Fortinet NSE4 - Test questions 3 with Complete & Verified Solutions| 100% Correct

Fortinet NSE4 - Test questions 3 with Complete & Verified Solutions| 100% Correct Describe Application control: - Answer ️️ -- Requires ssl/ssh inspection profile to scan secure protocols - It's flow based inspection (no proxy based) - Uses IPS engine - It can be selected in either flow-based or proxy-based firewall policy. In what operation mode does FortiGate need to be to route traffic between VLans? - Answer ️️ -- NAT mode What can cause NAT port exhaustion? - Answer ️️ -Increased traffic traversing the border fw can cause NAT port exhaustion Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels? - Answer ️️ -In aggressive mode, the remote peers are able to provide their peer IDs in the first message. Which of the following statements about policy-based IPSec tunnels are true? - Answer ️️ -A. They can be configured in both NAT/Route and transparent operation modes. B. They support L2TP-over-IPsec. NO C. They require two firewall policies: one for each directions of traffic flow. NO D. They support GRE-over-IPsec. A&B ? Which two statements about advanced AD access mode for the FSSO collector agent are true? - Answer ️️ -- FortiGate can act as an LDAP client to configure the group filters. - It is only supported if DC agents are deployed. Which statement about firewall policy NAT is true? - Answer ️️ -You must configure SNAT & DNAT for each firewall policy. Which two statements about incoming and outgoing interfaces in firewall policies are true? - Answer ️️ - Which of the following can be selected in the firewall policy Destination field? - Answer ️️ -a VIP object Which three methods can be used to deliver the token code to a user who is configured to use two-factor authentication? - Answer ️️ -FortiToken SMS Email What are the security checks FortiGate does on a Certificate intercepted from a SSL server sent to a internal client? - Answer ️️