C_HRHFC_2311 by SAP Actual Free Exam Q&As

Question 1

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

A. example.com B. www.example.com/index.html C. www.example.com D. www.example.com:443

Discussion 0

Correct Answer: A,C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 2

What is a reason for triggering IPS fail open?

A. The IPS socket buffer is full and the IPS engine cannot process additional packets. B. The administrator enabled NTurbo acceleration. C. The IPS engine cannot decode a packet. D. The IPS engine is upgraded.

Discussion 0

Correct Answer: A Vote an answer

Question 3

Which two statements are true about the FGCP protocol? (Choose two.)

A. FGCP is not used when FortiGate is in transparent mode. B. FGCP is used to discover FortiGate devices in different HA groups. C. FGCP elects the primary FortiGate device. D. FGCP runs only over the heartbeat links.

Discussion 0

Correct Answer: C,D Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 4

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

A. Downstream FortiGate B. Root FortiGate C. FortiManager D. FortiAnalyzer

Discussion 0

Correct Answer: B Vote an answer

Question 5

Which statement is correct regarding the security fabric?

A. A minimum of two Fortinet devices is required. B. FortiGate Cloud cannot be used for logging purposes. C. FortiGate devices must be operating in NAT mode. D. FortiManager is one of the required member devices.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 6

Examine this output from a debug flow:

Why did the FortiGate drop the packet?

A. It failed the RPF check . B. The next-hop IP address is unreachable. C. It matched an explicitly configured firewall policy with the action DENY. D. It matched the default implicit firewall policy.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 7

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A. Universally Unique Identifier B. Log ID C. Policy ID D. Sequence ID

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 8

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

A. get system status B. get system arp C. diagnose sys top D. get system performance status

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 9

Which two statements ate true about the Security Fabric rating? (Choose two.)

A. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices. B. Many of the security issues can be fixed immediately by clicking Apply where available. C. It provides executive summaries of the four largest areas of security focus. D. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.

Discussion 0

Correct Answer: B,D Vote an answer

Question 10

Refer to the exhibit.
Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

A. The name of the firewall policy is all_users_web. B. Access to the social networking web filter category was explicitly blocked to all users. C. The action on firewall policy ID 1 is set to warning. D. Social networking web filter category is configured with the action set to authenticate.

Discussion 0

Correct Answer: D Vote an answer

Question 11

Which statement regarding the firewall policy authentication timeout is true?

A. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired. B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired. C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC. D. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

Discussion 0

Correct Answer: D Vote an answer

Question 12

Refer to the exhibits.
Exhibit A

Exhibit B

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

A. All users will be prompted for authentication, users from the Sales group can authenticate successfully with the correct credentials. B. All users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials. C. Authentication is enforced at a policy level; all users will be prompted for authentication. D. If there is a fall-through policy in place, users will not be prompted for authentication.

Discussion 0

Correct Answer: B Vote an answer

Question 13

Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0. 1. 10?

A. 10.200. 1. 100 B. 10.200. 1. 1 C. 10.200. 1. 10 D. 10.200.3. 1

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 14

Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.

Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)

A. FortiGate allocates 128 port blocks per user. B. FortiGate allocates port blocks per user, based on the configured range of internal IP addresses. C. FortiGate allocates port blocks on a first-come, first-served basis. D. FortiGate generates a system event log for every port block allocation made per user.

Discussion 0

Correct Answer: C,D Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

SAP Fortinet NSE 4 - FortiOS 7.2 - C_HRHFC_2311 Exam Practice Test