Ensurepass

QUESTION 21

When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)

 

A.

SMTP

B.

POP3

C.

HTTP

D.

FTP

 

Correct Answer: CD

 

 

QUESTION 22

Which statement regarding the firewall policy authentication timeout is true?

 

A.

It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP.

B.

It is a hard timeout. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired.

C.

It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC.

D.

It is a hard timeout. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired.

 

Correct Answer: A

 

 

QUESTION 23

Which two statements are true regarding firewall policy disclaimers? (Choose two.)

 

A.

They cannot be used in combination with user authentication.

B.

They can only be applied to wireless interfaces.

C.

Users must accept the disclaimer to continue.

D.

The disclaimer page is customizable.

 

Correct Answer: CD

 

 

QUESTION 24

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)

 

A.

SSL VPN creates a HTTPS connection. IPsec does not.

B.

Both SSL VPNs and IPsec VPNs are standard protocols.

C.

Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.

D.

Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.

 

Correct Answer: AD

 

 

 

 

 

QUESTION 25

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

 

A.

The remote user’s virtual IP address.

B.

The FortiGate unit’s internal IP address.

C.

The remote user’s public IP address.

D.

The FortiGate unit’s external IP address.

 

Correct Answer: B

 

 

QUESTION 26

A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration:

 

clip_image001

 

Which static route is automatically added to the client’s routing table when the tunnel mode is activated?

 

A.

A route to a destination subnet matching the Internal_Servers address object.

B.

A route to the destination subnet configured in the tunnel mode widget.

C.

A default route.

D.

A route to the destination subnet configured in the SSL VPN global settings.

 

Correct Answer: A

 

 

QUESTION 27

Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)

 

A.

Split tunneling is supported.

B.

It requires the installation of a VPN client.

C.

It requires the use of an Internet browser.

D.

It does not support traffic from third-party network applications.

E.

An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.

 

Correct Answer: ABE

 

 

 

QUESTION 28

Regarding the use of web-only mode SSL VPN, which statement is correct?

 

A.

It supports SSL version 3 only.

B.

It requires a Fortinet-supplied plug-in on the web client.

C.

It requires the user to have a web browser that supports 64-bit cipher length.

D.

The JAVA run-time environment must be installed on the client.

 

Correct Answer: C

 

 

QUESTION 29

Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.

 

A.

Policy-based only.

B.

Route-based only.

C.

Either policy-based or route-based VPN.

D.

GRE-based only.

 

Correct Answer: B

 

 

QUESTION 30

You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. Which two configuration steps are required to achieve these objectives? (Choose two.)

 

A.

Create one firewall policy.

B.

Create two firewall policies.

C.

Add a route to the remote subnet.

D.

Add two IPsec phases 2.

 

Correct Answer: BC

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.