All About Exact NSE4-5.4 pdf

New Questions 4

What step is required to configure an SSL VPN to access to an internal server using port forward mode?

A. Configure the virtual IP addresses to be assigned to the SSL VPN users.

B. Install FortiClient SSL VPN client

C. Create a SSL VPN realm reserved for clients using port forward mode.

D. Configure the client application to forward IP traffic to a Java applet proxy.

View Answer

New Questions 5

An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?

A. The administrator is running the sniffer on the internal interface only.

B. The filter used in the sniffer matches the traffic only in one direction.

C. The FortiGate is doing content inspection.

D. TCP traffic is being offloaded to an NP6.

View Answer

New Questions 6

Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

A. Trusted host

B. HTTPS

C. Trusted authentication

D. SSH

E. FortiTelemetry

View Answer

New Questions 7

An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

A. A phase 2 configuration is not required.

B. This VPN cannot be used as part of a hub and spoke topology.

C. The IPsec firewall policies must be placed at the top of the list.

D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

View Answer

New Questions 8

An administrator has enabled proxy-based antivirus scanning and configured the following settings:

Which statement about the above configuration is true?

A. Files bigger than 10 MB are not scanned for viruses and will be blocked.

B. FortiGate scans only the first 10 MB of any file.

C. Files bigger than 10 MB are sent to the heuristics engine for scanning.

D. FortiGate scans the files in chunks of 10 MB.

View Answer

New Questions 9

View the example routing table.

Which route will be selected when trying to reach 10.20.30.254?

A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2

B. The traffic will be dropped because it cannot be routed.

C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3

D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1

View Answer

New Questions 10

Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)

A. IPv6

B. RIP

C. GRE

D. NAT64

View Answer

New Questions 11

Which statement is true regarding the policy ID numbers of firewall policies?

A. Change when firewall policies are re-ordered.

B. Defines the order in which rules are processed.

C. Are required to modify a firewall policy from the CLI.

D. Represent the number of objects used in the firewall policy.

View Answer

New Questions 12

Which of the following statements about central NAT are true? (Choose two.)

A. IP tool references must be removed from existing firewall policies before enabling central NAT.

B. Central NAT can be enabled or disabled from the CLI only.

C. Source NAT, using central NAT, requires at least one central SNAT policy.

D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.

View Answer

New Questions 13

Examine the routing database.

Which of the following statements are correct? (Choose two.)

A. The port3 default route has the lowest metric, making it the best route.

B. There will be eight routes active in the routing table.

C. The port3 default has a higher distance than the port1 and port2 default routes.

D. Both port1 and port2 default routers are active in the routing table.

View Answer