Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
FCNSP.v5 Examination questions (September)

Achieve New Updated (September) Fortinet FCNSP.v5 Examination questions Topic 1, Volume A part 02

September 25, 2015

Ensurepass

 

QUESTION 11  (Topic 1)

 

Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)

 

A.

SNMP

B.

IPSec

C.

SMTP

D.

POP3

E.

HTTP

 

Answer: CDE

 

 

QUESTION 12  (Topic 1)

 

Examine the static route configuration shown below; then answer the question following it.

 

config router static

 

edit 1

 

set dst 172.20.1.0 255.255.255.0

 

set device port1

 

set gateway 172.11.12.1

 

set distance 10

 

set weight 5

 

next

 

edit 2

 

set dst 172.20.1.0 255.255.255.0

 

set blackhole enable

 

set distance 5

 

 

 

 

set weight 10

 

next

 

end

 

Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)

 

A.

All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.

B.

As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.

C.

The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.

D.

The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.

E.

Traffic to 172.20.1.0/24 will be shared through both routes.

 

Answer: AC

 

 

QUESTION 13  (Topic 1)

 

Examine the Exhibit shown below; then answer the question following it.

 

clip_image002

 

The Vancouver FortiGate unit initially had the following information in its routing table:

 

S 172.20.0.0/16 [10/0] via 172.21.1.2, port2

 

C 172.21.0.0/16 is directly connected, port2

 

C 172.11.11.0/24 is directly connected, port1

 

Afterwards, the following static route was added:

 

config router static

 

 

 

 

edit 6

 

set dst 172.20.1.0 255.255.255.0

 

set pririoty 0

 

set device port1

 

set gateway 172.11.12.1

 

next

 

end

 

Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

 

A.

The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.

B.

The ‘gateway’ IP address is NOT in the same subnet as the IP address of port1.

C.

The priority is 0, which means that the route will remain inactive.

D.

The static route configuration is missing the distance setting.

 

Answer: B

 

 

QUESTION 14  (Topic 1)

 

How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

 

A.

File TypE. Microsoft Office(msoffice)

B.

File TypE. Archive(zip)

C.

File TypE. Unknown Filetype(unknown)

D.

File NamE. “*.ppt”, “*.doc”, “*.xls”

E.

File NamE. “*.pptx”, “*.docx”, “*.xlsx”

 

Answer: BE

 

 

QUESTION 15  (Topic 1)

 

For Data Leak Prevention, which of the following describes the difference between the

 

 

 

 

block and quarantine actions?

 

A.

A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.

B.

A block action prevents the transaction. A quarantine action archives the data.

C.

A block action has a finite duration. A quarantine action must be removed by an administrator.

D.

A block action is used for known users. A quarantine action is used for unknown users.

 

Answer: A

 

 

QUESTION 16  (Topic 1)

 

Identify the statement which correctly describes the output of the following command:

 

diagnose ips anomaly list

 

A.

Lists the configured DoS policy.

B.

List the real-time counters for the configured DoS policy.

C.

Lists the errors captured when compiling the DoS policy.

 

Answer: B

 

 

QUESTION 17  (Topic 1)

 

Examine the Exhibit shown below; then answer the question following it.

 

clip_image004

 

In this scenario, the Fortigate unit in Ottawa has the following routing table:

 

 

 

 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2

 

C 172.20.167.0/24 is directly connected, port1

 

C 172.20.170.0/24 is directly connected, port2

 

Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets?

 

A.

The forward policy check.

B.

The reverse path forwarding check.

C.

The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit’s routing table.

D.

The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.

 

Answer: B

 

 

QUESTION 18  (Topic 1)

 

In Transparent Mode, forward-domain is an attribute of ______________.

 

A.

an interface

B.

a firewall policy

C.

a static route

D.

a virtual domain

 

Answer: A

 

 

QUESTION 19  (Topic 1)

 

Review the configuration for FortiClient IPsec shown in the Exhibit below.

 

 

 

 

 

clip_image006

 

Which of the following statements is correct regarding this configuration?

 

A.

The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object

B.

The connecting VPN client will install a default route

C.

The connecting VPN client will install a route to the 172.20.1.[1-5] address range

D.

The connecting VPN client will connect in web portal mode and no route will be installed

 

Answer: A

 

 

QUESTION 20  (Topic 1)

 

With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.

 

If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)

 

A.

The login event is sent to the Collector Agent.

B.

The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.

 

 

 

 

C.

The Collector Agent performs the DNS lookup for the authenticated client’s IP address.

D.

The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.

 

Answer: AC

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …