Fortinet Fortinet Certification FCNSP.V5 Questions & Answers

• Question 31:

  A static route is configured for a FortiGate unit from the CLI using the following commands:

  config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end

  Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit's routing table?

  A. The Administrative Status of the wan1 interface is displayed as Up.

  B. The Link Status of the wan1 interface is displayed as Up.

  C. All other default routes should have an equal or higher distance.

  D. You must disable DHCP client on that interface.

  Correct Answer: D

• Question 32:

  If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)?

  A. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors.

  B. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors.

  C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options.

  D. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings.

  E. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options.

  Correct Answer: C

• Question 33:

  If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?

  A. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR).

  B. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR).

  C. At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.

  D. The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP.

  E. By design, BGP cannot redistribute routes learned through OSPF.

  Correct Answer: C

• Question 34:

  An administrator has formed a High Availability cluster involving two FortiGate 310B units.

  [Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ]

  The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.

  Which of the following options describes the best step the administrator can take?

  The administrator should...

  A. set up a full-mesh design which uses redundant interfaces.

  B. increase the number of FortiGate units in the cluster and configure HA in Active-Active mode.

  C. enable monitoring of all active interfaces.

  D. configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.

  Correct Answer: A

• Question 35:

  In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?

  A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server

  B. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server

  C. Request: Internal Host -> Slave FG -> Internet -> Web Server

  D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server

  Correct Answer: A

• Question 36:

  Which of the following statements is not correct regarding virtual domains (VDOMs)?

  A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.

  B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.

  C. A backup management VDOM will synchronize the configuration from an active management VDOM.

  D. VDOMs share firmware versions, as well as antivirus and IPS databases.

  E. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.

  Correct Answer: C

• Question 37:

  A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

  

  Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Select all that apply.)

  A. The administrator should configure inter-VDOM links to avoid using external interfaces and routers.

  B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. This provides the same level of security internally as externally.

  C. This configuration requires the use of an external router.

  D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.

  E. As each VDOM has an independant routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.

  Correct Answer: ABE

• Question 38:

  A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

  

  Which of the following statements are correct regarding these VDOMs? (Select all that apply.)

  A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes.

  B. The FortiGate unit must be a model 1000 or above to support multiple VDOMs.

  C. A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled.

  D. All VDOMs must operate in the same mode.

  E. Changing a VDOM operational mode requires a reboot of the FortiGate unit.

  F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs.

  Correct Answer: AF

• Question 39:

  A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM.

  What would be a possible cause for this problem?

  A. The dmz interface is referenced in the configuration of another VDOM.

  B. The administrator does not have the proper permissions to reassign the dmz interface.

  C. Non-management VDOMs can not reference physical interfaces.

  D. The dmz interface is in PPPoE or DHCP mode.

  E. Reassigning an interface to a different VDOM can only be done through the CLI.

  Correct Answer: A

• Question 40:

  A FortiGate unit is operating in NAT/Route mode and is configured with two Virtual LAN (VLAN) sub-interfaces added to the same physical interface.

  Which of the following statements is correct regarding the VLAN IDs in this scenario?

  A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.

  B. The two VLAN sub-interfaces must have different VLAN IDs.

  C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.

  D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

  Correct Answer: B