Fortinet NSE4 - Test 2 Questions &
Answers | Questions with 100% Correct
Answers | Verified | Updated 2024
What are FortiGate inspection modes? ✔✔- Flow-based (support flow-based)
- NGFW Profile-based (default)
- NGFW Policy-based
- Proxy-based
- Proxy-based profiles (default)
- Flow-based profiles (CLI)
Describe flow-based inspection: ✔✔- Single pass, direct filter approach (DFA)
- Requires fewer resources
- Faster scanning
During the digital verification process, comparing the original and fresh hash results
satisfies which security requirement? ✔✔- Data Integrity
An administration wants to throttle the total volume of SMTP sessions to their email server.
Which of the following DoS sensors can be used to achieve this? ✔✔tcp_port_scan: This pre-
defined DOS anomaly is used if the SYN packet rate of new TCP connections, including re-
, transmission, from one source IP address exceeds the configured threshold value, the action is
executed. (SMTP uses TCP) (Firewall > Security policies > DoS Protection)
Which statements about a One-to-One IP pool are true? (choose two) ✔✔- It allows the
fixed mapping of an internal address range to an external address rage.
- It doesn't use port address translation.
Which of the following FortiGate configuration tasks will create a route in the policy route
table? (Choose two.) ✔✔- Static route created with a ISDB object
- SD-WAN rule created to route traffic based on link latency.
(FortiGate Infrastructure 6.2 Study Guide page 13)
A company needs to provide SSL VPN access to two user groups. The company also needs to
display different welcome messages on the SSL VPN login screen for both user groups. What
is required in the SSL VPN configuration to meet these requirements? ✔✔Different SSL VPN
realms for each group.
What are the best practice to strengthen the security of SSL VPN access? ✔✔- Config
host restriction by IP or MAC address
- Config 2 factor auth using security certificates
- Config a client integrity check (host check)
Answers | Questions with 100% Correct
Answers | Verified | Updated 2024
What are FortiGate inspection modes? ✔✔- Flow-based (support flow-based)
- NGFW Profile-based (default)
- NGFW Policy-based
- Proxy-based
- Proxy-based profiles (default)
- Flow-based profiles (CLI)
Describe flow-based inspection: ✔✔- Single pass, direct filter approach (DFA)
- Requires fewer resources
- Faster scanning
During the digital verification process, comparing the original and fresh hash results
satisfies which security requirement? ✔✔- Data Integrity
An administration wants to throttle the total volume of SMTP sessions to their email server.
Which of the following DoS sensors can be used to achieve this? ✔✔tcp_port_scan: This pre-
defined DOS anomaly is used if the SYN packet rate of new TCP connections, including re-
, transmission, from one source IP address exceeds the configured threshold value, the action is
executed. (SMTP uses TCP) (Firewall > Security policies > DoS Protection)
Which statements about a One-to-One IP pool are true? (choose two) ✔✔- It allows the
fixed mapping of an internal address range to an external address rage.
- It doesn't use port address translation.
Which of the following FortiGate configuration tasks will create a route in the policy route
table? (Choose two.) ✔✔- Static route created with a ISDB object
- SD-WAN rule created to route traffic based on link latency.
(FortiGate Infrastructure 6.2 Study Guide page 13)
A company needs to provide SSL VPN access to two user groups. The company also needs to
display different welcome messages on the SSL VPN login screen for both user groups. What
is required in the SSL VPN configuration to meet these requirements? ✔✔Different SSL VPN
realms for each group.
What are the best practice to strengthen the security of SSL VPN access? ✔✔- Config
host restriction by IP or MAC address
- Config 2 factor auth using security certificates
- Config a client integrity check (host check)
