Fortinet

10/6/2019 Examen NSE4
Examen NSE4 Puntos totales 120/150
Se ha registrado la dirección de correo electrónico del encuestado (a41666173@ingenio.edu.pe) al

enviar este formulario.
Puntuación de la sección 120/150
Which statement about tra c ow in an active-active HA 10/10
cluster is true?
The SYN packet from the client always arrives at the primary device
rst.
The secondary device responds to the primary device with a SYN/ACK,

then the primary device forwards the SYN/ACK to the client.
All FortiGate devices are assigned the same virtual MAC addresses for the
HA heartbeat interfaces to redistribute to the sessions.
The ACK from the client is received on the physical MAC address of the
primary device.
What methods can be used to deliver the token code to a 10/10
user who is con gured to use two-factor authentication?

(Choose three.)
Email
FortiToken
SMS text message
Voicemail message
Instant message app
https://docs.google.com/forms/d/e/1FAIpQLSdUWPXXCPw1jeg4hF9jQXJWAn9jRGtEpoBuJNQPT4mm0k23qQ/viewscore?viewscore=AE0zAgA… 1/8
Which of the following statements are true regarding the SD- 10/10
WAN feature on FortiGate? (Choose two.)
Each member interface requires its own rewall policy to allow tra c.
FortiGate supports only one SD-WAN interface per VDOM.
SD-WAN provides route failover protection, but cannot load-balance tra c.
An SD-WAN static route does not require a next-hop gateway IP

address.
Which of the following are differences between IPsec main 10/10
mode and IPsec aggressive mode? (Choose two.)

Six packets are usually exchanged during main mode, while only three
packets are exchanged during aggressive mode.
The rst packet of aggressive mode contains the peer ID, while the rst
packet of main mode does not.
Aggressive mode supports XAuth, while main mode does not.
Main mode cannot be used for dialup VPNs, while aggressive mode can.
Which of the following are valid actions for static URL 10/10
ltering? (Choose three.)
Block
Exempt
Warning
Shape
Allow
View the exhibit. What does this raw log indicate? (Choose 0/10
two.)
FortiGate allowed the tra c to pass.
10.0.1.10 is the IP address for *.cdn.mozilla.net.
Tra c originated from 13.32.69.150.
Tra c matches the application pro le on rewall policy ID 1.
Respuesta correcta
FortiGate allowed the tra c to pass.
Tra c matches the application pro le on rewall policy ID 1.
Which of the following settings and protocols can be used to 10/10

provide secure and restrictive administrative access to
FortiGate? (Choose three.)
Trusted Host
SSH
Trusted authentication
HTTPS
FortiTelemetry
Which statement about the FortiGuard services for the 10/10
FortiGate is true?
Antivirus signatures are downloaded locally on the FortiGate
FortiGate downloads IPS updates using UPD port 53 or 8888
FortiAnalyzer can be con gured as a local FDN to provide antivirus and IPS
updates
The web ltering database is downloaded locally on the FortiGate
What is the purpose of the "Policy Lookup" feature? 10/10
It searches the matching policy based on an input criteria
It enables hidden security pro les with full logging capabilities and
generates "Learning Reports" bases on an input criteria
It nds duplicate objects in rewall policies
It creates a new rewall policy based on an input criteria
How does FortiGate look for a matching rewall policy to 10/10
process tra c?
From top to bottom, based on the sequence numbers
Based on best match
From top to bottom, based on the policy ID numbers
From lower to higher, based on the priority value
An administrator needs to be able to view logs for 10/10
application usage on your network. What con gurations are

required to ensure that FortiGate generates logs for
application usage activity? (Choose two.)
Enable a web ltering pro le on the rewall policy
Create an application control policy
Enable logging on the rewall policy
Enable an application control security pro le on the rewall policy
Which statement is true regarding the policy ID numbers of 10/10
rewall policies?
Change when rewall policies are re-ordered
De nes the order in which rules are processed
Are required to modify a rewall policy from the CLI
Represent the number of objects used in the rewall policy
Under what circumstance would you enable LEARN as the 0/10
Action on a rewall policy?

You want FortiGate to compile security feature activity from various
security-related logs, such as vitus and attack logs
You want FortiGate to monitor a speci c security pro le in a rewall

policy, and provide recommendations for that pro le.
You want to capture data accross all tra c and security vectors, and
receive learning logs and a report with recommendations.
You want FortiGate to automatically modify your rewall policies as it

learns your networking behavior.
Respuesta correcta
You want to capture data accross all tra c and security vectors, and
receive learning logs and a report with recommendations.
Which of the following statements about the FortiGate 0/10
application control database are true? (Choose two.)

The application control database is part of the IPS signatures database.
The application control database updates are included in the free

FortiGuard service.
The application control database uses TCP port 53 for downloads.
The application control database uses a hierarchical structure to

organize application signatures.
Respuesta correcta
The application control database is part of the IPS signatures

database.
The application control database uses a hierarchical structure to

organize application signatures.
Which of the following statements about antivirus scanning 10/10
in proxy-based inspection mode are true? (Choose two.)

If a virus is detected, a block replacement message is displayed
immediately.
FortiGate sends a reset packet to the client if antivirus reports the le as

infected.
A le does not need to be buffered completely before it is moved to the

antivirus engine for scanning.
The client must wait for the antivirus scan to nish scanning before it
receives the le.
Explicar las diferencias entre Distancia, Metrica y Prioridad en

Rutas
La métrica es el criterio por el cual los routers determinan la mejor ruta dentro de
un protocolo de enrutamiento determinado.
La distancia administrativa será el que termine llenando la tabla de enrutamiento.
Explicar las diferencias entre una VPN basada en políticas y una

en rutas
Basado en Politicas: No hay interfaces de túnel por ende no podemos tener
enrutamiento sobre VPNs.
Basado en rutas: Tiene soporte de enrutamiento sobre VPNs.
Explicar diferencia entre Policy NAT y Central NAT

Central NAT permite de nir y controlar con mayor granularidad, la traducción de
direcciones realizada por la unidad FortiGate.
Policy NAT el NAT de salida se de ne en la política.
Explicar diferencias entre modo NAT y modo Transparente

Modo Nat funciona como router y Modo Transparente trabaja en modo switch
Explicar diferencias entre modo de inspección ow y proxy

Modo ow : Este modo de inspección no re-emsambla el chero completo y por
lo tanto depende de rmas y checksums para analizar los paquetes, y no los
cheros completos.
Modo Proxy : Puede re-ensamblar completamente el chero con malware
Este formulario se creó en InGenio Learning. - Condiciones del servicio
Formularios

Fortinet

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Fortinet

Încărcat de

Drepturi de autor:

Formate disponibile

10/6/2019 Examen NSE4

Examen NSE4 Puntos totales 120/150

Se ha registrado la dirección de correo electrónico del encuestado (a41666173@ingenio.edu.pe) al

Puntuación de la sección 120/150

Which statement about tra c ow in an active-active HA 10/10

The secondary device responds to the primary device with a SYN/ACK,

What methods can be used to deliver the token code to a 10/10

user who is con gured to use two-factor authentication?

SMS text message

Instant message app

FortiGate supports only one SD-WAN interface per VDOM.

SD-WAN provides route failover protection, but cannot load-balance tra c.

An SD-WAN static route does not require a next-hop gateway IP

Which of the following are differences between IPsec main 10/10

mode and IPsec aggressive mode? (Choose two.)

Aggressive mode supports XAuth, while main mode does not.

ltering? (Choose three.)

FortiGate allowed the tra c to pass.

10.0.1.10 is the IP address for *.cdn.mozilla.net.

Tra c originated from 13.32.69.150.

Tra c matches the application pro le on rewall policy ID 1.

FortiGate allowed the tra c to pass.

Tra c matches the application pro le on rewall policy ID 1.

Which of the following settings and protocols can be used to 10/10

Which statement about the FortiGuard services for the 10/10

Antivirus signatures are downloaded locally on the FortiGate

FortiGate downloads IPS updates using UPD port 53 or 8888

The web ltering database is downloaded locally on the FortiGate

What is the purpose of the "Policy Lookup" feature? 10/10

It searches the matching policy based on an input criteria

It nds duplicate objects in rewall policies

It creates a new rewall policy based on an input criteria

How does FortiGate look for a matching rewall policy to 10/10

From top to bottom, based on the sequence numbers

Based on best match

From top to bottom, based on the policy ID numbers

From lower to higher, based on the priority value

An administrator needs to be able to view logs for 10/10

application usage on your network. What con gurations are

Create an application control policy

Enable logging on the rewall policy

Enable an application control security pro le on the rewall policy

Which statement is true regarding the policy ID numbers of 10/10

De nes the order in which rules are processed

Are required to modify a rewall policy from the CLI

Represent the number of objects used in the rewall policy

Under what circumstance would you enable LEARN as the 0/10

Action on a rewall policy?

You want FortiGate to monitor a speci c security pro le in a rewall

You want FortiGate to automatically modify your rewall policies as it

Which of the following statements about the FortiGate 0/10

application control database are true? (Choose two.)

The application control database updates are included in the free

The application control database uses TCP port 53 for downloads.

The application control database uses a hierarchical structure to

The application control database is part of the IPS signatures

The application control database uses a hierarchical structure to

Which of the following statements about antivirus scanning 10/10

in proxy-based inspection mode are true? (Choose two.)

FortiGate sends a reset packet to the client if antivirus reports the le as

A le does not need to be buffered completely before it is moved to the

Explicar las diferencias entre Distancia, Metrica y Prioridad en

Explicar las diferencias entre una VPN basada en políticas y una