What is the best way to pass the Fortinet exam? (First: Exam practice test,
Second: Lead4pass Fortinet expert.) You can get free Fortinet exam practice test questions here. Or choose: https://www.leads4pass.com/fortinet.html Study hard to pass the exam easily!
Table of Contents:
- Latest Fortinet NSE4_FGT-6.0 List
- Latest Fortinet NSE5_FAZ-6.0 List
- Latest Fortinet NSE5_FMG-6.0 List
- Lead4Pass Year-round Discount Code
- What are the advantages of Lead4pass?
Latest Fortinet Exam questions
Latest Fortinet NSE4_FGT-6.0 List
[PDF] Free Fortinet NSE4_FGT-6.0 pdf dumps download from Google Drive: https://drive.google.com/open?id=1_bgeUM5wnviELHhrzxqHVomMYi6MVn24
NSE 4 Network Security Professional:https://training.fortinet.com/local/staticpage/view.php?page=nse_4
The Network Security Professional designation recognizes your ability to install and manage the day-to-day configuration, monitoring, and operation of a FortiGate device to support specific corporate network security policies.
Latest updates Fortinet NSE4 NSE4_FGT-6.0 exam practice questions
QUESTION 1
Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-
based?
A. FortiGuard Quotas
B. Static URL
C. Search engines
D. Rating option
Correct Answer: D
QUESTION 2
Which statements about a One-to-One IP pool are true? (Choose two.)
A. It is used for destination NAT.
B. It allows the fixed mapping of an internal address range to an external address range.
C. It does not use port address translation.
D. It allows the configuration of ARP replies.
Correct Answer: BC
QUESTION 3
A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default
prof_admin profile is true?
A. It can create administrator accounts with access to the same VDOM.
B. It cannot have access to more than one VDOM.
C. It can reset the password for the admin account.
D. It can upgrade the firmware on the FortiGate device.
Correct Answer: C
QUESTION 4
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable
gateway? (Choose two)
A. Lookup is done on the trust packet from the session originator
B. Lookup is done on the last packet sent from the re spender
C. Lookup is done on every packet, regardless of direction
D. Lookup is done on the trust reply packet from the re spender
Correct Answer: AB
QUESTION 5
You mc tasked to design a new IPsec deployment with the following criteria:
-There are two HQ sues that all satellite offices must connect to
-The satellite offices do not need to communicate directly with other satellite offices
-No dynamic routing will be used
-The design should minimize the number of tannels being configured.
Winch topology should be used to satisfy all of the requirements?
A. Partial mesh
B. Hub-and-spoke
C. Fully meshed
D. Redundant
Correct Answer: C
QUESTION 6
Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)
A. They can be configured in both NAT/Route and transparent operation modes.
B. They support L2TP-over-IPsec.
C. They require two firewall policies: one for each directions of traffic flow.
D. They support GRE-over-IPsec.
Correct Answer: AB
QUESTION 7
Which one of the following processes is involved in updating IPS from FortiGuard?
A. FortiGate IPS update requests are sent using UDP port 443.
B. Protocol decoder update requests are sent to service.fortiguard.net.
C. IPS signature update requests are sent to update.fortiguard.net.
D. IPS engine updates can only be obtained using push updates.
Correct Answer: C
QUESTION 8
Examine this explicit web proxy configuration:
What filter can be used u, the command diagnose sniffer packet to capture the traffic between the client and the explicit
web pray?
A. `host 10.0.0.50 and port 80\\’
B. `host 192.168.0.1 and port 80\\’
C. `host 192.168.0.2 and port 8080\\’
D. `host 10.0.50.1 and port 8080\\’
Correct Answer: B
QUESTION 9
A company needs to provide SSL VPN access to two user groups. The company also needs to display different
welcome messages on the SSL VPN login screen for both user groups. What is required in the SSL VPN configuration
to meet these requirements?
A. Different SSL VPN realms for each group.
B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.
C. Two firewall policies with different captive portals.
D. Different virtual SSL VPN IP addresses for each group.
Correct Answer: A
QUESTION 10
Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)
A. The root VDOM is the management VDOM by default.
B. A FortiGate device has 64 VDOMs, created by default.
C. Each VDOM maintains its own system time.
D. Each VDOM maintains its own routing table.
Correct Answer: AD
QUESTION 11
HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could resolve
this problem? (Choose two.)
A. Enable Allow Invalid SSL Certificates for the relevant security profile.
B. Change web browsers to one that does not support HPKP.
C. Exempt those web sites that use HPKP from full SSL inspection.
D. Install the CA certificate (that is required to verify the web server certificate) stores of users\\’ computers.
Correct Answer: BD
QUESTION 12
Examine the routing database shown in the exhibit, and then answer the following question: Which of the following
statements are correct? (Choose two.)
A. The port3 default route has the highest distance.
B. The port3 default route has the lowest metric.
C. There will be eight routes active in the routing table.
D. The port1 and port2 default routes are active in the routing table.
Correct Answer: AD
QUESTION 13
Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic.
B. They can redirect blocked requests to a specific portal.
C. They can block DNS requests to known botnet command and control servers.
D. They must be applied in firewall policies with SSL inspection enabled.
Correct Answer: CD
Full Fortinet NSE4 NSE4_FGT-6.0 exam practice questions: https://www.leads4pass.com/nse4_fgt-6-0.html (Total Questions: 127 Q&A)
Latest Fortinet NSE5_FAZ-6.0 List
[PDF] Free Fortinet NSE5_FAZ-6.0 pdf dumps download from Google Drive: https://drive.google.com/open?id=1Ma5LVUSjr9xbndOwHNItgrknfbTWo2DV
NSE 5 Network Security Analyst – NSE Institute – Fortinet:https://training.fortinet.com/local/staticpage/view.php?page=nse_5
The Network Security Analyst designation recognizes your ability to implement network security management and analytics using Fortinet security devices.
Latest updates Fortinet Network Security Analyst NSE5_FAZ-6.0 exam practice questions
QUESTION 1
On FortiAnalyzer, what is a wildcard administrator account?
A. An account that permits access to members of an LDAP group
B. An account that allows guest access with read-only privileges
C. An account that requires two-factor authentication
D. An account that validates against any user account on a FortiAuthenticator
Correct Answer: D
QUESTION 2
Which FortiAnalyzer feature allows you to retrieve the archived logs matching a specific timeframe from another
FortiAnalyzer device?
A. Log upload
B. Indicators of Compromise
C. Log forwarding an aggregation mode
D. Log fetching
Correct Answer: D
QUESTION 3
How are logs forwarded when FortiAnalyzer is using aggregation mode?
A. Logs are forwarded as they are received and content files are uploaded at a scheduled time.
B. Logs and content files are stored and uploaded at a scheduled time.
C. Logs are forwarded as they are received.
D. Logs and content files are forwarded as they are received.
Correct Answer: B
QUESTION 4
What FortiGate process caches logs when FortiAnalyzer is not reachable?
A. logfiled
B. sqlplugind
C. oftpd
D. miglogd
Correct Answer: D
QUESTION 5
How does FortiAnalyzer retrieve specific log data from the database?
A. SQL FROM statement
B. SQL GET statement
C. SQL SELECT statement
D. SQL EXTRACT statement
Correct Answer: C
QUESTION 6
View the exhibit.
Why is the total quota less than the total system storage?
A. 3.6% of the system storage is already being used.
B. Some space is reserved for system use, such as storage of compression files, upload files, and temporary report
files
C. The oftpd process has not archived the logs yet
D. The logfiled process is just estimating the total quota
Correct Answer: B
QUESTION 7
View the exhibit:
What does the 1000MB maximum for disk utilization refer to?
A. The disk quota for the FortiAnalyzer model
B. The disk quota for all devices in the ADOM
C. The disk quota for each device in the ADOM
D. The disk quota for the ADOM type
Correct Answer: B
QUESTION 8
What happens when a log file saved on FortiAnalyzer disks reaches the size specified in the device log settings?
A. The log file is stored as a raw log and is available for analytic support.
B. The log file rolls over and is archived.
C. The log file is purged from the database.
D. The log file is overwritten.
Correct Answer: B
QUESTION 9
What is the purpose of employing RAID with FortiAnalyzer?
A. To introduce redundancy to your log data
B. To provide data separation between ADOMs
C. To separate analytical and archive data
D. To back up your logs
Correct Answer: A
QUESTION 10
What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external server? (Choose
two.)
A. SFTP, FTP, or SCP server
B. Mail server
C. Output profile
D. Report scheduling
Correct Answer: AC
QUESTION 11
How can you configure FortiAnalyzer to permit administrator logins from only specific locations?
A. Use static routes
B. Use administrative profiles
C. Use trusted hosts
D. Use secure protocols
Correct Answer: C
QUESTION 12
What can the CLI command # diagnose test application oftpd 3 help you to determine?
A. What devices and IP addresses are connecting to FortiAnalyzer
B. What logs, if any, are reaching FortiAnalyzer
C. What ADOMs are enabled and configured
D. What devices are registered and unregistered
Correct Answer: A
QUESTION 13
You\\’ve moved a registered logging device out of one ADOM and into a new ADOM. What happens when you rebuild
the new ADOM database?
A. FortiAnalyzer resets the disk quota of the new ADOM to default.
B. FortiAnalyzer migrates archive logs to the new ADOM.
C. FortiAnalyzer migrates analytics logs to the new ADOM.
D. FortiAnalyzer removes analytics logs from the old ADOM.
Correct Answer: C
Full Fortinet Network Security Analyst NSE5_FAZ-6.0 exam practice questions: https://www.leads4pass.com/nse5_faz-6-0.html (Total Questions: 25 Q&A)
Latest Fortinet NSE5_FMG-6.0 List
[PDF] Free Fortinet NSE5_FMG-6.0 pdf dumps download from Google Drive: https://drive.google.com/open?id=1NiCqc0KciXtZkth6K-b9FYgImWoPfdFt
NSE 5 Network Security Analyst:https://training.fortinet.com/local/staticpage/view.php?page=nse_5
The Network Security Analyst designation recognizes your ability to implement network security management and analytics using Fortinet security devices.
Latest updates Fortinet Other Certification NSE5_FMG-6.0 exam practice questions
QUESTION 1
View the following exhibit.
Which statement is true regarding this failed installation log?
A. Policy ID 2 is installed without a source address
B. Policy ID 2 will not be installed
C. Policy ID 2 is installed in disabled state
D. Policy ID 2 is installed without a source device
Correct Answer: D
QUESTION 2
An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was
submitted by another administrator, Student. However, Trainer is unable to approve the approving a workflow session?
A. Trainer is not a part of workflow approval group
B. Trainer does not have full rights over this ADOM
C. Trainer must close Student\\’s workflow session before approving the request
D. Student, who submitted the workflow session, must first self-approve the request
Correct Answer: A
QUESTION 3
View the following exhibit.
Which one of the following statements is true regarding installation targets in use Install On column?
A. The Install On column value represents successful installation on the managed devices
B. Policy seq#3 will be installed on all managed devices and VDOMs that are listed under Installation Targets
C. Policy seq#3 will be installed on the Trainer[NAT] VDOM only
D. Policy seq#3 will be not installed on any managed device
Correct Answer: B
QUESTION 4
View the following exhibit.
Which of the following statements are true if FortiManager and FortiGate are behind the NAT devices? (Choose two.)
A. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
B. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under
central management.
C. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
D. If the FGFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
Correct Answer: AD
QUESTION 5
Which of the following statements are true regarding SD-WAN Central Management? (Choose three.)
A. SD-WAN must be enabled on per-ADOM basis
B. SD-WAN settings can be installed on multiple FortiGate devices at the same time
C. You can create multiple SD-WAN interfaces per VDOM
D. When you configure an SD-WAN, you must specify at least two member interfaces.
E. The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.
Correct Answer: BCD
QUESTION 6
View the following exhibit.
What of the following statements are true regarding the output? (Choose two.)
A. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
B. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
C. The latest history for the managed FortiGate does not match with the device-level database
D. Configuration changes directly made on the FortiGate have been automatically updated to device-level database
Correct Answer: BD
QUESTION 7
Which of the following statements are true regarding ADOM revisions? (Choose two.)
A. ADOM revisions can significantly increase the size of the configuration backups.
B. ADOM revisions can save the current size of the whole ADOM
C. ADOM revisions can create System Checkpoints for the FortiManager configuration
D. ADOM revisions can save the current state of all policy packages and objects for an ADOM
Correct Answer: AD
QUESTION 8
Which of the following conditions trigger FortiManager to create a new revision history? (Choose two.)
A. When configuration revision is reverted to previous revision in the revision history
B. When FortiManager installs device-level changes to a managed device
C. When FortiManager is auto-updated with configuration changes made directly on a managed device
D. When changes to device-level database is made on FortiManager
Correct Answer: CD
QUESTION 9
View the following exhibit:
Which of the following statements are true if the scripts is executed using Remote FortiGate Directly (via CLI) option?
(Choose two.)
A. You must install these changes using Install Wizard
B. FortiGate will auto-update the FortiManager\\’s device-level database.
C. FortiManager will create a new revision history.
D. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate.
Correct Answer: BD
QUESTION 10
Which of the following statements are true regarding schedule backup of FortiManager? (Choose two.)
A. Backs up all devices and the FortiGuard database.
B. Does not back up firmware images saved on FortiManager
C. Supports FTP, SCP, and SFTP
D. Can be configured from the CLI and GUI
Correct Answer: CD
QUESTION 11
View the following exhibit.
When using Install Config option to install configuration changes to managed FortiGate, which of the following
statements are true? (Choose two.)
A. Once initiated, the install process cannot be canceled and changes will be installed on the managed device
B. Will not create new revision in the revision history
C. Installs device-level changes to FortiGate without launching the Install Wizard
D. Provides the option to preview configuration changes prior to installing them
Correct Answer: AC
QUESTION 12
View the following exhibit:
How will FortiManager try to get updates for antivirus and IPS?
A. From the list of configured override servers with ability to fall back to public FDN servers
B. From the configured override server list only
C. From the default server fdsl.fortinet.com
D. From public FDNI server with highest index number only
Correct Answer: A
QUESTION 13
What does the diagnose dvm check-integrity command do? (Choose two.)
A. Internally upgrades existing ADOMs to the same ADOM version in order to clean up and correct the ADOM syntax
B. Verifies and corrects unregistered, registered, and deleted device states
C. Verifies and corrects database schemas in all object tables
D. Verifies and corrects duplicate VDOM entries
Correct Answer: BD
Full Fortinet Other Certification NSE5_FMG-6.0 exam practice questions: https://www.leads4pass.com/nse5_fmg-6-0.html (Total Questions: 35 Q&A)
Lead4Pass Year-round Discount Code
What are the advantages of Lead4pass?
Lead4pass employs the most authoritative exam specialists from Fortinet, Cisco, CompTIA, IBM, EMC, etc. We update exam data throughout the year. Highest pass rate! We have a large user base. We are an industry leader! Choose Lead4Pass to pass the exam with ease!
Summarize:
It’s not easy to pass the Fortinet exam, but with accurate learning materials and proper practice, you can crack the exam with excellent results. https://www.leads4pass.com/fortinet.html provides you with the most relevant learning materials that you can use to help you prepare.