Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
FCNSP.v5 Examination questions (September)

Achieve New Updated (September) Fortinet FCNSP.v5 Examination questions Topic 1, Volume A part 01

September 25, 2015

Ensurepass

QUESTION 1  (Topic 1)

 

What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)

 

A.

Using a hub and spoke topology is required to achieve full redundancy.

B.

Using a hub and spoke topology simplifies configuration because fewer tunnels are required.

C.

Using a hub and spoke topology provides stronger encryption.

D.

The routing at a spoke is simpler, compared to a meshed node.

 

Answer: BD

 

 

QUESTION 2  (Topic 1)

 

Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)

 

A.

They both create separate broadcast domains.

B.

Port Pairing works only for physical interfaces.

C.

Forwarding Domains only apply to virtual interfaces.

D.

They may contain physical and/or virtual interfaces.

E.

They are only available in high-end models.

 

Answer: AD

 

 

QUESTION 3  (Topic 1)

 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of ‘show system ha’ for the STUDENT device. Exhibit B shows the command output of ‘show system ha’ for the REMOTE device.

 

Exhibit A:

 

 

 

 

 

clip_image002

 

Exhibit B

 

clip_image004

 

Which one of the following is the most likely reason that the cluster fails to form?

 

A.

Password

B.

HA mode

C.

Hearbeat

D.

Override

 

Answer: B

 

 

QUESTION 4  (Topic 1)

 

 

 

 

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.

 

config router static

 

edit 1

 

set dst 172.20.168.0 255.255.255.0

 

set distance 20

 

set priority 10

 

set device port1

 

next

 

edit 2

 

set dst 172.20.168.0 255.255.255.0

 

set distance 20

 

set priority 20

 

set device port2

 

next

 

end

 

Which of the following statements correctly describes the static routing configuration provided above?

 

A.

The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.

B.

The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.

C.

The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.

D.

Only the route that is using port1 will show up in the routing table.

 

Answer: C

 

 

QUESTION 5  (Topic 1)

 

Which of the following statements correctly describe Transparent Mode operation? (Select

 

 

 

 

all that apply.)

 

A.

The FortiGate unit acts as transparent bridge and routes traffic using Layer-2 forwarding.

B.

Ethernet packets are forwarded based on destination MAC addresses NOT IPs.

C.

The device is transparent to network hosts.

D.

Permits inline traffic inspection and firewalling without changing the IP scheme of the network.

E.

All interfaces must be on different IP subnets.

 

Answer: ABCD

 

 

QUESTION 6  (Topic 1)

 

In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below.

 

clip_image006

 

Which of the following statements are correct regarding this setting? (Select all that apply.)

 

A.

Interface settings on port7 will not be synchronized with other cluster members.

B.

The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.

C.

Port7 appears in the routing table.

D.

A gateway address may be configured for port7.

E.

When connecting to port7 you always connect to the master device.

 

Answer: AD

 

 

QUESTION 7  (Topic 1)

 

Review the IPsec phase1 configuration in the Exhibit shown below; then answer the

 

 

 

 

question following it.

 

clip_image008

 

Which of the following statements are correct regarding this configuration? (Select all that apply).

 

A.

The phase1 is for a route-based VPN configuration.

B.

The phase1 is for a policy-based VPN configuration.

C.

The local gateway IP is the address assigned to port1.

D.

The local gateway IP address is 10.200.3.1.

 

Answer: AC

 

 

QUESTION 8  (Topic 1)

 

Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it.

 

 

 

 

 

clip_image010

 

Which of the following statements are correct regarding this configuration? (Select all that apply).

 

A.

The Phase 2 will re-key even if there is no traffic.

B.

There will be a DH exchange for each re-key.

C.

The sequence number of ESP packets received from the peer will not be checked.

D.

Quick mode selectors will default to those used in the firewall policy.

 

Answer: AB

 

 

QUESTION 9  (Topic 1)

 

Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it.

 

 

 

 

 

clip_image012

 

Which one of the following statements correctly describes this output?

 

A.

The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.

B.

The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup.

C.

OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used.

D.

172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.

 

Answer: A

 

 

QUESTION 10  (Topic 1)

 

Shown below is a section of output from the debug command diag ip arp list.

 

index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1

 

In the output provided, which of the following best describes the IP address

Q1

20.187.150?

 

A.

It is the primary IP address of the port1 interface.

B.

It is one of the secondary IP addresses of the port1 interface.

C.

It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.

 

 

 

 

Answer: C

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …