Fortinet NSE4 test Questions & Answers |
Questions with 100% Correct Answers |
Verified | Updated 2024
Regarding the use of web-only mode SSL VPN, which statement is correct?
A. It supports SSL version 3 only.
B. It requires a Fortinet-supplied plug-in on the web client.
C. It requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client. ✔✔Answer:
C. It requires the user to have a web browser that supports 64-bit cipher length.
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario?
(Choose three.)
A. Create firewall policies to allow and control traffic between the source and destination IP
addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
,C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters. ✔✔Answer
A. Create firewall policies to allow and control traffic between the source and destination IP
addresses.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-
based mode. Users from either side must be able to initiate new sessions. There is only 1
subnet at either end and the FortiGate already has a default route.
Which two configuration steps are required to achieve these objectives? (Choose two.)
A. Create one firewall policy.
B. Create two firewall policies.
C. Add a route to the remote subnet.
D. Add two IPsec phases 2. ✔✔Answer:
B. Create two firewall policies.
,C. Add a route to the remote subnet.
An administrator has configured a route-based site-to-site IPsec VPN. Which statement
is correct regarding this IPsec VPN configuration?
A. The IPsec firewall policies must be placed at the top of the list.
B. This VPN cannot be used as part of a hub and spoke topology.
C. Routes are automatically created based on the quick mode selectors.
D. A virtual IPsec interface is automatically created after the Phase 1 configuration
is completed. ✔✔Answer:
D. A virtual IPsec interface is automatically created after the Phase 1 configuration
is completed.
What is IPsec Perfect Forwarding Secrecy (PFS)?.
A. A phase-1 setting that allows the use of symmetric encryption.
B. A phase-2 setting that allows the recalculation of a new common secret key each time the
session key expires.
C. A 'key-agreement' protocol.
D. A 'security-association-agreement' protocol. ✔✔Answer:
, B. A phase-2 setting that allows the recalculation of a new common secret key each time the
session key expires.
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
A. Policy-based only.
B. Route-based only.
C. Either policy-based or route-based VPN.
D. GRE-based only. ✔✔Answer:
B. Route-based only.
Which antivirus and attack definition update options are supported by FortiGate units?
(Choose two.)
A. Manual update by downloading the signatures from the support site.
B. Pull updates from the FortiGate.
C. Push updates from a FortiAnalyzer.
D. execute fortiguard-AV-AS command from the CLI. ✔✔Answer:
A. Manual update by downloading the signatures from the support site.
Questions with 100% Correct Answers |
Verified | Updated 2024
Regarding the use of web-only mode SSL VPN, which statement is correct?
A. It supports SSL version 3 only.
B. It requires a Fortinet-supplied plug-in on the web client.
C. It requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client. ✔✔Answer:
C. It requires the user to have a web browser that supports 64-bit cipher length.
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario?
(Choose three.)
A. Create firewall policies to allow and control traffic between the source and destination IP
addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
,C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters. ✔✔Answer
A. Create firewall policies to allow and control traffic between the source and destination IP
addresses.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-
based mode. Users from either side must be able to initiate new sessions. There is only 1
subnet at either end and the FortiGate already has a default route.
Which two configuration steps are required to achieve these objectives? (Choose two.)
A. Create one firewall policy.
B. Create two firewall policies.
C. Add a route to the remote subnet.
D. Add two IPsec phases 2. ✔✔Answer:
B. Create two firewall policies.
,C. Add a route to the remote subnet.
An administrator has configured a route-based site-to-site IPsec VPN. Which statement
is correct regarding this IPsec VPN configuration?
A. The IPsec firewall policies must be placed at the top of the list.
B. This VPN cannot be used as part of a hub and spoke topology.
C. Routes are automatically created based on the quick mode selectors.
D. A virtual IPsec interface is automatically created after the Phase 1 configuration
is completed. ✔✔Answer:
D. A virtual IPsec interface is automatically created after the Phase 1 configuration
is completed.
What is IPsec Perfect Forwarding Secrecy (PFS)?.
A. A phase-1 setting that allows the use of symmetric encryption.
B. A phase-2 setting that allows the recalculation of a new common secret key each time the
session key expires.
C. A 'key-agreement' protocol.
D. A 'security-association-agreement' protocol. ✔✔Answer:
, B. A phase-2 setting that allows the recalculation of a new common secret key each time the
session key expires.
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
A. Policy-based only.
B. Route-based only.
C. Either policy-based or route-based VPN.
D. GRE-based only. ✔✔Answer:
B. Route-based only.
Which antivirus and attack definition update options are supported by FortiGate units?
(Choose two.)
A. Manual update by downloading the signatures from the support site.
B. Pull updates from the FortiGate.
C. Push updates from a FortiAnalyzer.
D. execute fortiguard-AV-AS command from the CLI. ✔✔Answer:
A. Manual update by downloading the signatures from the support site.
