NSE4_FGT-5.6 Online Practice Questions and Answers

Which of the following statements about the FortiGate application control database are true?

(Choose two.)

Response:

A. The application control database uses TCP port 53 for downloads.

B. The application control database uses a hierarchical structure to organize application signatures.

C. The application control database is part of the IPS signatures database.

D. The application control database updates are included in the free FortiGuard service.

Which statements are true regarding active authentication?

(Choose two.)

Response:

A. Active authentication prompts the user for login credentials.

B. Active authentication is always used before passive authentication.

C. The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet protocols.

D. Enabling authentication on a policy always enforces active authentication.

Examine this partial output from the diagnose sys session list CLI command:

diagnose sys session list

session info: proto=6 proto_state=05 duration=2 expire=78 timeout=3600 flags=00000000

sockflag=00000000 sockport=0 av_idx=0 use=3

What does this output state?

Response:

A. proto_state=05 is the ICMP state

B. proto_state=05 is the UDP state

C. proto_state=05 is the TCP state

D. proto_state=05 means there is only one-way traffic

View the exhibit.

In this scenario, FGT1 has the following routing table: S*0. 0. 0. 0/0 [10/0] via 10. 40.

72. 2, port1 C172. 16. 32. 0/24 is directly connected, port2

C10. 40. 72. 0/30 is directly connected, port1

A user at 192.168.32.15 is trying to access the web server at 172.16.32.254. Which of the following

statements best describe how the FortiGate will perform reverse path forwarding checks on this traffic?

(Choose two.)

Response:

A. Strict RPF check will deny the traffic.

B. Strict RPF check will allow the traffic.

C. Loose RPF check will allow the traffic.

D. Loose RPF check will deny the traffic.

How are the application control signatures updated on a FortiGate device? Response:

A. By running the application control auto-learning feature.

B. Through FortiGuard updates.

C. By upgrading the FortiOS firmware to a newer release.

D. By clicking Update Signatures in the application control profile.

Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are

true?

(Choose two.)

Response:

A. The firmware image must be manually uploaded to each FortiGate.

B. Only secondary FortiGate devices are rebooted.

C. Uninterruptable upgrade is enabled by default.

D. Traffic load balancing is temporally disabled while upgrading the firmware.

To create a valid traffic shaping policy, which of the following matching criteria must align between a traffic

shaping policy and a firewall policy?

(Choose three.)

Response:

A. Source

B. Schedule

C. Service

D. Destination

E. Incoming interface

An administrator needs to be able to view logs for application usage on your network. What configurations

are required to ensure that FortiGate generates logs for application usage activity?

(Choose two.)

Response:

A. Enable a web filtering profile on the firewall policy.

B. Create an application control policy.

C. Enable logging on the firewall policy.

D. Enable an application control security profile on the firewall policy.

A FortiGate has multiple VDOMs operating in NAT mode with multiple VLAN interfaces in each VDOM. Which of the following statements is true regarding the IP addresses assigned to each VLAN interface? Response:

A. Different VLANs can never share the same IP address on the same physical device.

B. Different VLANs can share the same IP address as long as they are in different VDOMs.

C. Different VLANs can share the same IP address as long as they have different VLAN tag IDs.

D. Different VLANs can share the same IP address as long as they are in different physical interfaces.

Which ways can FortiGate deliver one-time passwords (OTPs) to two-factor authentication users in your

network?

(Choose three.)

Response:

A. Hardware FortiToken

B. Web portal

C. SMS

D. USB FortiToken

E. FortiToken Mobile