Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Fortinet FCNSP Exam -

Free FCNSP Sample Questions:

Q: 1
FortiGate unit is configured with three Virtual Domains (VDMOs) as illustrated in the exhibit.
(This exhibit is not available in this demo)
Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Select all that apply.)
A. The administrator should configure inter-VDOM links to avoid using external interfaces and routers.
B. As with ail FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any Interface, Including iner-VDOM links. This provides the same level of security internally as externally.
C. This configuration requires the use of an external router.
D. Inter-VDOM routing is autornatically provided if all the sublets that need to be routed are locally attached. As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OOPF) in each VDOM to route traffic between VDOMs.
Answer: D

Q: 2
What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels?
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a full mesh topology simplifies configuration.
C. Using a full mesh topology provides stronger encryption.
D. Full mesh topology is the most fault-tolerant configuration.
Answer: B

Q: 3
The FortiGate Server Authentication Extensions (FSAE) provides a single sign on soulution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply)
A. An FSAE Collector Agent must be installed on every domain controller.
B. An FSAE Domain ollector Agent must be installed on every domain controller.
C. The FSAE Domain ollector Agent will regularly update user logon information on the FortiGate unit.
D. FSAE Domain ollector Agent will retrieve user information from the the FSAE Domain ollector Agent and will sent the user logon information to the FortiGate unit.
E. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.
Answer: D

Q: 4
When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions?
A. Static
B. Round robin
C. Weighted round robin
D. Least connected
Answer: C

Q: 5
The following diagnostic output is displayed in the CLI:
Diag firewall auth list
Policy id: 9, src:, action: timeout: 13427
User: fortielient_chk_only, group:
Flag (80020): auth timeout_ext,flag2 (40): exact
Group id: 0, av group: 0
---- 1 listed, 0 filtered -------
Based on this output, which of the following statements is correct?
A. firewall policy 9 has endpoint compliance enabled but not firewall authentication
B. The client checks that is part of an SSL VPN connection attempt failed.
C. This user has been associated with a guest profile as evidenced by the group id of 0.
D. An suth-keepalive value has been enabled.
Answer: A

© 2014, All Rights Reserved