FCNSP.V5 Online Practice Questions and Answers

In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit?

A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server

B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server

C. Request: Internal Host; Slave FortiGate; Internet; Web Server

D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server

In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit.

A. The HA mode changes to standalone.

B. Port3 is configured with an IP address for management access.

C. The Firewall rules are purged on the disconnected unit.

D. All other interface IP settings are maintained.

Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it.

Which of the following statements are correct regarding this configuration? (Select all that apply).

A. The Phase 2 will re-key even if there is no traffic.

B. There will be a DH exchange for each re-key.

C. The sequence number of ESP packets received from the peer will not be checked.

D. Quick mode selectors will default to those used in the firewall policy.

A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.

Which of the following items would an administrator logging in using this account NOT be able to configure?

A. Firewall addresses

B. DHCP servers

C. FortiGuard Distribution Network configuration

D. PPTP VPN configuration

What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?

A. Sessions can be idle for no more than 1800 seconds.

B. The maximum length of time a session can be open is 1800 seconds.

C. After 1800 seconds, the end user must reauthenticate.

D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.

Bob wants to send Alice a file that is encrypted using public key cryptography.

Which of the following statements is correct regarding the use of public key cryptography in this scenario?

A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.

B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file.

C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.

D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.

E. Bob will use Alice's public key to encrypt the file and Alice will use Bob's public key to decrypt the file.

Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?

A. The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out.

B. The proxy sends the file to the server while simultaneously buffering it.

C. The proxy removes the infected file from the server by sending a delete command on behalf of the client.

D. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.

An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor, the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit. Which of the following is the best explanation for the Ban Sender action NOT being available?

A. The Ban Sender action is never available for FTP traffic.

B. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.

C. Firewall policy authentication is required before the Ban Sender action becomes available.

D. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.

An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down.

Which of the following statements best describes how to resolve this issue?

A. This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user's web portal.

B. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface.

C. Check the SSL adaptor on the host machine. If necessary, uninstall and reinstall the adaptor from the tunnel mode portal.

D. Make sure that only Internet Explorer is used. All other browsers are unsupported.

Which of the following items is NOT a packet characteristic matched by a firewall service object?

A. ICMP type and code

B. TCP/UDP source and destination ports

C. IP protocol number

D. TCP sequence number