OFFER Free Fortinet FCNSP.v5 PDF and VCE Exam Dumps

Vendor: Fortinet
Exam Code: FCNSP.v4
Exam Name: Fortinet Certified Network Security Professional

QUESTION 1
What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)

A.    Enable session pick-up.
B.    Only applies to connections handled by a proxy.
C.    Only applies to UDP and ICMP connections.
D.    Connections must not be handled by a proxy.

Answer: AD

QUESTION 2
Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of ‘diag sys session stat’ for the STUDENT device. Exhibit B shows the command output of ‘diag sys session stat’ for the REMOTE device.
Exhibit A:
Exhibit B:

Given the information provided in the exhibits, which of the following statements are correct? (Select all that apply.)

A.    STUDENT is likely to be the master device.
B.    Session-pickup is likely to be enabled.
C.    The cluster mode is definitely Active-Passive.
D.    There is not enough information to determine the cluster mode.

Answer: AD

QUESTION 3
Which of the following statements are correct about the HA diag command diagnose sys ha reset- uptime? (Select all that apply.)

A.    The device this command is executed on is likely to switch from master to slave status if master
override is disabled.
B.    The device this command is executed on is likely to switch from master to slave status if master
override is enabled.
C.    This command has no impact on the HA algorithm.
D.    This command resets the uptime variable used in the HA algorithm so it may cause a new master
to become elected.

Answer: AD

QUESTION 4
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below.
Which of the following statements are correct regarding this setting? (Select all that apply.)

A.    Interface settings on port7 will not be synchronized with other cluster members.
B.    The IP address assigned to this interface must not overlap with the IP address subnet assigned to
another interface.
C.    Port7 appears in the routing table.
D.    A gateway address may be configured for port7.
E.    When connecting to port7 you always connect to the master device.

Answer: AD

QUESTION 5
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below.
Which of the following statements are correct regarding this output? (Select all that apply.)

A.    The connecting client has been allocated address 172.20.1.1.
B.    In the Phase 1 settings, dead peer detection is enabled.
C.    The tunnel is idle.
D.    The connecting client has been allocated address 10.200.3.1.

Answer: AB

QUESTION 6
Examine the Exhibit shown below; then answer the question following it.
In this scenario, the Fortigate unit in Ottawa has the following routing table:
S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2
C 172.20.167.0/24 is directly connected, port1
C 172.20.170.0/24 is directly connected, port2
Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets?

A.    The forward policy check.
B.    The reverse path forwarding check.
C.    The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit’s routing table.
D.    The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.

Answer: B

QUESTION 7
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 10
set device port1
next
edit 2
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 20
set device port2
next
end
Which of the following statements correctly describes the static routing configuration provided above?

A.    The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.
B.    The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route
will carry approximately twice as much of the traffic.
C.    The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.
D.    Only the route that is using port1 will show up in the routing table.

Answer: C

QUESTION 8
Examine the Exhibit shown below; then answer the question following it.

image
The Vancouver FortiGate unit initially had the following information in its routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2
C 172.11.11.0/24 is directly connected, port1
Afterwards, the following static route was added:
config router static
edit 6
set dst 172.20.1.0 255.255.255.0
set pririoty 0
set device port1
set gateway 172.11.12.1
next
end
Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

A.    The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing
table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.
B.    The ‘gateway’ IP address is NOT in the same subnet as the IP address of port1.
C.    The priority is 0, which means that the route will remain inactive.
D.    The static route configuration is missing the distance setting.

Answer: B

QUESTION 9
Examine the static route configuration shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.1.0 255.255.255.0
set device port1
set gateway 172.11.12.1
set distance 10
set weight 5
next
edit 2
set dst 172.20.1.0 255.255.255.0
set blackhole enable
set distance 5
set weight 10
next
end
Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)

A.    All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.
B.    As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1.
If the interface port1 is down, the traffic will be routed using the blackhole route.
C.    The FortiGate unit will NOT create a session entry in the sessi
Vendor: Fortinet
Exam Code: FCNSP.v5
Exam Name: Fortinet Certified Network Security Professional
Version: DEMO

QUESTION 1
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.)

A.    An FSSO Collector Agent must be installed on every domain controller.
B.    An FSSO Domain Controller Agent must be installed on every domain controller.
C.    The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit.
D.    The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
E.    For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client.

Answer: BD

QUESTION 2
Which of the following represents the correct order of criteria used for the selection of a Master unit within a FortiGate High Availability (HA) cluster when master override is disabled?

A.    1. port monitor, 2. unit priority, 3. up time, 4. serial number
B.    1. port monitor, 2. up time, 3. unit priority, 4. serial number
C.    1. unit priority, 2. up time, 3. port monitor, 4. serial number
D.    1. up time, 2. unit priority, 3. port monitor, 4. serial number

Answer: B

QUESTION 3
In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit?

A.    Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server
B.    Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server
C.    Request: Internal Host; Slave FortiGate; Internet; Web Server
D.    Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server Complete

Answer: A

QUESTION 4
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)

A.    VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B.    A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C.    VDOMs share firmware versions, as well as antivirus and IPS databases.
D.    Only administrative users with a ‘super_admin’ profile will be able to enter multiple VDOMs to make configuration changes.

Answer: ABC

QUESTION 5
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)

A.    Using a hub and spoke topology is required to achieve full redundancy.
B.    Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
C.    Using a hub and spoke topology provides stronger encryption.
D.    The routing at a spoke is simpler, compared to a meshed node.

Answer: BD

QUESTION 6
Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)

A.    SNMP
B.    IPSec
C.    SMTP
D.    POP3
E.    HTTP

Answer: CDE

QUESTION 7
Which of the following statements are correct regarding Application Control?

A.    Application Control is based on the IPS engine.
B.    Application Control is based on the AV engine.
C.    Application Control can be applied to SSL encrypted traffic.
D.    Application Control cannot be applied to SSL encrypted traffic.

Answer: AC

QUESTION 8
Examine the exhibit shown below then answer the question that follows it.
Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:

A.    FortiGate unit’s encryption certificate used by the SSL proxy.
B.    FortiGate unit’s signing certificate used by the SSL proxy.
C.    FortiGuard’s signing certificate used by the SSL proxy.
D.    FortiGuard’s encryption certificate used by the SSL proxy.

Answer: A

QUESTION 9
For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions?

A.    A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.
B.    A block action prevents the transaction. A quarantine action archives the data.
C.    A block action has a finite duration. A quarantine action must be removed by an administrator.
D.    A block action is used for known users. A quarantine action is used for unknown users.

Answer: A

QUESTION 10
How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

A.    File TypE. Microsoft Office(msoffice)
B.    File TypE. Archive(zip)
C.    File TypE. Unknown Filetype(unknown)
D.    File NamE. "*.ppt", "*.doc", "*.xls"
E.    File NamE. "*.pptx", "*.docx", "*.xlsx"

Answer: BE
on table when the traffic is being
routed by the blackhole route.
D.    The FortiGate unit will create a session entry in the session table when the traffic is being routed
by the blackhole route.
E.    Traffic to 172.20.1.0/24 will be shared through both routes.

Answer: AC

QUESTION 10
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway?

A.    A look-up is done only when the first packet coming from the client (SYN) arrives.
B.    A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed
when the first packet coming from the server (SYNC/ACK) arrives.
C.    A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK).
D.    A look-up is always done each time a packet arrives, from either the server or the client side.

Answer: B

If you want to pass Fortinet FCNSP.v5 successfully, donot missing to read latest lead2pass Fortinet FCNSP.v5 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/FCNSP-v5.html

         

Why Choose Lead2pass?

If you want to pass the exam successfully in first attempt you have to choose the best IT study material provider, in my opinion, Lead2pass is one of the best way to prepare for the exam.

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Up-to-Dated
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back

Comments are closed.