Latest NSE6 Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : NSE6
Exam Name : Fortinet Network Security Expert 6
Vendor Name : "Fortinet"






NSE6 Dumps NSE6 Braindumps

NSE6 Real Questions NSE6 Practice Test NSE6 Actual Questions


Fortinet


NSE6


Fortinet Network Security Expert 6


https://killexams.com/pass4sure/exam-detail/NSE6



Question: 129

Which of the following statements best describes the role of a DC agents in an FSSO DC?


  1. Captures the login events and forward them to the collector agent.

  2. Captures the user IP address and workstation name and forward that information to the FortiGate devices.

  3. Captures the login and logoff events and forward them to the collector agent.

  4. Captures the login events and forward them to the FortiGate devices.




Answer: C



Question: 130

Which of the following FSSO modes must be used for Novell eDirectory networks?


  1. Agentless polling

  2. LDAP agent

  3. eDirectory agent

  4. DC agent




Answer: C



Question: 131

In a FSSO agentless polling mode solution, where must the collector agent be?


  1. In any Windows server

  2. In any of the AD domain controllers

  3. In the master AD domain controller

  4. The FortiGate device polls the AD domain controllers




Answer: D



Question: 132

Which of the following statements are characteristics of a FSSO solution using advanced access mode? (Choose three.)


  1. Protection profiles can be applied to both individual users and user groups

  2. Nested or inherited groups are supported

  3. Usernames follow the LDAP convention: CN=User, OU=Name, DC=Domain

  4. Usernames follow the Windows convention: Domain\username

  5. Protection profiles can be applied to user groups only.




Answer: B, C, E



Question: 133

Which of the following FSSO agents are required for a DC agent mode solution? (Choose two.)


  1. FSSO agent

  2. DC agent

  3. Collector agent

  4. Radius server




Answer: B, C



Question: 134

In a FSSO agent mode solution, how does the FSSO collector agent learn each IP address?


  1. The DC agents get each user IP address from the event logs and forward that information to the collector agent

  2. The collector agent does not know, and does not need, each user IP address. Only workstation names are known by the collector agent.

  3. The collector agent frequently polls the AD domain controllers to get each user IP address.

  4. The DC agent learns the workstation name from the event logs and DNS is then used to translate those names to the respective IP addresses.




Answer: D



Question: 135

Which FSSO agents are required for a FSSO agent-based polling mode solution?


  1. Collector agent and DC agents

  2. Polling agent only

  3. Collector agent only

  4. DC agents only



Question: 136

What configuration objects are automatically added when using the FortiGate's FortiClient VPN Configurations Wizard?(Choose two)


  1. Static route

  2. Phase 1

  3. Users group

  4. Phase 2




Answer: B, D



Question: 137

Which of the following statements are correct concerning layer 2 broadcast domains in transparent mode VDOMs?(Choose two)


  1. The whole VDOM is a single broadcast domain even when multiple VLAN are used.

  2. Each VLAN is a separate broadcast domain.

  3. Interfaces configured with the same VLAN ID can belong to different broadcast domains.

  4. All the interfaces in the same broadcast domain must use the same VLAN ID.




Answer: B, C



Question: 138

Which of the following statements is correct regarding FortiGate interfaces and spanning tree protocol? (Choose Two)


  1. Only FortiGate switch interfaces Participate in spanning tree.

  2. All FortiGate interfaces in transparent mode VDOMs participate in spanning tree.

  3. All FortiGate interfaces in NAT/route mode VDOMs Participate in spanning tree.

  4. All FortiGate interfaces in transparent mode VDOMs may block or forward BPDUs.




Answer: B, D



Question: 139

On your Forti Gate 60D, you've configured firewall policies. They port forward traffic to your Linux Apache web server. Select the best way to protect your web server by using


  1. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications. Configured DLP to block HTTP GET request with credit card numbers.

  2. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications. Configure DLP to block HTTP GET with credit card numbers. Also configure a DoS policy to prevent TCP SYn floods and port scans.

  3. None. FortiGate 60D is a desktop model, which does not support IPS.

  4. Enable IPS signatures for Linux and windows servers with FTP, HTTP, TCP, and SSL protocols and Apache and PHP applications.




Answer: D



Question: 140

Which changes to IPS will reduce resource usage and improve performance? (Choose three)


  1. In custom signature, remove unnecessary keywords to reduce how far into the signature tree that FortiGate must compare in order to determine whether the packet matches.

  2. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, applications and traffic directions that are not relevant.

  3. In IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential signatures.

  4. In firewall policies where IPS is not needed, disable IPS.

  5. In firewall policies where IPS is used, enable session start logs.




Answer: A, B, D