Fortinet Certified Network Security Professional (FCNSP.v5) (FCNSP.v5) Free Practice Test

Question 1

Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.)

A. In order to apply a portal to a user, that user must belong to an SSL VPN user group.

B. The portal settings specify whether the connection will operate in web-only or tunnel mode.

C. The specific routes needed to access internal resources through an SSL VPN connection in tunnel mode from the client computer are defined in the routing widget associated with the SSL VPN portal.

D. Tunnel mode can only be used if the SSL VPN user groups have at least one Host Check option enabled.

Correct Answer: A,B

Question 2

Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?

A. The proxy removes the infected file from the server by sending a delete command on behalf of the client.

B. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.

C. The proxy sends the file to the server while simultaneously buffering it.

D. The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out.

Correct Answer: D

Question 3

Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.)
config ips sensor edit "LINUX_SERVER" set comment '' set replacemsg-group '' set log enable config entries edit 1 set action default set application all set location server set log enable set log-packet enable set os Linux set protocol all set quarantine none set severity all set status default next end next
end

A. The sensor only filters which IPS signatures to apply to the selected firewall policy.

B. The sensor will match all traffic from the address object 'LINUX_SERVER'.

C. The sensor will log all server attacks for all operating systems.

D. The sensor will reset all connections that match these signatures.

E. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature.

Correct Answer: A,E

Question 4

WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?

A. The attempt will be accepted when the request comes from a known peer.

B. The attempt will be accepted when there is a matching WAN optimization passive rule.

C. The attempt will be accepted when a user on the remote peer accepts the connection request.

D. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule.

Correct Answer: D

Question 5

For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions?

A. A block action prevents the transaction. A quarantine action archives the data.

B. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.

C. A block action has a finite duration. A quarantine action must be removed by an administrator.

D. A block action is used for known users. A quarantine action is used for unknown users.

Correct Answer: B

Question 6

An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor, the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit.

Which of the following is the best explanation for the Ban Sender action NOT being available?

A. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.

B. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.

C. Firewall policy authentication is required before the Ban Sender action becomes available.

D. The Ban Sender action is never available for FTP traffic.

Correct Answer: D

Question 7

With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.
If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)

A. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.

B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.

C. The login event is sent to the Collector Agent.

D. The Collector Agent performs the DNS lookup for the authenticated client's IP address.

Correct Answer: C,D

Welcome to TestSimulate

Fortinet Certified Network Security Professional (FCNSP.v5) (FCNSP.v5) Free Practice Test