FCNSP by Fortinet Actual Free Exam Q&As

Question 1

A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.
Which of the following items would an administrator logging in using this account NOT be able to configure?

A. FortiGuard Distribution Network configuration B. Firewall addresses C. PPTP VPN configuration D. DHCP servers

Discussion 0

Correct Answer: A Vote an answer

Question 2

Which of the following describes the best custom signature for detecting the use of the word "Fortinet" in chat applications?

A. The sample packet trace illustrated in the exhibit provides details on the packet that requires
detection.
F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --
no_case; ) B. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --
within 20; --no_case; ) C. F-SBID( --protocol tcp; --flow from_client; --pattern "fortinet"; --no_case; ) D. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --
within 20; )

Discussion 0

Correct Answer: A Vote an answer

Question 3

Review the output of the command config router ospf shown in the Exhibit below; then answer the
question following it.

Which one of the following statements is correct regarding this output?

A. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks. B. OSPF Hello packets will be sent on all interfaces of the FortiGate device. C. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2. D. OSPF Hello packets are not sent on point-to-point networks.

Discussion 0

Correct Answer: A Vote an answer

Question 4

When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions?

A. Weighted round robin B. Static C. Least connected D. Round robin

Discussion 0

Correct Answer: B Vote an answer

Question 5

An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121.
Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message.
Which of the following statements represents the best solution to this problem?

A. Create a new session helper for the FTP service monitoring port 2121. B. Disable any protection profiles being applied to FTP traffic. C. Enable the ANY service in the firewall policies for both incoming and outgoing traffic. D. Place the client and server interface in the same zone and enable intra-zone traffic.

Discussion 0

Correct Answer: A Vote an answer

Question 6

In Transparent Mode, forward-domain is an attribute of ______________.

A. an interface B. a virtual domain C. a static route D. a firewall policy

Discussion 0

Correct Answer: A Vote an answer

Question 7

The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)

A. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit. B. An FSAE Domain Controller Agent must be installed on every domain controller. C. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit. D. An FSAE Collector Agent must be installed on every domain controller. E. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.

Discussion 0

Correct Answer: A,B Vote an answer

Question 8

Review the IKE debug output for IPsec shown in the Exhibit below.

Which one of the following statements is correct regarding this output?

A. The output captures the Dead Peer Detection messages. B. The output is a Phase 2 negotiation. C. The output captures the Dead Gateway Detection packets. D. The output is a Phase 1 negotiation.

Discussion 0

Correct Answer: A Vote an answer

Question 9

Which of the following cannot be used in conjunction with the endpoint compliance check?

A. Any form of firewall policy authentication. B. Traffic shaping. C. WAN optimization. D. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.

Discussion 0

Correct Answer: D Vote an answer

Question 10

WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?

A. The attempt will be accepted when there is a matching WAN optimization passive rule. B. The attempt will be accepted when the request comes from a known peer. C. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule. D. The attempt will be accepted when a user on the remote peer accepts the connection request.

Discussion 0

Correct Answer: C Vote an answer

Fortinet Certified Network Security Professional (FCNSP v4.2) - FCNSP Exam Practice Test