Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE4 Examination questions (September)

Achieve New Updated (September) Fortinet NSE4 Examination questions Topic 3, Firewall Policies

September 25, 2015

Ensurepass

Topic 3, Firewall Policies

 

 

QUESTION 12  (Topic 3)

 

Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)

 

A.

IP address pool.

B.

Virtual IP address.

 

 

 

 

C.

IP address.

D.

IP address group.

E.

MAC address.

 

Answer: BCD

 

 

QUESTION 13  (Topic 3)

 

Which header field can be used in a firewall policy for traffic matching?

 

A.

ICMP type and code.

B.

DSCP.

C.

TCP window size.

D.

TCP sequence number.

 

Answer: A

 

 

QUESTION 14  (Topic 3)

 

The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?

 

A.

set order

B.

edit policy

C.

reorder

D.

move

 

Answer: D

 

 

QUESTION 15  (Topic 3)

 

In which order are firewall policies processed on a FortiGate unit?

 

A.

From top to down, according with their sequence number.

B.

From top to down, according with their policy ID number.

C.

Based on best match.

D.

Based on the priority value.

 

 

 

 

 

Answer: A

 

 

QUESTION 16  (Topic 3)

 

For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?

 

A.

The traffic is allowed and no log is generated.

B.

The traffic is allowed and logged.

C.

The traffic is blocked and no log is generated.

D.

The traffic is blocked and logged.

 

Answer: C

 

 

QUESTION 17  (Topic 3)

 

Examine the following CLI configuration:

 

config system session-ttl

 

set default 1800

 

end

 

What statement is true about the effect of the above configuration line?

 

A.

Sessions can be idle for no more than 1800 seconds.

B.

The maximum length of time a session can be open is 1800 seconds.

C.

After 1800 seconds, the end user must re-authenticate.

D.

After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

 

Answer: A

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …