NSE4_FGT-5.6 Online Practice Questions and Answers
Which traffic inspection features can be executed by a security processor (SP)?
(Choose three.)
Response:
A. TCP SYN proxy
B. SIP session helper
C. Proxy-based antivirus
D. Attack signature matching
E. Flow-based web filtering
What protocol can be used to dynamically assign an IP address to a physical interface? Response:
A. PPPoE
B. IP Config
C. BOOTP
D. ICMP
Which actions can be configured in an application control profile?
(Choose three.)
Response:
A. Monitor
B. Block
C. Warning
D. Authenticate
E. Quarantine
FortiGate scans packets for matches in a specific order for application control. Which option provides the correct sequence order?
Response:
A. Static domain overrides -> application overrides -> filter overrides
B. Categories -> application overrides -> filter overrides
C. Application overrides -> filter overrides -> categories
D. Rate based overrides -> filter overrides -> categories
When using firewall policy NAT, which statements are true regarding virtual IP (VIP)?
(Choose two.)
Response:
A. The default type is static NAT, which applies one-to-one mappings for incoming and outgoing connections.
B. The static NAT VIP can be restricted to forward only certain ports.
C. FortiGate does not respond to ARP requests for VIP, as ARP responses are non configurable for VIP.
D. The VIP is selected in the firewall policy source address field.
Which of the following statements is true regarding client integrity checking in SSL VPN? Response:
A. It detects the Windows client security applications running in the SSL VPN client's PCs.
B. It validates the SSL VPN user credentials on the remote authentication server.
C. It verifies which SSL VPN portal must be presented to each SSL VPN user.
D. It verifies that the latest SSL VPN client is installed in the client's PC.
Which ways can FortiGate deliver one-time passwords (OTPs) to two-factor authentication users in your
network?
(Choose three.)
Response:
A. Hardware FortiToken
B. Web portal
C. SMS
D. USB FortiToken
E. FortiToken Mobile
Which of the following protocols is used to encrypt the user data payload in an IPsec tunnel? Response:
A. AH
B. IKE
C. ISAKMP
D. ESP
Which statements best describe auto discovery VPN (ADVPN).
(Choose two.)
Response:
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
B. ADVPN is only supported with IKEv2.
C. Tunnels are negotiated dynamically between spokes.
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
Which statements about high availability (HA) for FortiGates are true?
(Choose two.)
Response:
A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
B. Heartbeat interfaces are not required on the primary device.
C. HA management interface settings are synchronized between cluster members.
D. Sessions handled by UTM proxy cannot be synchronized.
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2024 leads4pass.com.