FCNSA.V5 Online Practice Questions and Answers

An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has enabled split tunneling.

Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table.

A. A route to destination matching the `WIN2K3' address object.

B. A route to the destination matching the `all' address object.

C. A default route.

D. No route is added.

Which of the following statements are correct regarding URL filtering on the FortiGate unit? (Select all that apply.)

A. The allowed actions for URL Filtering include Allow, Block and Exempt.

B. The allowed actions for URL Filtering are Allow and Block.

C. The FortiGate unit can filter URLs based on patterns using text and regular expressions.

D. Any URL accessible by a web browser can be blocked using URL Filtering.

E. Multiple URL Filter lists can be added to a single protection profile.

Which email filter is NOT available on a FortiGate device?

A. Sender IP reputation database.

B. URLs included in the body of known SPAM messages.

C. Email addresses included in the body of known SPAM messages.

D. Spam object checksums.

E. Spam grey listing.

In which order are firewall policies processed on the FortiGate unit?

A. They are processed from the top down according to their sequence number.

B. They are processed based on the policy ID number shown in the left hand column of the policy window.

C. They are processed on best match.

D. They are processed based on a priority value assigned through the priority column in the policy window.

Under the System Information widget on the dashboard, which of the following actions are available for the system configuration? (Select all that apply.)

A. Backup

B. Restore

C. Revisions

D. Export

Which of the following statements regarding the firewall policy authentication timeout is true?

A. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source IP.

B. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user's source IP after this timer has expired.

C. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source MAC.

D. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user's source MAC after this timer has expired.

Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

A. Firewall

B. Directory Service

C. Local

D. LDAP

E. PKI

Which of the following items represent the minimum configuration steps an administrator must perform to enable Data Leak Prevention for traffic flowing through the FortiGate unit? (Select all that apply.)

A. Assign a DLP sensor in a firewall policy.

B. Apply one or more DLP rules to a firewall policy.

C. Enable DLP globally using the config sys dlp command in the CLI.

D. Define one or more DLP rules.

E. Define a DLP sensor.

F. Apply a DLP sensor to a DoS sensor policy.

Which of the following is true regarding Switch Port Mode?

A. Allows all internal ports to share the same subnet.

B. Provides separate routable interfaces for each internal port.

C. An administrator can select ports to be used as a switch.

D. Configures ports to be part of the same broadcast domain.

A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?

A. SSL

B. IPSec

C. direct serial connection

D. S/MIME