NSE 7 Enterprise firewall Questions and answers graded A+
7 views 0 purchase
Course
Nse
Institution
Nse
NSE 7 Enterprise firewall Questions and answers graded A+
APT
Advanced Persistent Threat
What modern day tech and threats create the need for more protection (protecting the perimeter of a network is no longer enough)
Zero day attacks
APT
Polymorphic malware
Insider threats
BYOD
Clou...
What modern day tech and threats create the need for more protection (protecting the
perimeter of a network is no longer enough) - answer Zero day attacks
APT
Polymorphic malware
Insider threats
BYOD
Cloud tech
What factors are contributing to a border less network - answer Mobile workforce
Partners accessing your network services
Public and private clouds
Internet of things
BYOD
Enterprise firewall solution (2) - answer Apply end to end security
Segment your network
End to end security with a consolidated operating system FortiOS
Core of the solution is security fabric which allows all devices to communicate in
network
And manage all deployments through fortimanager
Core of enterprise firewall solution - answer Core of the solution is security fabric
which allows all devices to communicate in network
Five firewall roles depending on where fortigate is deployed - answer DEFW
(distributed enterprise firewall)
CFW (Cloud firewall)
NGFW (next generation firewall)
DCFW (data center firewall)
ISFW (Internal segmentation firewall)
NGFWs - answer Next generation firewall
1g-40gb throughput
,Deployed for firewall, app control, IPS, AV, and VPN
What five areas does the SF (security fabric) deliver solutions in - answer Zero trust
access
Security driven networking
Dynamic cloud security
,AI-driven security operations
Fabric management center
Describe fortinet send to end solution - answer NAC/Client/AUTH/EDR
AP/Switch/Extender
Fortigate
Fortigate VM/FortiCWP
WEB/mail/CASB/ADC
Analyzer/Sandbox/SIEM/SOAR
Manager/cloud
What devices comprise the core of the security fabric (MANDATORY) and what is
comprised in the recommended and extended portions - answer Two or more
fortigates + fortianalyzer in core
Recommended-
Fortimanager, fortiAP, switch, client, sandbox, and mail
Extended-
Other fortinet products and third party products using the API
What must be configured in the SF first - answer Root fortigate
What is end to end security - answer Security from endpoints to the cloud
Purpose of ISFW - answer To segment the network so that any breach coming from
inside can be contained in one segment of the network without reaching others
Problem with multiple vendor networks - answer No central visibility or central
management
What consolidated OS does the fortinet solution offer - answer FortiOS
Single pane of glass management through which solution - answer Fortimanager
Highest Throughout requirements of all firewall roles - answer DCFW
What kind of firewall role would a fgt deployed in a smaller branch office or remote site -
answer DEFW
, What protocol must be enabled bidirectionally on all fortigates in the security fabric -
answer Fortitelemetry
What port does fortitelemetry use - answer 8013
Fortitelemetry - answer Port 8013
Fortigate uses to communicate with other fortigate devices and distribute information
about the network topology and it also uses to integrate with forticlient
How does the root fortigate use fortitelemetry, where does it share what it learns, and
how does it share it - answer It uses the network topology information collected from
the other fortigates and forwards it to fortianalyzer used the fortianalyzer API
What does the root fortigate use to send topology info about the SF to fortianalzyer -
answer Fortianalyzer API
How does fortianalyzer generate topology vies and IoC - answer It combines info
received from the root fortigate
SF tree structure - answer Branch fortigate devices connect to upstream fortigate
devices
How does fortigate verify the fortianalyzer - answer Verifies serial number against it's
certificate and then the serial is stored in the fortigate config
Command to see upstream AND downstream fortigates if the fortigate is not the SF root
( will show serial number, IP, connecting interface and connection status) - answer
Diagnose sys csf upstream
Diagnose sys csf downstream
What is configuration sync for SF - answer FAZ And fmg config on the root fortigate
will be pushed down to the other fortigates
How to disable configuration sync for SF - answer Config system csf
Set configuration-sync local
Security fabric map - answer All fortigate devices in a SF maintain their own SF map
that include the MAC address and IP address of all connected fortigate devices and
their interface
How to see the security fabric map - answer Diagnose sys csf neighbor list
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Pogba119. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.