QUESTION 71
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?
|
A. |
Request: internal host; slave FortiGate; master FortiGate; Internet; web server. |
|
B. |
Request: internal host; slave FortiGate; Internet; web server. |
|
C. |
Request: internal host; slave FortiGate; master FortiGate; Internet; web server. |
|
D. |
Request: internal host; master FortiGate; slave FortiGate; Internet; web server. |
Correct Answer: D
QUESTION 72
Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. Which one of the following is the most likely reason that the cluster fails to form?
Exhibit A:
Exhibit B
|
A. |
Password |
|
B. |
HA mode |
|
C. |
Hearbeat |
|
D. |
Override |
Correct Answer: B
QUESTION 73
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below. Which statements are correct regarding this setting? (Choose two.)
|
A. |
Interface settings on port7 will not be synchronized with other cluster members. |
|
B. |
The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface. |
|
C. |
When connecting to port7 you always connect to the master device. |
|
D. |
A gateway address may be configured for port7. |
Correct Answer: AD
QUESTION 74
The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members. What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.)
|
A. |
Port3 is configured with an IP address for management access. |
|
B. |
The firewall rules are purged on the disconnected unit. |
|
C. |
The HA mode changes to standalone. |
|
D. |
The system hostname is set to the unit serial number. |
Correct Answer: AC
QUESTION 75
Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled?
|
A. |
1. port monitor, 2. unit priority, 3. up time, 4. serial number. |
|
B. |
1. port monitor, 2. up time, 3. unit priority, 4. serial number. |
|
C. |
1. unit priority, 2. up time, 3. port monitor, 4. serial number. |
|
D. |
1. up time, 2. unit priority, 3. port monitor, 4. serial number. |
Correct Answer: B
QUESTION 76
Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.)
|
A. |
The device this command is executed on is likely to switch from master to slave status if override is disabled. |
|
B. |
The device this command is executed on is likely to switch from master to slave status if override is enabled. |
|
C. |
This command has no impact on the HA algorithm. |
|
D. |
This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected. |
Correct Answer: AD
QUESTION 77
What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.)
|
A. |
Enable session pick-up. |
|
B. |
Enable override. |
|
C. |
Connections must be UDP or ICMP. |
|
D. |
Connections must not be handled by a proxy. |
Correct Answer: AD
QUESTION 78
Review the static route configuration for IPsec shown in the exhibit; then answer the question below. Which statements are correct regarding this configuration? (Choose two.)
|
A. |
Interface remote is an IPsec interface. |
|
B. |
A gateway address is not required because the interface is a point-to-point connection. |
|
C. |
A gateway address is not required because the default route is used. |
|
D. |
Interface remote is a zone. |
Correct Answer: AB
QUESTION 79
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. Which statements is correct regarding this output?
|
A. |
One tunnel is rekeying. |
|
B. |
Two tunnels are rekeying. |
|
C. |
Two tunnels are up. |
|
D. |
One tunnel is up. |
Correct Answer: C
QUESTION 80
Which statement is an advantage of using a hub and spoke IPsec VPN configuration instead of a fully-meshed set of IPsec tunnels?
|
A. |
Using a hub and spoke topology provides full redundancy. |
|
B. |
Using a hub and spoke topology requires fewer tunnels. |
|
C. |
Using a hub and spoke topology uses stronger encryption protocols. |
|
D. |
Using a hub and spoke topology requires more routes. |
Correct Answer: B
Free VCE & PDF File for Fortinet NSE4 Real Exam
Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF