NSE4_FGT-5.6 Online Practice Questions and Answers
Which of the following configuration settings are global settings?
(Choose two.)
Response:
A. FortiGuard settings
B. HA settings
C. Firewall policies
D. Security profiles
If antivirus, grayware, and heuristic scans are enabled on FortiGate, in which order does FortiGate apply the scanning?
Response:
A. heuristics -> grayware -> antivirus
B. antivirus -> grayware -> heuristics
C. antivirus -> heuristics -> grayware
D. grayware -> antivirus -> heuristics
How can you format the FortiGate flash disk? Response:
A. Load the hardware test (HQIP) image.
B. Execute the CLI command execute formatlogdisk.
C. Load a debug FortiOS image.
D. Select the format boot device option from the BIOS menu.
Which of the following statements regarding FortiGate inspection modes are correct?
(Choose three.)
Response:
A. Proxy-based inspection mode supports more features.
B. Flow-based is the default FortiGate inspection mode.
C. Switching from proxy-based inspection mode to flow-based inspection mode will result in a warning message.
D. Security profiles must be manually converted to flow-based before switching the inspection mode from proxy-based to flow-based.
E. Switching from proxy-based to flow-based and then back to proxy-based will not produce original configurations.
Which statement is true about split tunneling in SSL VPN? Response:
A. It is supported in web-only mode.
B. It can be enabled by the SSL VPN user, after connecting to the SSL VPN.
C. If enabled, Internet traffic uses the local gateway of the connecting host.
D. If disabled, SSL VPN users must authenticate using FortiToken.
Which of the following are differences between IPsec main mode and IPsec aggressive mode?
(Choose two.)
Response:
A. Aggressive mode supports XAuth, while main mode does not.
B. Six packets are usually exchanged during main mode, while only three packets are exchanged during aggressive mode.
C. The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not.
D. Main mode cannot be used for dialup VPNs, while aggressive mode can.
View the exhibit.
When a user attempts to connect to an HTTPS site, what is the expected result with this configuration? Response:
A. The user is required to authenticate before accessing sites with untrusted SSL certificates.
B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.
C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.
D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).
FortiGate scans packets for matches in a specific order for application control. Which option provides the correct sequence order?
Response:
A. Static domain overrides -> application overrides -> filter overrides
B. Categories -> application overrides -> filter overrides
C. Application overrides -> filter overrides -> categories
D. Rate based overrides -> filter overrides -> categories
Which are the different types of memory conserve mode that can occur on a FortiGate device?
(Choose two.)
Response:
A. System
B. Device
C. Kernel
D. Flow
Which of the following are factory default settings on a FortiGate?
(Choose two.)
Response:
A. Administrative account is admin
B. Password for administrative access is Fortinet
C. Port1 (or internal) interface IP is 192.168.1.99/24
D. Default gateway IP is 192.168.1.1 using porn (or internal) interface
E. Mode of operation is transparent
Which of the following IPsec parameters is a phase 2 configuration setting? Response:
A. Peer ID
B. eXtended Authentication (XAuth)
C. Quick mode selectors
D. Authentication method
What FortiGate feature can be used to prevent a cross-site scripting (XSS) attack? Response:
A. Web application firewall (WAF)
B. DoS policies
C. Rate based IPS signatures
D. One-arm sniffer
What is the purpose of the Policy Lookup feature? Response:
A. It searches the matching policy based on input criteria.
B. It creates packet flow over FortiGate by sending real-time traffic.
C. It finds duplicate objects in firewall policies.
D. It creates a new firewall policy based on input criteria.
What is the purpose of the Policy Lookup feature? Response:
A. It searches the matching policy based on an input criteria.
B. It enables hidden security profiles with full logging capabilities and generates Learning Reports based on an input criteria.
C. It finds duplicate objects in firewall policies.
D. It creates a new firewall policy based on an input criteria.
Examine this output from the diagnose sys top command:
Which statements about the output are true?
(Choose two.)
Response:
A. sshd is the process consuming most memory
B. sshd is the process consuming most CPU
C. All the processes listed are in sleeping state
D. The sshd process is using 123 pages of memory
Why select/choose certbus.com?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
• 6000+ PDF and VCE exam dumps
• 6000+ Free demo downloads available
• 50+ Preparation Labs
• 20+ Representatives Providing 24/7 Support
Copyright © 2004-2024 certbus.com, All Rights Reserved.