FCNSP.V5 Online Practice Questions and Answers

Which of the following represents the correct order of criteria used for the selection of a Master unit within a FortiGate High Availability (HA) cluster when master override is disabled?

A. 1. port monitor, 2. unit priority, 3. up time, 4. serial number

B. 1. port monitor, 2. up time, 3. unit priority, 4. serial number

C. 1. unit priority, 2. up time, 3. port monitor, 4. serial number

D. 1. up time, 2. unit priority, 3. port monitor, 4. serial number

In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit?

A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server

B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server

C. Request: Internal Host; Slave FortiGate; Internet; Web Server

D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server

How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

A. File TypE. Microsoft Office(msoffice)

B. File TypE. Archive(zip)

C. File TypE. Unknown Filetype(unknown)

D. File NamE. "*.ppt", "*.doc", "*.xls"

E. File NamE. "*.pptx", "*.docx", "*.xlsx"

What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)

A. Enable session pick-up.

B. Only applies to connections handled by a proxy.

C. Only applies to UDP and ICMP connections.

D. Connections must not be handled by a proxy.

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device.

Exhibit A: Exhibit B

Which one of the following is the most likely reason that the cluster fails to form?

A. Password

B. HA mode

C. Hearbeat D. Override

The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.

Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)

A. An FSAE Collector Agent must be installed on every domain controller.

B. An FSAE Domain Controller Agent must be installed on every domain controller.

C. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.

D. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.

E. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.

Which of the following DLP actions will always be performed if it is selected?

A. Archive

B. Quarantine Interface

C. Ban Sender

D. Block

E. None

F. Ban

G. Quarantine IP Address

An administrator wishes to generate a report showing Top Traffic by service type. They notice that web traffic overwhelms the pie chart and want to exclude the web traffic from the report.

Which of the following statements best describes how to do this?

A. In the Service field of the Data Filter, type 80/tcp and select the NOT checkbox.

B. Add the following entry to the Generic Field section of the Data Filter: service="!web".

C. When editing the chart, uncheck wlog to indicate that Web Filtering data is being excluded when generating the chart.

D. When editing the chart, enter 'http' in the Exclude Service field.

The Host Check feature can be enabled on the FortiGate unit for SSL VPN connections. When this feature

is enabled, the FortiGate unit probes the remote host computer to verify that it is "safe" before access is

granted.

Which of the following items is NOT an option as part of the Host Check feature?

A. FortiClient Antivirus software

B. Microsoft Windows Firewall software

C. FortiClient Firewall software

D. Third-party Antivirus software

What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels?

A. Using a hub and spoke topology is required to achieve full redundancy.

B. Using a full mesh topology simplifies configuration.

C. Using a full mesh topology provides stronger encryption.

D. Full mesh topology is the most fault-tolerant configuration.