Copy and Edit

NSE4

Description

Quiz for NSE4 exam certification
Erik Vasquez
Flashcards by Erik Vasquez, updated more than 1 year ago
Erik Vasquez
Created by Erik Vasquez over 2 years ago
299
0
0

Resource summary

Question Answer
Refer to the exhibit, which contains a Performance SLA configuration. An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?
Image: Image (binary/octet-stream)
Participants configured are not SD-WAN members.
Refer to the exhibit In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit. What should the administrator do next to troubleshoot the problem?
Image: Image (binary/octet-stream)
Execute a debug flow.
Refer to the exhibit to view the application control profile. Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is true?
Image: Image (binary/octet-stream)
Apple FaceTime belongs to the custom monitored filter.
Refer to the exhibit.
Image: Image (binary/octet-stream)
- Device detection is disabled on all FortiGate devices. - This security fabric topology is a logical topology view.
Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?
Image: Image (binary/octet-stream)
Web filter should be enabled on the firewall policy to complement the antivirus profile.
Refer to the exhibit, which contains a session diagnostic output.
Image: Image (binary/octet-stream)
The session is in TCP ESTABLISHED state.
Refer to the exhibit. The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address. An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication. How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (
Image: Image (binary/octet-stream)
- If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed. - If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed
The exhibit shows the configuration for the SD-WAN member, Performance SLA and SD-WAN Rule, as well as the output of diagnose sys virtual wan link health-check. Which interface will be selected as an outgoing interface?
Image: Image (binary/octet-stream)
Port1
Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
Image: Image (binary/octet-stream)
Traffic matching the signature will be allowed and logged.
The exhibit contains a network diagram, firewall policies, and a firewall address object configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver. Which two changes can the administrator make to deny Webserver access for Remote-User2?
Image: Image (binary/octet-stream)
- Disable match-vip in the Deny policy. - Set the Destination address as Deny_IP in the Allow-access policy
Based on the output shown in the exhibit, which two statements are correct?
Image: Image (binary/octet-stream)
- One server was contacted to retrieve the contract information. - There is at least one server that lost packets consecutively
Given the interfaces shown in the exhibit, which two statements are true?
Image: Image (binary/octet-stream)
- Traffic between port2 and port2-vlan1 is allowed by default - port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs
Based on the raw logs shown in the exhibit, which statement is correct?
Image: Image (binary/octet-stream)
The action on firewall policy ID 1 is set to warning.
Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
Image: Image (binary/octet-stream)
The firewall policy performs the full content inspection on the file
Based on the raw log, which two statements are correct?
Image: Image (binary/octet-stream)
- Traffic is blocked because Action is set to DENY in the firewall policy - This is a security log
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
Image: Image (binary/octet-stream)
On HQ-FortiGate, enable Diffie-Hellman Group 2
The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?
Image: Image (binary/octet-stream)
Change the SSL VPN port on the client.
An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?
Image: Image (binary/octet-stream)
get router info routing-table all
The exhibit contains a network diagram, central SNAT policy, and IP pool configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24. A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1). Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied. Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?
Image: Image (binary/octet-stream)
10.200.1.1
Why did FortiGate drop the packet?
Image: Image (binary/octet-stream)
The next-hop IP address is unreachable
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match. Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up?
Image: Image (Embed)
- On both FortiGate devices, set Dead Peer Detection to On Demand. - On HQ-FortiGate, disable Diffie-Helman group 2.
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true?
Image: Image (binary/octet-stream)
- FortiGate SN FGVM010000065036 HA uptime has been reset. - FortiGate SN FGVM010000064692 has the higher HA priority
The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
Image: Image (binary/octet-stream)
If there is a full-through policy in place, users will not be prompted for authentication.
Show full summary Hide full summary

Want to create your own Flashcards for free with GoConqr? Learn more.

Similar

Social Psychology, Milgram (1963)
Robyn Chamberlain
GCSE Mathematics Topics
goldsmith.elisa
GCSE REVISION TIMETABLE
Joana Santos9567
Globalisation Case Studies
annie
AQA Business Unit 1
lauren_binney
GCSE AQA Biology 1 Quiz
Lilac Potato
Using GoConqr to teach English literature
Sarah Egan
Introduction to the Atom
Derek Cumberbatch
FV modules 1-4 infinitives- ENTER SPANISH
Pamela Dentler
Biology - B1 - AQA - GCSE - Keeping Healthy and Defending Against Infection
Josh Anderson
PSBD/PSCOD/ASSD-New
Yuvraj Sunar
Browse Library