NSE4-5.4 Online Practice Questions and Answers
Which protocol can an Internet browser use to download the PAC file with the web proxy configuration?
A. HTTPS
B. FTP
C. TFTP
D. HTTP
A FortiGate 60 unit is configured for your small office. The DMZ interface is connected to a network containing a web server and email server. The Internal interface is connected to a network containing 10 user workstations and the WAN1
interface is connected to your ISP.
You want to configure firewall policies so that your users can send and receive email messages to the email server on the DMZ network. You also want the email server to be able to retrieve email messages from an email server hosted by
your ISP using the POP3 protocol.
Which policies must be created for this communication? (Select all that apply.)
A. Internal > DMZ
B. DMZ > Internal
C. Internal > WAN1
D. WAN1 > Internal
E. DMZ > WAN1
F. WAN1 > DMZ
In Transparent Mode, forward-domain is an attribute of _______.
A. an interface
B. a firewall policy
C. a static route
D. a virtual domain
Based on the web filtering configuration illustrated in the exhibit,
which one of the following statements is not a reasonable conclusion?
A. Users can access both the www.google.com site and the www.fortinet.com site.
B. When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site.
C. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed.
D. Downloaded content from www.google.com will be scanned for viruses if antivirus is enabled.
To which remote device can the FortiGate send logs? (Choose three.)
A. Syslog
B. FortiAnalyzer
C. Hard drive
D. Memory
E. FortiCloud
Examine the exhibit below; then answer the question following it.
In this scenario, the FortiGate unit in Ottawa has the following routing table:
Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets?
A. The forward policy check.
B. The reverse path forwarding check.
C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate's routing table.
D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.
A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out
in the GUI in the management VDOM.
What would be a possible cause for this problem?
A. The administrator does not have the proper permissions to reassign the dmz interface.
B. The dmz interface is referenced in the configuration of another VDOM.
C. Non-management VDOMs cannot reference physical interfaces.
D. The dmz interface is in PPPoE or DHCP mode.
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.).
A. The Phase 2 will re-key even if there is no traffic.
B. There will be a DH exchange for each re-key.
C. The sequence number of ESP packets received from the peer will not be checked.
D. Quick mode selectors will default to those used in the firewall policy.
Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)
A. The collector agent does not need to search any security event logs.
B. WMI polling can increase bandwidth usage with large networks.
C. The NetSessionEnum function is used to track user logoffs.
D. The collector agent uses a Windows API to query DCs for user logins.
Which of the following statements about the FSSO collector agent timers is true?
A. The dead entry timeout interval is used to age out entries with an unverified status.
B. The workstation verify interval is used to periodically check if a workstation is still a domain member.
C. The user group cache expiry is used to age out the monitored groups.
D. The IP address change verify interval monitors the server IP address where the collector agent is installed, and updates the collector agent configuration if it changes.