This page was exported from All The Latest MCTS Exam Questions And Answers For Free Share [ https://www.mctsdump.com ]
Export date: Thu Mar 28 20:08:44 2024 / +0000 GMT

[Mar-2016 Update] PassLeader Premium NSE4 Exam Questions For Free Reading (61-80)



Free Download New NSE4 Exam Dumps: PassLeader now supplying the new version of NSE4 VCE dumps, we ensure our 222q NSE4 exam questions are the most authoritative and valid compared with others', which will ensure your NSE4 exam 100% passing, and now we are offering the free new version VCE Player along with the VCE format 222q NSE4 braindumps, also the PDF format NSE4 practice test is available now, welcome to choose.

keywords: NSE4 exam,222q NSE4 exam dumps,222q NSE4 exam questions,NSE4 pdf dumps,NSE4 vce dumps,NSE4 practice test,NSE4 study guide,NSE 4 -- Fortinet Network Security Professional Exam

QUESTION 61
In which process states is it impossible to interrupt/kill a process? (Choose two.)

A.    S - Sleep
B.    R - Running
C.    D - Uninterruptable Sleep
D.    Z – Zombie

Answer: CD

QUESTION 62
Examine at the output below from the diagnose sys top command:
# diagnose sys top 1
Run Time: 11 days, 3 hours and 29 minutes
0U, 0N, 1S, 99I; 971T, 528F, 160KF
sshd 123 S 1.9 1.2
ipsengine 61 S < 0.0 5.2
miglogd 45 S 0.0 4.9
pyfcgid 75 S 0.0 4.5
pyfcgid 73 S 0.0 3.9
Which statements are true regarding the output above? (Choose two.)

A.    The sshd process is the one consuming most CPU.
B.    The sshd process is using 123 pages of memory.
C.    The command diagnose sys kill miglogd will restart the miglogd process.
D.    All the processes listed are in sleeping state.

Answer: AD

QUESTION 63
Examine the following output from the diagnose sys session list command:
session info: proto=6 proto_state=65 duration=3 expire=9 timeout=3600 flags=00000000 sockflag=00000000 sockport=443 av_idx=9 use=5
origin-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 13895Bps
reply-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 13895Bps
state=redir local may_dirty ndr npu nlb os rs
statistic(bytes/packets/allow_err): org=864/8/1 reply=2384/7/1 tuples=3
orgin->sink: org pre->post, reply pre->post dev=7->6/6->7 gwy=172.17.87.3/10.1.10.1
hook=post dir=org act=snat 192.168.1.110:57999->74.201.86.29:443(172.17.87.16:57999)
hook=pre dir=reply act=dnat 74.201.86.29:443->172.17.87.16:57999(192.168.1.110:57999)
hook=post dir=reply act=noop 74.201.86.29:443->192.168.1.110:57999(0.0.0.0:0)
misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=0
npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0/0
Which statements are true regarding the session above? (Choose two.)

A.    Session Time-To-Live (TTL) was configured to 9 seconds.
B.    FortiGate is doing NAT of both the source and destination IP addresses on all packets coming from the 192.168.1.110 address.
C.    The IP address 192.168.1.110 is being translated to 172.17.87.16.
D.    The FortiGate is not translating the TCP port numbers of the packets in this session.

Answer: CD

QUESTION 64
Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.)

A.    The source quick mode selector must be an IPv4 address.
B.    The destination quick mode selector must be an IPv6 address.
C.    The Local Gateway IP must be an IPv4 address.
D.    The remote gateway IP must be an IPv6 address.

Answer: BC

QUESTION 65
Which statements are true regarding IPv6 anycast addresses? (Choose two.)

A.    Multiple interfaces can share the same anycast address.
B.    They are allocated from the multicast address space.
C.    Different nodes cannot share the same anycast address.
D.    An anycast packet is routed to the nearest interface.

Answer: AD

QUESTION 66
What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.)

A.    Negotiate the encryption parameters to use.
B.    Auto-adjust the MTU setting.
C.    Autoconfigure addresses and prefixes.
D.    Determine other nodes reachability.

Answer: CD

QUESTION 67
Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor?

A.    No protection profile can be applied over the IPsec traffic.
B.    Phase-2 anti-replay must be disabled.
C.    Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6.
D.    IPsec traffic must not be inspected by any FortiGate session helper.

Answer: C

QUESTION 68
Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)

A.    Both proxy-based and flow-based inspection are supported.
B.    A replacement message cannot be presented to users when a virus has been detected.
C.    It saves CPU resources.
D.    The ingress and egress interfaces can be in different SPs.

Answer: BC

QUESTION 69
Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)

A.    Fragmented packet.
B.    Multicast packet.
C.    SCTP packet.
D.    GRE packet.

Answer: BC

QUESTION 70
Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic. What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)

A.    They are accelerated by hardware in the master unit.
B.    They are not accelerated by hardware in the master unit.
C.    They are accelerated by hardware in the slave unit.
D.    They are not accelerated by hardware in the slave unit.

Answer: AD


http://www.passleader.com/nse4.html

QUESTION 71
How is the FortiGate password recovery process?

A.    Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry.
B.    Log in through the console port using the "maintainer" account within several seconds of physically power cycling the FortiGate.
C.    Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password.
D.    Interrupt the boot sequence and restore a configuration file for which the password has been modified.

Answer: B

QUESTION 72
What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.)

A.    Conditional-forward.
B.    Forward-only.
C.    Non-recursive.
D.    Iterative.
E.    Recursive.

Answer: BCE

QUESTION 73
When creating FortiGate administrative users, which configuration objects specify the account rights?

A.    Remote access profiles.
B.    User groups.
C.    Administrator profiles.
D.    Local-in policies.

Answer: C

QUESTION 74
Which statements are true regarding the factory default configuration? (Choose three.)

A.    The default web filtering profile is applied to the first firewall policy.
B.    The `Port1' or `Internal' interface has the IP address 192.168.1.99.
C.    The implicit firewall policy action is ACCEPT.
D.    The `Port1' or `Internal' interface has a DHCP server set up and enabled (on device models that support DHCP servers).
E.    Default login uses the username: admin (all lowercase) and no password.

Answer: BDE

QUESTION 75
What methods can be used to access the FortiGate CLI? (Choose two.)

A.    Using SNMP.
B.    A direct connection to the serial console port.
C.    Using the CLI console widget in the GUI.
D.    Using RCP.

Answer: BC

QUESTION 76
What capabilities can a FortiGate provide? (Choose three.)

A.    Mail relay.
B.    Email filtering.
C.    Firewall.
D.    VPN gateway.
E.    Mail server.

Answer: BCD

QUESTION 77
Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)

A.    SNMP
B.    WINS
C.    HTTP
D.    Telnet
E.    SSH

Answer: CDE

QUESTION 78
Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit?

A.    MIB-based report uploads.
B.    SNMP access limited by access lists.
C.    Packet encryption.
D.    Running SNMP service on a non-standard port is possible.

Answer: C

QUESTION 79
What logging options are supported on a FortiGate unit? (Choose two.)

A.    LDAP
B.    Syslog
C.    FortiAnalyzer
D.    SNMP

Answer: BC

QUESTION 80
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?

A.    1
B.    2
C.    3
D.    4

Answer: C


http://www.passleader.com/nse4.html

 

 


Post date: 2016-03-29 10:41:49
Post date GMT: 2016-03-29 10:41:49
Post modified date: 2016-03-29 10:41:49
Post modified date GMT: 2016-03-29 10:41:49

Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com