NSE 4/FortiGate Security Quiz Questions and Answers

How do application control signatures update on a FortiGate device?

Answer :
  • Through FortiGuard updates

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two)

Answer :
  • SSH
  • HTTPS

Which statements correctly describe transparent mode operation? (Choose three)

Answer :
  • It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
  • The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

Which statement is true regarding the policy ID numbers of firewall policies?

Answer :
  • Are required to modify a firewall policy from the CLI

An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?

Answer :
  • Recursive

Which statements about high availability (HA) for FortiGates are true? (Choose two)

Answer :
  • Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
  • HA management interface settings are synchronized between cluster members.

Which statements about antivirus scanning using flow-based full scan are true? (Choose two)

Answer :
  • The antivirus engine starts scanning a file after the last packet arrives.
  • FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.

How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

Answer :
  • Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.

What is the purpose of the Policy Lookup feature?

Answer :
  • It searches the matching policy based on input criteria.

FortiGate has been configured for Firewall Authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the most likely reason for this situation?

Answer :
  • The user was authenticated using passive authentication.