Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE4 Examination questions (September)

Achieve New Updated (September) Fortinet NSE4 Examination questions Topic 6, IPSec VPN

September 25, 2015

Ensurepass

Topic 6, IPSec VPN

 

 

QUESTION 29  (Topic 6)

 

What is IPsec Perfect Forwarding Secrecy (PFS)?.

 

A.

A phase-1 setting that allows the use of symmetric encryption.

B.

A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.

C.

A `key-agreement’ protocol.

D.

A `security-association-agreement’ protocol.

 

Answer: B

 

 

QUESTION 30  (Topic 6)

 

An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.

 

Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

 

A.

Create firewall policies to allow and control traffic between the source and destination IP addresses.

B.

Configure the appropriate user groups to allow users access to the tunnel.

C.

Set the operating mode to IPsec VPN mode.

D.

Define the phase 2 parameters.

E.

Define the Phase 1 parameters.

 

Answer: ADE

 

 

QUESTION 31  (Topic 6)

 

 

 

 

You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route.

 

Which two configuration steps are required to achieve these objectives? (Choose two.)

 

A.

Create one firewall policy.

B.

Create two firewall policies.

C.

Add a route to the remote subnet.

D.

Add two IPsec phases 2.

 

Answer: BC

 

 

QUESTION 32  (Topic 6)

 

Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.

 

A.

Policy-based only.

B.

Route-based only.

C.

Either policy-based or route-based VPN.

D.

GRE-based only.

 

Answer: B

 

 

QUESTION 33  (Topic 6)

 

An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

 

A.

The IPsec firewall policies must be placed at the top of the list.

B.

This VPN cannot be used as part of a hub and spoke topology.

C.

Routes are automatically created based on the quick mode selectors.

D.

A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

 

Answer: D

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …