Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
925-201b Examination questions (September)

Achieve New Updated (September) Fortinet 925-201b Examination Questions 61-70

September 24, 2015

Ensurepass

 

QUESTION 61

Exhibit

 

1. Outbound encrypt policy.

 

2. Inbound encrypt policy.

 

3) Default non-encrypt policy.

 

What is the correct order of the recommend policy order of spoke Fortigate unit in

 

hub & spoke environment?

 

A.

1 , 2 , 3

B.

2 , 1 , 3

C.

2 , 3 , 1

D.

3 , 2 , 1

 

Answer: A

 

 

QUESTION 62

Which of the following ensure that the routing information is reliable ?

 

A.

key-chain list

B.

access-list

C.

prefix-list

D.

rip

 

Answer: A

Explanation:RIP version 2 uses authentication keys to ensure that the routing information exchanged between routers is reliable. For authentication to work both the sending and receiving routers must be set to use authentication, and must be configured with the same keys.

A key chain is a list of one or more keys and the send and receive lifetimes for each key. Keys are used for authenticating routing packets only during the specified

 

 

 

 

 

lifetimes. The FortiGate unit migrates from one key to the next according to the scheduled send and receive lifetimes. The sending and receiving routers should have their system dates and times synchronized, but overlapping the key lifetimes ensures that a key is always available even if there is some difference in the system times.

 

 

QUESTION 63

Which of the following malware attempt to scam the user into surrendering private

 

information that will be used to identity theft ?

 

A.

torjan

B.

Phish

C.

Downloader

D.

Worm

 

Answer: B

 

 

QUESTION 64

Which of the following description describe the same function? Select all that apply.

 

A.

deny splitting tunneling

B.

dedicate tunnel

C.

internet browsing

D.

Intranet browsing

 

Answer: ABC

 

 

QUESTION 65

Which one of the following is unnecessary for create a port mapping vip for external

 

10.1.1.1 80 to internal 172.31.1.1 443 ?

 

A.

set the vip to static nat

B.

set the vip external port to 80

C.

set the external ip to 10.1.1.1

D.

add a firewall policy from external to internal , set the destination to the name of the

 

 

 

 

vip

 

Answer: A

 

 

QUESTION 66

When creating protection profile with configuring antivirus scanning , we can

 

disabling passing of fragment emails for ?

 

A.

HTTP

B.

FTP

C.

IMAP , POP3 , SMTP

D.

TELNET

 

Answer: C

 

 

QUESTION 67

MD5 is a example of a ?

 

A.

encryption algorithm

B.

digital signature

C.

hashed mac

D.

SA

 

Answer: D

Explanation:IPSEC was developed by the Internet Engineering Task Force (IETF) to address certain vulnerabilities inherent in the popular IP protocol. Exploits in IP allowed for eavesdropping (sniffing) and identity masking (spoofing), so it was difficult to get guaranteed security over large networks. Prior solutions would provide security for only specific applications (PGP for email and SSL for web applications). IPSEC secures the network itself, so it also secures the applications using the network. IPSEC is a set of IP extensions that provide strong data authentication and privacy guarantees through the use of modern encryption techniques.

To have security on your network, you need to have confidence

 

 

 

 

 

in three factors

 

1. The person you are communicating with is really that person (authentication)

2. No one can eavesdrop on your communication (confidentiality)

3. The communication that you received has not been modified in transit (integrity)

IPSEC is comprised of three components that provide these security functions.

Authentication Header (AH) – A signature is tied to each packet, allowing you to verify the sender’s identity and the integrity of the data. Currently MD5 and SHA-1 authentication schemes are supported.

Encapsulating Security Payload (ESP) – Uses strong encryption algorithms to encrypt the data in each packet to defeat common eavesdropping techniques. The most common encryption algorithm used by ESP is 56-bit DES, but ESP is an open protocol that allows support for most current (and even future) encryption algorithms.

Internet Key Exchange (IKE) – Allows nodes to agree on authentication methods, encryption methods, the keys to use and the keys’ lifespan. IKE also allows smart secure key exchange. AH and ESP provide the means to protect data from tampering, preventing eavesdropping and verifying the origin of the data. IKE provides a secure method of exchanging keys and negotiating protocols and encryption algorithms to use. The information negotiated IKE is stored in a Security Association (SA). The SA is like a contract laying out the rules of the VPN connection for the duration of the S

 

A.An SA is assigned a 32-bit number

that, when used in conjunction with the destination IP address, uniquely identifies the S

 

A.This number is called the Security

Parameters Index or SPI.

To tie this all together, let’s look at an example. User A

 

 

 

 

 

wants to send data to User

B.User A’s router (router A) has a security policy applied with a rule that says all traffic to User B needs to be encrypted. User B’s router (router B) will be the other end of an IPSEC tunnel. Router A checks to see if an IPSEC SA exists between it and router

B.If it doesn’t, router A will request an IPSEC SA from IKE. If an IKE SA exists between the two routers, an IPSEC SA is issued. If an IKE SA does not exist, one has to be negotiated first, with the routers exchanging information signed by a third-party certificate authority (CA) that both routers trust. Once the IKE SA is agreed upon by the routers, an IPSEC SA can be issued, and secure, encrypted communications can begin. This process is transparent to User A and User B.

The basic steps for setting up an IPSEC connection are as follows

1. Set up an IKE SA.

2. Agree upon the terms of communication and encryption algorithm. Create an IPSEC SA.

3. Start sending data.

 

 

QUESTION 68

What is the max metric can be configured in route distribution?

 

A.

13

B.

14

C.

15

D.

16

 

Answer: D

 

 

QUESTION 69

Which spam filter does not query DNS servers for an address record?

 

 

 

 

 

A.

Return email DNS check

B.

Hello DNS lookup

C.

RBL/ORDBL list

D.

BWL check

 

Answer: AC

 

 

QUESTION 70

The auth timeout is applies to ?

 

A.

administrator access

B.

(b) vpn connections

C.

(c) authentication users

D.

(d) vpn authentication

 

Answer: C

Explanation:Auth Timeout Set the firewall user authentication timeout to control how long an authenticated connection can be idle before the user must authenticate again. The maximum authtimeout is 480 minutes (8 hours). The default Auth Timeout is 15 minutes.

 

Free VCE & PDF File for Fortinet 925-201b Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …