NSE 4/FortiGate Security Quiz Questions and Answers

Which statements correctly describe transparent mode operation? (Choose three)

Answer :
  • It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
  • The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two)

Answer :
  • SSH
  • HTTPS

An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?

Answer :
  • Recursive

Which statements about high availability (HA) for FortiGates are true? (Choose two)

Answer :
  • Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
  • HA management interface settings are synchronized between cluster members.

Which statements about antivirus scanning using flow-based full scan are true? (Choose two)

Answer :
  • The antivirus engine starts scanning a file after the last packet arrives.
  • FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.

How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

Answer :
  • Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.

An administrator has configured a dial-up IPsec VPN with XAuth. Which method statement best describes this scenario?

Answer :
  • Dialup clients must provide a username and password for authentication.

An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

Answer :
  • A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

What information is flushed when the chunk-size value is changed in the config dlp settings?

Answer :
  • The database for DLP document fingerprinting.

When using the WPAD DNS method, what is the FQDN format that browsers use to query the DNS server?

Answer :
  • wpad.< local-domain >