Fortinet NSE4 Study Guide Exam Questions Fully Answered (Passed).
5 keer bekeken 0 keer verkocht
Vak
FortiGate Operator
Instelling
FortiGate Operator
What are the Network Layers - Answer
Minimum Needs for Security Fabric - Answer 2+ Fortigates & a Fortianalyzer
What does the FDN (Fortiguard Distribution Network use for Package updates? (ie. AV/IPS) - Answer TCP Port 443 aka SSL, used instead of UDP as it is more reliable
What...
Fortinet NSE4 Study Guide Exam
Questions Fully Answered (Passed).
What are the Network Layers - Answer
Minimum Needs for Security Fabric - Answer 2+ Fortigates & a Fortianalyzer
What does the FDN (Fortiguard Distribution Network use for Package updates? (ie. AV/IPS)
update.fortiguarrd.net - Answer TCP Port 443 aka SSL, used instead of UDP as it is more reliable
What does the FDN (Fortiguard Distribution Network use for live queries. service.fortiguard.net - Answer
UDP port 53 or 8888, more efficient
Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)
A. Split tunneling is supported.
B. It requires the installation of a VPN client.
C. It requires the use of an Internet browser.
D. It does not support traffic from third-party network applications.
E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit. - Answer Answer:
A. Split tunneling is supported.
B. It requires the installation of a VPN client.
E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.
Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)
A. SSL VPN creates a HTTPS connection. IPsec does not.
B. Both SSL VPNs and IPsec VPNs are standard protocols.
,C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.
D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate
device. - Answer Answer:
A. SSL VPN creates a HTTPS connection. IPsec does not.
D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate
device.
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is
used as the source of the HTTP request?
A. The remote user's virtual IP address.
B. The FortiGate unit's internal IP address.
C. The remote user's public IP address.
D. The FortiGate unit's external IP address. - Answer Answer:
B. The FortiGate unit's internal IP address.
Regarding the use of web-only mode SSL VPN, which statement is correct?
A. It supports SSL version 3 only.
B. It requires a Fortinet-supplied plug-in on the web client.
C. It requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client. - Answer Answer:
C. It requires the user to have a web browser that supports 64-bit cipher length.
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
,Which three configuration steps must be performed on both units to support this scenario? (Choose
three.)
A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters. - Answer Answer
A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based
mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end
and the FortiGate already has a default route.
Which two configuration steps are required to achieve these objectives? (Choose two.)
A. Create one firewall policy.
B. Create two firewall policies.
C. Add a route to the remote subnet.
D. Add two IPsec phases 2. - Answer Answer:
B. Create two firewall policies.
C. Add a route to the remote subnet.
, An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct
regarding this IPsec VPN configuration?
A. The IPsec firewall policies must be placed at the top of the list.
B. This VPN cannot be used as part of a hub and spoke topology.
C. Routes are automatically created based on the quick mode selectors.
D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed. -
Answer Answer:
D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.
What is IPsec Perfect Forwarding Secrecy (PFS)?.
A. A phase-1 setting that allows the use of symmetric encryption.
B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key
expires.
C. A 'key-agreement' protocol.
D. A 'security-association-agreement' protocol. - Answer Answer:
B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key
expires.
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
A. Policy-based only.
B. Route-based only.
C. Either policy-based or route-based VPN.
D. GRE-based only. - Answer Answer:
B. Route-based only.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper TestSolver9. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €10,25. Je zit daarna nergens aan vast.
