Fortinet Certified Network Security Professional (FCNSP v4.2) (FCNSP) Free Practice Test

Question 1

Which of the following features could be used by an administrator to block FTP uploads while still allowing FTP downloads?

A. FortiClient Check

B. Anti-Virus File-Type Blocking

C. Network Admission Control

D. Data Leak Prevention

Correct Answer: D

Question 2

An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?

A. Enable Traffic Shaping for the appropriate SIP firewall policy.

B. Run the set udp-idle-timer CLI command and set a lower time value.

C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command.

D. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured.

Correct Answer: D

Question 3

In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling.
Which of the following statements is true about the IP address used by the SSL VPN client?

A. The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings.

B. The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options.

C. Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established.

Correct Answer: A

Question 4

Based on the web filtering configuration illustrated in the exhibit, which one of the following statements is not a reasonable conclusion?

A. Downloaded content from www.google.com will be scanned for viruses if antivirus is enabled.

B. Users can access both the www.google.com site and the www.fortinet.com site.

C. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed.

D. When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site.

Correct Answer: D

Question 5

The eicar test virus is put into a zip archive, which is given the password of "Fortinet" in order to open the archive. Review the configuration in the exhibits shown below; then answer the question that follows.
Exhibit A - Antivirus Profile:

Exhibit B - Non-default UTM Proxy Options Profile: Exhibit C - DLP Profile:

Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol?

A. Only Exhibit C with non-default UTM Proxy settings (Exhibit B).

B. Only Exhibit B

C. Only Exhibit C with default UTM Proxy settings.

D. All of the Exhibits (A, B and C)

E. Only Exhibit A

Correct Answer: C

Question 6

Which of the following statements is correct about configuring web filtering overrides?

A. The Override option for FortiGuard Web Filtering is available for any user group type.

B. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.

C. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor.

D. Using Web Filtering Overrides requires the use of Firewall Policy Authentication.

Correct Answer: B

Welcome to TestSimulate

Fortinet Certified Network Security Professional (FCNSP v4.2) (FCNSP) Free Practice Test