Exam (elaborations)
NSE4 Exam Latest Update
- Course
- Institution
NSE4 Exam Latest Update ...
[Show more]
Content preview
NSE4 Exam Latest UpdateASIC - Answer Application Specific Integrated Circuit
SPU - Answer Security process unit
CP9 - Answer Crypto, inspection, SSL, and AV. Various IPS functions, ipsec vpn func as
well.
NP - Answer Packet processing. An NP6 chip can handle between 10 and 16 million
session. Must not require proxy based security featurees likes antivirus.
NAT mode - Answer Putting the fortigate into a layer 3 configuration
Transparent - Answer No routing - purely layer 2
VDOM - Answer a way to split one fg into many. A VDOM stands for Virtual domain and
gives the ability o ForiOS to break away from just being one single firewall and into
multiple virtual firewalls as needed. They are completely autonomous from other VDOMs
and are dedicated virtual firewalls with their own policies, objects, and routing schema.
CAPWAP - Answer Control and Provisioning of Wireless Access Points - also used for
switches. running 5246 udp
One arm sniffer - Answer Network tap
Can fg act as DHCP? - Answer Yes
Security fabric - Answer
SNAT - Answer Source NAT.
Dynamic IP pool: single or range of IPs to be used. Must be on the same subnet.
Out going Interface: PAT many to single you can restrict ports but then only one
connection will be made
overload: many to one
one to one: first come first serve
port block allocation: block size - how many ports, block per user - how many blocks for
each user
Virtual IPs (VIPs) - Answer translation of public domain to private server
Flow based inspection - Answer takes a snapshot of content packets and uses pattern
matching to identify security threats in the content.
single pass direct filter approach - if detected will kill the last packet and tear down the
,connection
fast
proxy based inspection - Answer reconstructs content that passes through the
FortiGate and inspects the content for security threats.
two TCP connections (MiTM)
examines the traffic as a whole
slower and more resources
Application control - Answer always flow based
uses IPS engine to detect threats
was designed with a client server model in mind
will be defeated by P2P
need a subscription to fortiguard to get the required signatures and SSL inspection
three types of filters
1. app overrides
2. categories
3. filter overrides
ECMP - Answer equal cost multiple path routing
1. source - if the share it will split
2. source and destination - if they share both they will split
3. weighted - different weights and the heavier route will get more sessions allocated to
it
4. usage based - traffic threshold then uses next available route
FSSO - Answer fortinet single sign on
used with active directory to provision sign ins
Different methods of collecting the information from the DC and passing it to the FG.
Polling mode - Answer collect mode agent polls each DC for logons. Less complex
installation, event logging must be turned on. Net API - every 9 seconds - faster but may
miss
WinSecLog - every 10 - slower but will catch everything
,WMI - every 3 secs - improves bandwidth consumption
Agentless polling - Answer FG contacts the DC itself. increases the load on the FG. Uses
SMB protocol. FG acts as the collector. Local DNS server must be able to resolve all
workstation names
DC agent - Answer Gets installed and then forwards the events to collector agent then
to FG.
Firewall policy - Answer is an entry within the firewall policy table that is designed to
match network traffic and then do something with it. There are profile based and
policy-based.
Local in Policy table - Answer manages the traffic destined for the fortigate itself.
Profile based policy - Answer row - firewall policy entry
firewall policy entry - objects
Interface and zone objects
address objects
service objects
schedule objects
reverse path forwarding - Answer Reverse Path Filter (aka RPF) is a security
enforcement allowing to drop an ingressing packet based on its source ip address.The
packet source IP address is checked against the routing table for reverse path (ie: route
to the source IP address of the packet).Depending on Reverse Path Filter configuration,
packet may be dropped or forwarded.
strict rpf - Answer source ip must match the interface subnet that it comes in on.
loose rpf - Answer there must at-least be the possibility to route back to the source ip.
i.e. if the packet matches one of the routes in the table it is not dropped
HA cluster requirements - Answer Must have the same:
model
firmware
hardware configuration
configurations
HA critical components - Answer heartbeat connections
identical connections for internal and external interfaces
, heartbeat link
high availability modes - Answer active-active
active-passive
FGSP - Answer The FortiGate Session Life Support Protocol (FGSP) is a proprietary HA
solution for only sharing sessions between two entities and is based on a peer-to-peer
structure. The entities could be standalone FortiGates or an FGCP cluster.
Fortiguard - Answer AV
IPS
app control
antispam
web filtering
waf
HA override - Answer The selection process for the primary fortigate. Most available
monitored inferfaces, up-times (longest is best), highest priority becomes primary. Can
force one to give up primary by reseting HA uptime. Primarys will take back their role
when they come back online.
Virtual Clustering - Answer FGCP supports a feature called Virtual Clustering, which
allows for an Active-Passive cluster of 2 devices to elect distinct master units for each
VDOM. This results in more effective load-sharing between both units as VDOMs are
made active on both devices. It can also act as a protection feature, e.g. with public
internet VDOMs running on one unit and others on the other.
SD-WAN - Answer interfaces can by of any type
can load balance
no need for individual policies
SD-WAN load balancing methods - Answer Source IP - Divides the traffic equally.
Sessions started keep the same source ip.
Sessions - distribute based on current active number of sessions.
Spillover - if traffic exceeds x level, dish out
Source-Dest - same as source but now sessions go to the same ip are locked in
Volume - amount of packets going through the interfaces
ECMP load balancing - Answer Source based
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Flat. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80796 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now