NSE4 Online Practice Questions and Answers

Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.)

A. The web client SSL handshake.

B. The web server SSL handshake.

C. File buffering.

D. Communication with the URL filter process.

Which Fortinet products and features could be considered part of a comprehensive solution to monitor and prevent the leakage of sensitive data?

A. Archive non-compliant outgoing e-mails using FortiMail.

B. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate.

C. Monitor database activity using FortiAnalyzer.

D. Apply a DLP sensor to a firewall policy.

E. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk.

Which of the following statements are true regarding the web filtering modes? (Choose two.)

A. Proxy based mode allows for customizable block pages to display when sites are prevented.

B. Proxy based mode requires more resources than flow-based.

C. Flow based mode offers more settings under the advanced configuration section of the GUI.

D. Proxy based mode offers higher throughput than flow-based mode.

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)

A. DHCP

B. BOOTP

C. DNS

D. IPv6 autoconfiguration.

When creating FortiGate administrative users, which configuration objects specify the account rights?

A. Remote access profiles.

B. User groups.

C. Administrator profiles.

D. Local-in policies.

Which statement is one disadvantage of using FSSO NetAPI polling mode over FSSO Security Event Log (WinSecLog) polling mode?

A. It requires a DC agent installed in some of the Windows DC.

B. It runs slower.

C. It might miss some logon events.

D. It requires access to a DNS server for workstation name resolution.

An Internet browser is using the WPAD DNS method to discover the PAC file's URL. The DNS server replies to the browser's request with the IP address 10.100.1.10. Which URL will the browser use to download the PAC file?

A. http://10.100.1.10/proxy.pac

B. https://10.100.1.10/

C. http://10.100.1.10/wpad.dat

D. https://10.100.1.10/proxy.pac

Review the static route configuration for IPsec shown in the exhibit; then answer the question below.

Which statements are correct regarding this configuration? (Choose two.)

A. Interface remote is an IPsec interface.

B. A gateway address is not required because the interface is a point-to-point connection.

C. A gateway address is not required because the default route is used.

D. Interface remote is a zone.

Which of the following statements are true regarding traffic accelerated by an NP processor? (Choose two.)

A. TCP SYN packets are always handled by the NP Processor

B. The initial packets go to the NP Processor, where a decision is taken on if the session can be offloaded or not.

C. Packets for a session termination are always handled by the CPU.

D. The initial packets go to the CPU, where a decision is taken on if the session can be offloaded or not.

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?

A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy.

B. Enable the shape option in a firewall policy with service set to BitTorrent.

C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled.

D. Apply a traffic shaper to a protocol options profile.