Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
FCNSP.v5 Examination questions (September)

Achieve New Updated (September) Fortinet FCNSP.v5 Examination questions Topic 2, Volume B part 04

September 25, 2015

Ensurepass

QUESTION 74  (Topic 2)

 

You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users

 

 

 

 

from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route.

 

Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)

 

A.

Create one firewall policy.

B.

Create two firewall policies.

C.

Add a route for the remote subnet.

D.

Add a route for incoming traffic.

E.

Create a phase 1 definition.

F.

Create a phase 2 definition.

 

Answer: BCEF

 

 

QUESTION 75  (Topic 2)

 

In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?

 

A.

Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server

B.

Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server

C.

Request: Internal Host -> Slave FG -> Internet -> Web Server

D.

Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server

 

Answer: A

 

 

QUESTION 76  (Topic 2)

 

The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.

 

Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)

 

A.

An FSAE Collector Agent must be installed on every domain controller.

 

 

 

 

B.

An FSAE Domain Controller Agent must be installed on every domain controller.

C.

The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.

D.

The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.

E.

For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.

 

Answer: BD

 

 

QUESTION 77  (Topic 2)

 

Based on the web filtering configuration illustrated in the exhibit,

 

clip_image002

 

which one of the following statements is not a reasonable conclusion?

 

A.

Users can access both the www.google.com site and the www.fortinet.com site.

B.

When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site.

C.

When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed.

D.

Downloaded content from www.google.com will be scanned for viruses if antivirus is enabled.

 

Answer: B

 

 

QUESTION 78  (Topic 2)

 

When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit.

 

 

 

 

 

clip_image004

 

Which of the following statements is correct regarding this entry?

 

A.

The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.

B.

The entry displays a ban that was triggered by HTTP traffic matching an IPS signature. This client is banned from receiving or sending any traffic through the FortiGate.

C.

The entry displays a quarantine, which could have been added by either IPS or DLP.

D.

This entry displays a ban entry that was added manually by the administrator on June11th.

 

Answer: A

 

 

QUESTION 79  (Topic 2)

 

Which of the following statements is correct regarding the FortiGuard Services Web Filtering Override configuration as illustrated in the exhibit?

 

clip_image006

 

A.

Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/.

 

 

 

 

B.

A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site.

C.

A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs.

D.

A client with an IP address of 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009.

E.

Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ until August 7, 2009.

 

Answer: C

 

 

QUESTION 80  (Topic 2)

 

Which of the following features could be used by an administrator to block FTP uploads while still allowing FTP downloads?

 

A.

Anti-Virus File-Type Blocking

B.

Data Leak Prevention

C.

Network Admission Control

D.

FortiClient Check

 

Answer: B

 

 

QUESTION 81  (Topic 2)

 

Which of the following report templates must be used when scheduling report generation?

 

A.

Layout Template

B.

Data Filter Template

C.

Output Template

D.

Chart Template

 

Answer: A

 

 

QUESTION 82  (Topic 2)

 

What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels?

 

 

 

 

 

A.

Using a hub and spoke topology is required to achieve full redundancy.

B.

Using a full mesh topology simplifies configuration.

C.

Using a full mesh topology provides stronger encryption.

D.

Full mesh topology is the most fault-tolerant configuration.

 

Answer: D

 

 

QUESTION 83  (Topic 2)

 

An administrator is examining the attack logs and notices the following entry:

 

device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect- servers ref=http://www.fortinet.com/ids/VID100663402 msg=”anomaly: tcp_src_session, 2 > threshold 1″ policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A

 

Based solely upon this log message, which of the following statements is correct?

 

A.

This attack was blocked by the HTTP protocol decoder.

B.

This attack was caught by the DoS sensor “protect-servers”.

C.

This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit.

D.

The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold.

 

Answer: B

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …