Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Fortinet FCNSP.v5 Exam -

Free FCNSP.v5 Sample Questions:

Q: 1
The following ban list entry is displayed through the CLI.
get user ban list
id cause src-ip-addr dst-ip-addr expires created
531 protect_client indefinite Wed Oec 24 :21:33 2008
Based on this command output, which of the following statements is correct?
A. The administrator has specified the Attack and Victim Address method for the quarantine.
B. This diagnostic entry results from the administrator running the diag ips log test command. This command has no effect on traffic.
C. A OLP rule has been matched.
D. An attack has been repeated more than once during the holddown period; the expiry time has been reset to indefinite.
Answer: A

Q: 2
Which of the following statements is correct regarding the NAC Quarantine feature?
A. With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and OLP.
B. NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate.
C. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.
D. If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine.
Answer: C

Q: 3
Which of the following OLP actions will override any other action?
A. Exempt
B. Quarantine Interface
C. Block
D. None
Answer: A

Q: 4
Which of the following OLP actions will always be performed if it is selected?
A. Archive
B. Quarantine Interface
C. Ban Sender
D. Block
E. None
F. Ban
G. Quarantine IP Address
Answer: A

Q: 5
The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules.
Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.)
A. Encrypted protocols can be scanned through the use of the SSL proxy.
B. OLP rules can be used to block the transmission of encrypted files.
C. Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels.
D. Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.
Answer: A,B,D

Q: 6
A OLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?
A. Any other matched OLP rules will be ignored with the exception of Archiving.
B. Future files whose characteristics match this file will bypass OLP scanning.
C. The traffic matching the OLP rule will bypass antivirus scanning.
D. The client IP address will be added to a white list.
Answer: A

Q: 7
The following diagnostic output is displayed in the CLI:
diag firewall auth list
policy iO. 9, srC., action: accept, timeout: 13427
user: forticlient_chk_only, group:
flag (80020): auth timeout_ext, flag2 (40): exact
group iO. 0, av group: 0
----- 1 listed, 0 filtered ------
Based on this output, which of the following statements is correct?
A. Firewall policy 9 has endpoint compliance enabled but not firewall authentication.
B. The client check that is part of an SSL VPN connection attempt failed.
C. This user has been associated with a guest profile as evidenced by the group id of 0.
D. An auth-keepalive value has been enabled.
Answer: A

Q: 8
Which of the following cannot be used in conjunction with the endpoint compliance check?
A. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.
B. Any form of firewall policy authentication.
C. WAN optimization.
D. Traffic shaping.
Answer: A

Q: 9
SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?
A. The file is buffered by the application proxy.
B. The file is buffered by the SSL proxy.
C. In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy.
D. No file buffering is needed since a stream-based scanning approach is used for SSL content inspection.
Answer: A

Q: 10
Which of the following statements correctly describes the deepscan option for HTTPS?
A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs.
B. Enabling deepscan will perform further checks on the server certificate.
C. Oeepscan is only applicable to mail protocols, where all IP addresses in the header are checked.
D. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection.
Answer: A

© 2014, All Rights Reserved