected unit.

C.

The HA mode changes to standalone.

D.

The system hostname is set to the unit serial number.

 

Correct Answer: AC

 

 

QUESTION 75

Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled?

 

A.

1. port monitor, 2. unit priority, 3. up time, 4. serial number.

B.

1. port monitor, 2. up time, 3. unit priority, 4. serial number.

C.

1. unit priority, 2. up time, 3. port monitor, 4. serial number.

D.

1. up time, 2. unit priority, 3. port monitor, 4. serial number.

 

Correct Answer: B

 

 

QUESTION 76

Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.)

 

A.

The device this command is executed on is likely to switch from master to slave status if override is disabled.

B.

The device this command is executed on is likely to switch from master to slave status if override is enabled.

C.

This command has no impact on the HA algorithm.

D.

This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

 

Correct Answer: AD

 

 

QUESTION 77

What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.)

 

A.

Enable session pick-up.

B.

Enable override.

C.

Connections must be UDP or ICMP.

D.

Connections must not be handled by a proxy.

 

Correct Answer: AD

 

 

QUESTION 78

Review the static route configuration for IPsec shown in the exhibit; then answer the question below. Which statements are correct regarding this configuration? (Choose two.)

 

clip_image008

 

A.

Interface remote is an IPsec interface.

B.

A gateway address is not required because the interface is a point-to-point connection.

C.

A gateway address is not required because the default route is used.

D.

Interface remote is a zone.

 

Correct Answer: AB

 

QUESTION 79

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. Which statements is correct regarding this output?

 

clip_image010

 

A.

One tunnel is rekeying.

B.

Two tunnels are rekeying.

C.

Two tunnels are up.

D.

One tunnel is up.

 

Correct Answer: C

 

 

QUESTION 80

Which statement is an advantage of using a hub and spoke IPsec VPN configuration instead of a fully-meshed set of IPsec tunnels?

 

A.

Using a hub and spoke topology provides full redundancy.

B.

Using a hub and spoke topology requires fewer tunnels.

C.

Using a hub and spoke topology uses stronger encryption protocols.

D.

Using a hub and spoke topology requires more routes.

 

Correct Answer: B

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …