FCNSP Dumps FCNSP Braindumps

FCNSP Real Questions FCNSP Practice Test FCNSP Actual Questions


killexams.com Fortinet FCNSP


Fortinet Certified Network Security Professional


https://killexams.com/pass4sure/exam-detail/FCNSP


Given the high volume of global traffic on the network, which of the following CLI

commands will best allow the administrator to perform this troubleshooting operation?


  1. diagnose sniffer any

  2. diagnose sniffer packet dmz “”3

  3. diagnose sniffer packet any “host 192.168.1.100” and host 192.168.10.100 “3

  4. diagnose sniffer packet any “host 192.168.1.100” and host 192.168.10.100 “4


Answer: D


QUESTION: 70

Which of the following must be configured on a ForiGate unit to redirect content request to remote web cache servers?


  1. WCCP must be enabled on the interface facing the web cache.

  2. You must enabled exhibit Web-proxy on the incoming interface.

  3. WCCP must be enabled as a global setting on the FortiGate unit.

  4. MCCP must be enabled on all interface on the FortiGate unit through which HTTP traffic is passing.


Answer: B


QUESTION: 71

Both the FortiGate and FortiAnalyzer unite can notify administrators when certain alert conditions are met. Considering this, which of the following statements is NOT correct?


  1. On a FortiGate device, the alert condition is based either on the severity level or on the log type, but note on a combination of the two.

  2. On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.

  3. Only a FortiAnalyzer device can send the alert notification in the form of a syslog message.

  4. Both the FortiGate and FortiAnalyzer devices can send alert notification in the form of an email alert.


Answer: B


QUESTION: 72

Which of the following statements it correct regarding the ForiGuard ServicesWeb Filtering Override configuration as illustrated in the exhibit?


  1. Any client on the same subnet as the authenticated user in allowed to access www.yahoo.com/images/.

  2. A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site.

  3. A client with an IP of address 10.10.10.12 is allowed access to the www.yahoo.com/images/

    web site and any of its offsite URLs.

  4. A client with an IP of address 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009.


  5. Any client on the same subnet as the authenticated user in allowed to access www.yahoo.com/images/ until August 7, 2009.


Answer: D


QUESTION: 73

Bob wants to Alice a file that is encrypted using public key cryptography. Which of the following statements is correct regarding the use of public key cryptography in this scenario?


  1. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.

  2. Bob will use his public key to encrypt the file and Alice will use Bob’s private key to decrypt the file.

  3. Bob will use Alice’s public key to encrypt the file and Alice will use her private key to decrypt the file.

  4. Bob will use his public key to encrypt the file and Alice will use Alice private key to decrypt the file.

  5. Bob will use Alice’s public key to encrypt the file and Alice will use Bob’s public key to decrypt the file.


Answer: A


QUESTION: 74

An administrator is configured a DLP rule for FTP traffic. When adding the rule to a DLP sensor, the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit.


Which of the following is the best explanation for the Ban Sender action NOT being available?


  1. The Ban sender action is never available for FTP traffic.

  2. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.

  3. Firewall policy authentication is required before the Ban Sender action becomes available.

  4. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.


Answer: A


QUESTION: 75

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Option Shortest Path First (OSPF)?


  1. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors.

  2. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors.

  3. At a minimum, administrator needs to enable Redistribute RIP in the OSPF Advanced Options.

  4. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings.

  5. At a minimum, administrator needs to enable Redistribute Default in the OSPF Advanced Options.


Answer: C