Fortinet Fortinet Certification FCNSP.V5 Questions & Answers

• Question 41:

  An intermittent connectivity issue is noticed between two devices located behind the FortiGate dmz and internal interfaces. A continuous sniffer trace is run on the FortiGate unit that the administrator will convert into a .cap file for an off-line analysis with a sniffer application.

  

  Given the high volume of global traffic on the network, which of the following CLI commands will best allow the administrator to perform this troubleshooting operation?

  A. diagnose sniffer packet any

  B. diagnose sniffer packet dmz "" 3

  C. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 3

  D. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 4

  Correct Answer: C

• Question 42:

  Which of the following statements correctly describes the deepscan option for HTTPS?

  A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs.

  B. Enabling deepscan will perform further checks on the server certificate.

  C. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked.

  D. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection.

  Correct Answer: A

• Question 43:

  SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?

  A. The file is buffered by the application proxy.

  B. The file is buffered by the SSL proxy.

  C. In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy.

  D. No file buffering is needed since a stream-based scanning approach is used for SSL content inspection.

  Correct Answer: A

• Question 44:

  Which of the following DLP actions will override any other action?

  A. Exempt

  B. Quarantine Interface

  C. Block

  D. None

  Correct Answer: A

• Question 45:

  Which of the following DLP actions will always be performed if it is selected?

  A. Archive

  B. Quarantine Interface

  C. Ban Sender

  D. Block

  E. None

  F. Ban

  G. Quarantine IP Address

  Correct Answer: A

• Question 46:

  The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules.

  Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.)

  A. Encrypted protocols can be scanned through the use of the SSL proxy.

  B. DLP rules can be used to block the transmission of encrypted files.

  C. Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels.

  D. Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.

  Correct Answer: ABD

• Question 47:

  A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?

  A. Any other matched DLP rules will be ignored with the exception of Archiving.

  B. Future files whose characteristics match this file will bypass DLP scanning.

  C. The traffic matching the DLP rule will bypass antivirus scanning.

  D. The client IP address will be added to a white list.

  Correct Answer: A

• Question 48:

  The following diagnostic output is displayed in the CLI:

  diag firewall auth list

  policy iD. 9, srC. 192.168.3.168, action: accept, timeout: 13427 user: forticlient_chk_only, group: flag (80020): auth timeout_ext, flag2 (40): exact group iD. 0, av group: 0 ----- 1 listed, 0 filtered -----

  Based on this output, which of the following statements is correct?

  A. Firewall policy 9 has endpoint compliance enabled but not firewall authentication.

  B. The client check that is part of an SSL VPN connection attempt failed.

  C. This user has been associated with a guest profile as evidenced by the group id of 0.

  D. An auth-keepalive value has been enabled.

  Correct Answer: A

• Question 49:

  Which of the following cannot be used in conjunction with the endpoint compliance check?

  A. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.

  B. Any form of firewall policy authentication.

  C. WAN optimization.

  D. Traffic shaping.

  Correct Answer: A

• Question 50:

  Which of the following statements is correct regarding the FortiGuard Services Web Filtering Override configuration as illustrated in the exhibit?

  

  A. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ .

  B. A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site.

  C. A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs.

  D. A client with an IP address of 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009.

  E. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ until August 7, 2009.

  Correct Answer: C