Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
FCNSP.v5 Examination questions (September)

Achieve New Updated (September) Fortinet FCNSP.v5 Examination questions Topic 2, Volume B part 03

September 25, 2015

Ensurepass

QUESTION 64  (Topic 2)

 

Which spam filter is not available on a FortiGate device?

 

A.

Sender IP reputation database

B.

URLs included in the body of known SPAM messages.

C.

Email addresses included in the body of known SPAM messages.

D.

Spam object checksums

E.

Spam grey listing

 

Answer: E

 

 

QUESTION 65  (Topic 2)

 

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

 

 

 

 

 

clip_image002

 

Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Select all that apply.)

 

A.

The administrator should configure inter-VDOM links to avoid using external interfaces and routers.

B.

As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. This provides the same level of security internally as externally.

C.

This configuration requires the use of an external router.

D.

Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.

E.

As each VDOM has an independant routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.

 

Answer: ABE

 

 

QUESTION 66  (Topic 2)

 

Which of the following items is NOT a packet characteristic matched by a firewall service object?

 

 

 

 

 

A.

ICMP type and code

B.

TCP/UDP source and destination ports

C.

IP protocol number

D.

TCP sequence number

 

Answer: D

 

 

QUESTION 67  (Topic 2)

 

An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings.

 

Which of the following statements are correct regarding the IPSec VPN configuration?

 

A.

To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network.

B.

The virtual IPSec interface is automatically created after the phase1 configuration.

C.

The IPSec policies must be placed at the top of the list.

D.

This VPN cannot be used as part of a hub and spoke topology.

E.

Routes were automatically created based on the address objects in the firewall policies.

 

Answer: B

 

 

QUESTION 68  (Topic 2)

 

An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform?

 

A.

They can delete logged-in users who are also assigned the super_admin access profile.

B.

They can make changes to the super_admin profile.

C.

They can delete the admin account if the default admin user is not logged in.

D.

They can view all the system configuration settings but can not make changes.

E.

They can access configuration options for only the VDOMs to which they have been assigned.

 

Answer: C

 

 

QUESTION 69  (Topic 2)

 

 

 

 

Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met.

 

Considering this, which of the following statements is NOT correct?

 

A.

On a FortiGate device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.

B.

On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.

C.

Only a FortiAnalyzer device can send the alert notification in the form of a syslog message.

D.

Both the FortiGate and FortiAnalyzer devices can send alert notifications in the form of an email alert.

 

Answer: B

 

 

QUESTION 70  (Topic 2)

 

Which of the following Session TTL values will take precedence?

 

A.

Session TTL specified at the system level for that port number

B.

Session TTL specified in the matching firewall policy

C.

Session TTL dictated by the application control list associated with the matching firewall policy

D.

The default session TTL specified at the system level

 

Answer: C

 

 

QUESTION 71  (Topic 2)

 

SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?

 

A.

The file is buffered by the application proxy.

B.

The file is buffered by the SSL proxy.

C.

In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy.

D.

No file buffering is needed since a stream-based scanning approach is used for SSL content inspection.

 

 

 

 

 

Answer: A

 

 

QUESTION 72  (Topic 2)

 

Which of the following statements is not correct regarding virtual domains (VDOMs)?

 

A.

VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.

B.

A management VDOM handles SNMP, logging, alert email, and FDN-based updates.

C.

A backup management VDOM will synchronize the configuration from an active management VDOM.

D.

VDOMs share firmware versions, as well as antivirus and IPS databases.

E.

Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.

 

Answer: C

 

 

QUESTION 73  (Topic 2)

 

A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM.

 

What would be a possible cause for this problem?

 

A.

The dmz interface is referenced in the configuration of another VDOM.

B.

The administrator does not have the proper permissions to reassign the dmz interface.

C.

Non-management VDOMs can not reference physical interfaces.

D.

The dmz interface is in PPPoE or DHCP mode.

E.

Reassigning an interface to a different VDOM can only be done through the CLI.

 

Answer: A

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …