Fortinet Fortinet Certification FCNSP.V5 Questions & Answers

• Question 101:

  The eicar test virus is put into a zip archive, which is given the password of "Fortinet" in order to open the archive. Review the configuration in the exhibits shown below; then answer the question that follows.

  Exhibit A Antivirus Profile:

  

  Exhibit B Non-default UTM Proxy Options Profile: Exhibit C DLP Profile:

  

  

  Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol?

  A. Only Exhibit A

  B. Only Exhibit B

  C. Only Exhibit C with default UTM Proxy settings.

  D. All of the Exhibits (A, B and C)

  E. Only Exhibit C with non-default UTM Proxy settings (Exhibit B).

  Correct Answer: C

• Question 102:

  With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.

  If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)

  A. The login event is sent to the Collector Agent.

  B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.

  C. The Collector Agent performs the DNS lookup for the authenticated client's IP address.

  D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.

  Correct Answer: AC

• Question 103:

  What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)

  A. Enable session pick-up.

  B. Only applies to connections handled by a proxy.

  C. Only applies to UDP and ICMP connections.

  D. Connections must not be handled by a proxy.

  Correct Answer: AD

• Question 104:

  Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'diag sys session stat' for the STUDENT device. Exhibit B shows the command output of 'diag sys session stat' for the REMOTE device.

  Exhibit A:

  

  Exhibit B: Given the information provided in the exhibits, which of the following statements are correct? (Select all that apply.)

  

  A. STUDENT is likely to be the master device.

  B. Session-pickup is likely to be enabled.

  C. The cluster mode is definitely Active-Passive.

  D. There is not enough information to determine the cluster mode.

  Correct Answer: AD

• Question 105:

  Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.)

  A. The device this command is executed on is likely to switch from master to slave status if master override is disabled.

  B. The device this command is executed on is likely to switch from master to slave status if master override is enabled.

  C. This command has no impact on the HA algorithm.

  D. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

  Correct Answer: AD

• Question 106:

  In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below.

  

  Which of the following statements are correct regarding this setting? (Select all that apply.)

  A. Interface settings on port7 will not be synchronized with other cluster members.

  B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.

  C. Port7 appears in the routing table.

  D. A gateway address may be configured for port7.

  E. When connecting to port7 you always connect to the master device.

  Correct Answer: AD

• Question 107:

  In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit.

  

  A. The HA mode changes to standalone.

  B. Port3 is configured with an IP address for management access.

  C. The Firewall rules are purged on the disconnected unit.

  D. All other interface IP settings are maintained.

  Correct Answer: AB

• Question 108:

  Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device.

  Exhibit A: Exhibit B

  

  

  Which one of the following is the most likely reason that the cluster fails to form?

  A. Password

  B. HA mode

  C. Hearbeat D. Override

  Correct Answer: B

• Question 109:

  Examine the following log message for IPS and identify the valid responses below. (Select all that apply.)

  2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50"

  A. The target is 192.168.3.168.

  B. The target is 192.168.3.170.

  C. The attack was detected and blocked.

  D. The attack was detected only.

  E. The attack was TCP based.

  Correct Answer: BD

• Question 110:

  Identify the statement which correctly describes the output of the following command:

  diagnose ips anomaly list

  A. Lists the configured DoS policy.

  B. List the real-time counters for the configured DoS policy.

  C. Lists the errors captured when compiling the DoS policy.

  Correct Answer: B