Fortinet NSE4 Questions and Answers Rated A

Fortinet NSE4 Questions and Answers Rated A Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.) A. Split tunneling is supported. B. It requires the installation of a VPN client. C. It requires the use of an Internet browser. D. It does not support traffic from third-party network applications. E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit. Answer: A. Split tunneling is supported. B. It requires the installation of a VPN client. E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit. Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) A. SSL VPN creates a HTTPS connection. IPsec does not. B. Both SSL VPNs and IPsec VPNs are standard protocols. C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. Answer: A. SSL VPN creates a HTTPS connection. IPsec does not. D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration: Which static route is automatically added to the client's routing table when the tunnel mode is activated? A. A route to a destination subnet matching the Internal_Servers address object. B. A route to the destination subnet configured in the tunnel mode widget. C. A default route. D. A route to the destination subnet configured in the SSL VPN global settings. Answer: A. A route to a destination subnet matching the Internal_Servers address object. When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? A. The remote user's virtual IP address. B. The FortiGate unit's internal IP address. C. The remote user's public IP address. D. The FortiGate unit's external IP address. Answer: B. The FortiGate unit's internal IP address. Regarding the use of web-only mode SSL VPN, which statement is correct? A. It supports SSL version 3 only. B. It requires a Fortinet-supplied plug-in on the web client. C. It requires the user to have a web browser that supports 64-bit cipher length. D. The JAVA run-time environment must be installed on the client. Answer: C. It requires the user to have a web browser that supports 64-bit cipher length. An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.) A. Create firewall policies to allow and control traffic between the source and destination IP addresses. B. Configure the appropriate user groups to allow users access to the tunnel. C. Set the operating mode to IPsec VPN mode. D. Define the phase 2 parameters. E. Define the Phase 1 parameters. Answer A. Create firewall policies to allow and control traffic between the source and destination IP addresses. D. Define the phase 2 parameters. E. Define the Phase 1 parameters. You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. Which two configuration steps are required to achieve these objectives? (Choose two.) A. Create one firewall policy. B. Create two firewall policies. C. Add a route to the remote subnet. D. Add two IPsec phases 2. Answer: B. Create two firewall policies. C. Add a route to the remote subnet. An administrator has configured a route-based site-to