NSE 4/FortiGate Security Quiz Questions and Answers

How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

Answer :
  • Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.

Which scanning technique on FortiGate can be enabled only on the CLI?

Answer :
  • Heuristics scan

Which statements about high availability (HA) for FortiGates are true? (Choose two)

Answer :
  • Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
  • HA management interface settings are synchronized between cluster members.

An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?

Answer :
  • Recursive

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

Answer :
  • The internal IP address of the FortiGate device

How does FortiGate act when using SSL VPN in web mode?

Answer :
  • FortiGate acts as an HTTP reverse proxy.

How do application control signatures update on a FortiGate device?

Answer :
  • Through FortiGuard updates

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?

Answer :
  • Disabling split tunneling

Which traffic inspection features can be executed by a security processor (SP)? (Choose three)

Answer :
  • Proxy-based antivirus
  • Attack signature matching
  • Flow-based web filtering

Which statements correctly describe transparent mode operation? (Choose three)

Answer :
  • It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
  • The FortiGate acts as transparent bridge and forwards traffic at Layer-2.