Fortinet NSE4 - Test 3 Questions &
Answers | Questions with 100% Correct
Answers | Verified | Updated 2024
Which two statements about incoming and outgoing interfaces in firewall policies are true? ✔✔
Which of the following can be selected in the firewall policy Destination field? ✔✔a VIP object
Which three methods can be used to deliver the token code to a user who is configured to use
two-factor authentication? ✔✔FortiToken
SMS
Email
What are the security checks FortiGate does on a Certificate intercepted from a SSL server sent
to a internal client? ✔✔- Trust: FortiGate must have the CA certificate in its certificate store.
- Signature Verification:
, - Validity dates
- Revocation checking (CRL or OCSP)
Describe outbound Deep SSL Inspection set to allow: ✔✔if server cert is trusted, sends
the client a trusted cert.
if server cert is untrusted, send the client an untrust cert
How can you get Botnet data base? ✔✔Botnet IPs and Domains subscription is part
of FortiGuard Antivirus license
Describe DNS-Botnet Command and Control Database: ✔✔- DNS lookups are checked
against c&c DB
- Imports FortiGuard botnet database dynamically
- Requires FortiGuards antivirus license
- Requires FortiGuards web filter license for DNS filter
What are the 2 Proxy WPAD file methods? ✔✔- DHCP query (browser send s
DHCPINFORM query to server)
- DNS query (browser resolves wpad.<local-domain>)
What is the function of WAF web application firewall? ✔✔- protect against
botnets - prevent servers from disclosing information
Answers | Questions with 100% Correct
Answers | Verified | Updated 2024
Which two statements about incoming and outgoing interfaces in firewall policies are true? ✔✔
Which of the following can be selected in the firewall policy Destination field? ✔✔a VIP object
Which three methods can be used to deliver the token code to a user who is configured to use
two-factor authentication? ✔✔FortiToken
SMS
What are the security checks FortiGate does on a Certificate intercepted from a SSL server sent
to a internal client? ✔✔- Trust: FortiGate must have the CA certificate in its certificate store.
- Signature Verification:
, - Validity dates
- Revocation checking (CRL or OCSP)
Describe outbound Deep SSL Inspection set to allow: ✔✔if server cert is trusted, sends
the client a trusted cert.
if server cert is untrusted, send the client an untrust cert
How can you get Botnet data base? ✔✔Botnet IPs and Domains subscription is part
of FortiGuard Antivirus license
Describe DNS-Botnet Command and Control Database: ✔✔- DNS lookups are checked
against c&c DB
- Imports FortiGuard botnet database dynamically
- Requires FortiGuards antivirus license
- Requires FortiGuards web filter license for DNS filter
What are the 2 Proxy WPAD file methods? ✔✔- DHCP query (browser send s
DHCPINFORM query to server)
- DNS query (browser resolves wpad.<local-domain>)
What is the function of WAF web application firewall? ✔✔- protect against
botnets - prevent servers from disclosing information
