Ensurepass

QUESTION 41

Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)

 

A.

Only one proxy is supported.

B.

Can be manually imported to the browser.

C.

The browser can automatically download it from a web server.

D.

Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.

 

Correct Answer: CD

 

 

QUESTION 42

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)

 

A.

DHCP

B.

BOOTP

C.

DNS

D.

IPv6 autoconfiguration

 

Correct Answer: AC

 

 

QUESTION 43

What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?

 

A.

Users are required to manually enter their credentials each time they connect to a different web site.

B.

Proxy users are authenticated via FSSO.

C.

There are multiple users sharing the same IP address.

D.

Proxy users are authenticated via RADIUS.

 

Correct Answer: C

 

 

QUESTION 44

Which two web filtering inspection modes inspect the full URL? (Choose two.)

 

A.

DNS-based.

B.

Proxy-based.

C.

Flow-based.

D.

URL-based.

 

Correct Answer: BC

 

 

QUESTION 45

Which web filtering inspection mode inspects DNS traffic?

 

A.

DNS-based.

B.

FQDN-based.

C.

Flow-based.

D.

URL-based.

 

Correct Answer: A

 

 

QUESTION 46

Which statements are correct regarding URL filtering on a FortiGate unit? (Choose two.)

 

A.

The allowed actions for URL filtering include allow, block, monitor and exempt.

B.

The allowed actions for URL filtering are Allow and Block only.

C.

URL filters may be based on patterns using simple text, wildcards and regular expressions.

D.

URL filters are based on simple text only and require an exact match.

 

Correct Answer: AC

 

 

 

QUESTION 47

Which of the following regular expression patterns make the terms “confidential data” case insensitive?

 

A.

[confidential data]

B.

/confidential data/i

C.

i/confidential data/

D.

“confidential data”

 

Correct Answer: B

 

 

QUESTION 48

Which statements are correct regarding application control? (Choose two.)

 

A.

It is based on the IPS engine.

B.

It is based on the AV engine.

C.

It can be applied to SSL encrypted traffic.

D.

Application control cannot be applied to SSL encrypted traffic.

 

Correct Answer: AC

 

 

QUESTION 49

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?

 

A.

Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy.

B.

Enable the shape option in a firewall policy with service set to BitTorrent.

C.

Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled.

D.

Apply a traffic shaper to a protocol options profile.

 

Correct Answer: A

 

 

QUESTION 50

Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with a firewall policy? (Choose two.)

 

A.

Shared traffic shaping cannot be used.

B.

Only traffic matching the application control signature is shaped.

C.

Can limit the bandwidth usage of heavy traffic applications.

D.

Per-IP traffic shaping cannot be used.

 

Correct Answer: BC

 

Free VCE & PDF File for Fortinet NSE4 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.