Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 231:

  Which of the following statements are true regarding Local User Authentication? (Select all that apply.)

  A. Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.

  B. Two-factor authentication can be enabled on a per user basis.

  C. Administrators can create an account for the user locally and specify the remote server to verify the password.

  D. Local users are for administration accounts only and cannot be used for identity policies.

  Correct Answer: ABC

• Question 232:

  Examine the firewall configuration shown below; then answer the question following it.

  

  Which of the following statements are correct based on the firewall configuration illustrated in the exhibit? (Select all that apply.)

  A. A user can access the Internet using only the protocols that are supported by user authentication.

  B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access.

  C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.

  D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication.

  Correct Answer: AD

• Question 233:

  Which of the following statements regarding the firewall policy authentication timeout is true?

  A. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source IP.

  B. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user's source IP after this timer has expired.

  C. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source MAC.

  D. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user's source MAC after this timer has expired.

  Correct Answer: A

• Question 234:

  Which of the following are valid FortiGate device interface methods for handling DNS requests? (Select all that apply.)

  A. Forward-only

  B. Non-recursive

  C. Recursive

  D. Iterative

  E. Conditional-forward

  Correct Answer: ABC

• Question 235:

  The default administrator profile that is assigned to the default "admin" user on a FortGate device is: _______________.

  A. trusted-admin

  B. super_admin

  C. super_user

  D. admin

  E. fortiner-root

  Correct Answer: B

• Question 236:

  Which of the following logging options are supported on a FortiGate unit? (Select all that apply.)

  A. LDAP

  B. Syslog

  C. FortiAnalyzer

  D. Local disk and/or memory

  Correct Answer: BCD

• Question 237:

  In order to match an identity-based policy, the FortiGate unit checks the IP information. Once inside the policy, the following logic is followed:

  A. First, a check is performed to determine if the user's login credentials are valid. Next, the user is checked to determine if they belong to any of the groups defined for that policy. Finally, user restrictions are determined and port, time, and UTM profiles are applied.

  B. First, user restrictions are determined and port, time, and UTM profiles are applied. Next, a check is performed to determine if the user's login credentials are valid. Finally, the user is checked to determine if they belong to any of the groups defined for that policy.

  C. First, the user is checked to determine if they belong to any of the groups defined for that policy. Next, user restrictions are determined and port, time, and UTM profiles are applied. Finally, a check is performed to determine if the user's login credentials are valid.

  Correct Answer: A

• Question 238:

  Which of the following products is designed to manage multiple FortiGate devices?

  A. FortiGate device

  B. FortiAnalyzer device

  C. FortiClient device

  D. FortiManager device

  E. FortiMail device

  F. FortiBridge device

  Correct Answer: D

• Question 239:

  Which of the following products provides dedicated hardware to analyze log data from multiple FortiGate devices?

  A. FortiGate device

  B. FortiAnalyzer device

  C. FortiClient device

  D. FortiManager device

  E. FortiMail device

  F. FortiBridge device

  Correct Answer: B

• Question 240:

  The FortiGate unit's GUI provides a link to update the firmware. Clicking this link will perform which of the following actions?

  A. It will connect to the Fortinet Support site where the appropriate firmware version can be selected.

  B. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit.

  C. It will present a prompt to allow browsing to the location of the firmware file.

  D. It will automatically connect to the Fortinet Support site to download the most recent firmware version for the FortiGate unit.

  Correct Answer: C