Fortinet Network Security Engineer 4 Revision Exam And Complete Answers.
0 view 0 purchase
Course
FortiGate Operator
Institution
FortiGate Operator
What does UTM stand for? - Answer Unified Threat Management
What is FortiOS? - Answer Operating System that interfaces with FortiGate platforms or hypervisors.
Security Profiles available on FortiOS:
This profile gives the ability to perform a Man-in-the-middle (MITM) attack on protoco...
Fortinet Network Security Engineer 4
Revision Exam And Complete Answers.
What does UTM stand for? - Answer Unified Threat Management
What is FortiOS? - Answer Operating System that interfaces with FortiGate platforms or hypervisors.
Security Profiles available on FortiOS:
This profile gives the ability to perform a Man-in-the-middle (MITM) attack on protocols secured with
SSL/TLS encryption services. - Answer SSL/SSH Inspection Profile
Security Profiles available on FortiOS:
This security profile gives the ability to control where users can web browse on the internet. - Answer
Web Filter Profile and DNS Filter Profile
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
A. FortiGate uses the AD server as the collector agent.
B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
C. FortiGate does not support workstation check.
D. FortiGate directs the collector agent to use a remote LDAP server. - Answer B. FortiGate uses the
SMB protocol to read the event viewer logs from the DCs.
D. FortiGate directs the collector agent to use a remote LDAP server.
FortiGuard categories can be overridden and defined in different categories.To create a web rating
override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)
A. www.example.com:443
B. www.example.com
C. example.com
,D. www.example.com/index.html - Answer B. www.example.com
C. example.com
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
A. FortiCache
B. FortiSIEM
C. FortiAnalyzer
D. FortiSandbox
E. FortiCloud - Answer B. FortiSIEM
C. FortiAnalyzer
E. FortiCloud
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
A. The collector agent uses a Windows API to query DCs for user logins.
B. NetAPI polling can increase bandwidth usage in large networks.
C. The collector agent must search security event logs.
D. The NetSession Enum function is used to track user logouts. - Answer D. The NetSession Enum
function is used to track user logouts.
An administrator is running the following sniffer command:
diagnose sniffer packet any "icmp" 5
Which three pieces of information are included in the sniffer output?
A. Interface name
B. Ethernet header
C. IP header
D. Application header
E. Packet payload - Answer A. Interface name
C. IP header
E. Packet payload
,An administrator does not want to report the logon events of service accounts to FortiGate. What setting
on the collector agent is required to achieve this?
A. Add the support of NTLM authentication.
B. Add user accounts to Active Directory (AD).
C. Add user accounts to the FortiGate group fitter.
D. Add user accounts to the Ignore User List. - Answer D. Add user accounts to the Ignore User List.
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true
about the policy list view?
A. Policy lookup will be disabled.
B. By Sequence view will be disabled.
C. Search option will be disabled
D. Interface Pair view will be disabled. - Answer D. Interface Pair view will be disabled.
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec
VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed on FortiGate to meet the design requirements?
(Choose two)
A. Configure a high distance on the static route for the primary tunnel, and a lower distance on the
static route for the secondary tunnel.
B. Enable Dead Peer Detection.
C. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the
static route for the secondary tunnel.
D. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels. - Answer
B. Enable Dead Peer Detection.
, C. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the
static route for the secondary tunnel.
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in
both sites has been configured as Static IP Address. For site A, the local quick mode selector is
192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B? - Answer C.
192.168.2.0/24
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
B. The client FortiGate requires a manually added route to remote subnets.
C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.
D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate. - Answer C. The
client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.
D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.
Which two statements are correct about SLA targets? (Choose two.)
A.You can configure only two SLA targets per one Performance SLA.
B. SLA targets are optional.
C. SLA targets are required for SD-WAN rules with a Best Quality strategy.
D. SLA targets are used only when referenced by an SD-WAN rule. - Answer B. SLA targets are optional.
D. SLA targets are used only when referenced by an SD-WAN rule.
Which statement is correct regarding the inspection of some of the services available by web
applications embedded in third-party websites?
A. The security actions applied on the web applications will also be explicitly applied on the third-party
websites.
B. The application signature database inspects traffic only from the original web application server.
C. FortiGuard maintains only one signature of each web application that is unique.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TestSolver9. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.19. You're not tied to anything after your purchase.
