Fortinet NSE 4 - FortiOS 7.2 (C-HRHFC-2311) Free Practice Test

Question 1

51 Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

A. FortiGate can inspect sub-application traffic regardless where it was originated.

B. FortiGuard maintains only one signature of each web application that is unique.

C. The security actions applied on the web applications will also be explicitly applied on the third-party websites.

D. The application signature database inspects traffic only from the original web application server.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

A. Proxy-based inspection

B. Flow-based inspection

C. Certificate inspection

D. Full Content inspection

Correct Answer: A,B

Question 3

Which statement is correct regarding the use of application control for inspecting web applications?

A. Application control signatures are organized in a nonhierarchical structure.

B. Application control does not display a replacement message for a blocked web application.

C. Application control does not require SSL inspection to identity web applications.

D. Application control can identity child and parent applications, and perform different actions on them.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

A. Application header

B. Interface name

C. Ethernet header

D. IP header

E. Packet payload

Correct Answer: B,D,E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

A. Implement a DNS filter for the specified website.

B. Implement web filter authentication for the specified website.

C. Implement a web filter category override for the specified website

D. Implement web filter quotas for the specified website

Correct Answer: B

Question 6

Which two statements describe how the RPF check is used? (Choose two.)

A. The RPF check is run on the first sent and reply packet of any new session.

B. The RPF check is run on the first reply packet of any new session.

C. The RPF check is a mechanism that protects FortiGate and the network from IP spoofing attacks.

D. The RPF check is run on the first sent packet of any new session.

Correct Answer: C,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)

A. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

B. The two VLAN subinterfaces must have different VLAN IDs.

C. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

D. The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs.

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A. SMMIE Capabilities value

B. Subject value

C. Subject Key Identifier value

D. Subject Alternative Name value

Correct Answer: C

Question 9

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

A. Dialup User

B. Pre-shared Key

C. Static IP Address

D. Dynamic DNS

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

Refer to the exhibit.

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

A. The ports default route has the highest distance.

B. The port3 default route has the lowest metric.

C. The port1 and port2 default routes are active in the routing table.

D. There will be eight routes active in the routing table.

Correct Answer: A,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.

If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

A. 10.200.3.1, 10.0.1.10, and 443, respectively

B. 10.0.1.254, 10.0.1.10, and 443, respectively

C. 10.0.1.254, 10.200.1.10, and 443, respectively

D. 10.0.1.254, 10.0.1.10, and 10443, respectively

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

Which two statements are true about the FGCP protocol? (Choose two.)

A. FGCP is used to discover FortiGate devices in different HA groups.

B. FGCP elects the primary FortiGate device.

C. FGCP runs only over the heartbeat links.

D. FGCP is not used when FortiGate is in transparent mode.

Correct Answer: B,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

SAP Fortinet NSE 4 - FortiOS 7.2 (C-HRHFC-2311) Free Practice Test