Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
FCNSP.v5 Examination questions (September)

Achieve New Updated (September) Fortinet FCNSP.v5 Examination questions Topic 2, Volume B part 05

September 25, 2015

Ensurepass

QUESTION 84  (Topic 2)

 

Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?

 

A.

Antivirus scanning provides end-to-end virus protection for client workstations.

B.

Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols.

C.

Antivirus scanning supports banned word checking.

D.

Antivirus scanning supports grayware protection.

 

 

 

 

 

Answer: D

 

 

QUESTION 85  (Topic 2)

 

In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling.

 

Which of the following statements is true about the IP address used by the SSL VPN client?

 

A.

The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings.

B.

Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established.

C.

The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options.

 

Answer: A

 

 

QUESTION 86  (Topic 2)

 

In order to load-share traffic using multiple static routes, the routes must be configured with …

 

A.

the same distance and same priority.

B.

the same distance and the same weight.

C.

the same distance but each of them must be assigned a unique priority.

D.

a distance equal to its desired weight for ECMP but all must have the same priority.

 

Answer: A

 

 

QUESTION 87  (Topic 2)

 

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)?

 

 

 

 

 

A.

The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors.

B.

The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors.

C.

At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options.

D.

The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings.

E.

At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options.

 

Answer: C

 

 

QUESTION 88  (Topic 2)

 

Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.)

 

A.

The web client SSL handshake.

B.

The web server SSL handshake.

C.

File buffering.

D.

Communication with the urlfilter process.

 

Answer: AB

 

 

QUESTION 89  (Topic 2)

 

WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?

 

A.

The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule.

B.

The attempt will be accepted when there is a matching WAN optimization passive rule.

C.

The attempt will be accepted when the request comes from a known peer.

D.

The attempt will be accepted when a user on the remote peer accepts the connection request.

 

Answer: A

 

 

 

QUESTION 90  (Topic 2)

 

An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?

 

A.

Apply an application control list which contains a rule for SIP and has the “Limit INVITE Request” option configured.

B.

Enable Traffic Shaping for the appropriate SIP firewall policy.

C.

Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command.

D.

Run the set udp-idle-timer CLI command and set a lower time value.

 

Answer: A

 

 

QUESTION 91  (Topic 2)

 

The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules.

 

Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.)

 

A.

Encrypted protocols can be scanned through the use of the SSL proxy.

B.

DLP rules can be used to block the transmission of encrypted files.

C.

Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels.

D.

Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.

 

Answer: ABD

 

 

QUESTION 92  (Topic 2)

 

Which of the following cannot be used in conjunction with the endpoint compliance check?

 

 

 

 

 

A.

HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.

B.

Any form of firewall policy authentication.

C.

WAN optimization.

D.

Traffic shaping.

 

Answer: A

 

 

QUESTION 93  (Topic 2)

 

Which of the following statements is correct regarding the NAC Quarantine feature?

 

A.

With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP.

B.

NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate.

C.

NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.

D.

If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine.

 

Answer: C

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …