FCNSP by Fortinet Actual Free Exam Questions And Answers

Question 1

Which of the following statements is correct based on the firewall configuration illustrated in the exhibit?

A. A user can access the Internet using only the protocols that are supported by user
authentication.

B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access.

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.

D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication.

Discussion 0

Correct Answer: D Vote an answer

Question 2

An administrator is examining the attack logs and notices the following entry:
device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect-servers ref=http://www.fortinet.com/ids/VID100663402 msg="anomaly: tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A
Based solely upon this log message, which of the following statements is correct?

A. This attack was blocked by the HTTP protocol decoder.

B. This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit.

C. The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold.

D. This attack was caught by the DoS sensor "protect-servers".

Discussion 0

Correct Answer: D Vote an answer

Question 3

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the DOS prompt on the PC and from
the CLI.
C:\>ping 10.0.1.1
Pinging 10.0.1.1 with 32 bytes of data:
Reply from 10.0.1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
user1 # get system interface
== [ internal ]
namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forwarD. disable typE. physical mtu-overridE. disable
== [ vlan1 ]
namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=274 msg="vd-root received a packet(proto=6, 10.0.1.130:47927->10.0.1.1:443)
from internal."
id=20085 trace_id=274 msg="allocate a new session-00000b1b"
id=20085 trace_id=274 msg="find SNAT: IP-10.0.1.1, port-43798"
id=20085 trace_id=274 msg="iprope_in_check() check failed, drop"
Based on the output from these commands, which of the following explanations is a possible cause of the problem?

A. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface.

B. There is no firewall policy allowing traffic from INTERNAL-> VLAN1.

C. The PC has an IP address in the wrong subnet.

D. The PC is using an incorrect default gateway IP address.

E. The Fortigate unit has no route back to the PC.

Discussion 0

Correct Answer: A Vote an answer

Question 4

An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121.
Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message.
Which of the following statements represents the best solution to this problem?

A. Enable the ANY service in the firewall policies for both incoming and outgoing traffic.

B. Create a new session helper for the FTP service monitoring port 2121.

C. Disable any protection profiles being applied to FTP traffic.

D. Place the client and server interface in the same zone and enable intra-zone traffic.

Discussion 0

Correct Answer: B Vote an answer

Question 5

Review the output of the command get router info routing-table database shown in the Exhibit below; then answer the question following it.

Which of the following statements are correct regarding this output? (Select all that apply).

A. There will be six routes in the routing table.

B. There will be two routes for the 10.0.2.0/24 subnet in the routing table.

C. There will be seven routes in the routing table.

D. There will be two default routes in the routing table.

Discussion 0

Correct Answer: A,D Vote an answer

Question 6

Which of the following represents the correct order of criteria used for the selection of a Master unit within a FortiGate High Availability (HA) cluster when master override is disabled?

A. 1. port monitor, 2. up time, 3. unit priority, 4. serial number

B. 1. unit priority, 2. up time, 3. port monitor, 4. serial number

C. 1. up time, 2. unit priority, 3. port monitor, 4. serial number

D. 1. port monitor, 2. unit priority, 3. up time, 4. serial number

Discussion 0

Correct Answer: A Vote an answer

Question 7

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device.
Exhibit A: Exhibit B

Which one of the following is the most likely reason that the cluster fails to form?

A. Hearbeat

B. HA mode

C. Password

D. Override

Discussion 0

Correct Answer: B Vote an answer

Question 8

Examine the static route configuration shown below; then answer the question following it.
config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next
end
Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)

A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.

B. Traffic to 172.20.1.0/24 will be shared through both routes.

C. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.

D. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.

E. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.

Discussion 0

Correct Answer: A,D Vote an answer

Question 9

Which of the following describes the difference between the ban and quarantine actions?

A. A ban action prevents future transactions using the same protocol which triggered the ban. A qarantine action blocks all future transactions, regardless of the protocol.

B. A ban action is used for known users. A quarantine action is used for unknown users.

C. A ban action has a finite duration. A quarantine action must be removed by an administrator.

D. A ban action blocks the transaction. A quarantine action archives the data.

Discussion 0

Correct Answer: A Vote an answer

Question 10

What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?

A. The maximum length of time a session can be open is 1800 seconds.

B. Sessions can be idle for no more than 1800 seconds.

C. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.

D. After 1800 seconds, the end user must reauthenticate.

Discussion 0

Correct Answer: B Vote an answer

Fortinet Certified Network Security Professional (FCNSP v4.2) - FCNSP Exam Practice Test

Contact Us

Useful Links

Latest Updated