FCNSP Exam Questions

SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?

Which of the following statements correctly describes the deepscan option for HTTPS?

Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.)

When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?

When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option. What is a valid reason for using the Full Search option, instead?

Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met. Considering this, which of the following statements is NOT correct? Fort...

Which of the following report templates must be used when scheduling report generation?

In which of the following report templates would you configure the charts to be included in the report?

An administrator wishes to generate a report showing Top Traffic by service type. They notice that web traffic overwhelms the pie chart and want to exclude the web traffic from the...

An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report. Which of the following statements best describe...

A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit. Which of the following statements best describes the reason why the FortiGate 60B unit is unab...

In order to load-share traffic using multiple static routes, the routes must be configured with...

A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1...

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned thr...

If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be annou...

An administrator has formed a High Availability cluster involving two FortiGate 310B units. [Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstrea...

In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. Which of the following statements are true if the network administrator wants to ro...

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. Which of the following statements are correct regarding these VDOMs? (Select all th...

A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM...

A FortiGate unit is operating in NAT/Route mode and is configured with two Virtual LAN (VLAN) sub- interfaces added to the same physical interface. Which of the following statement...

Which of the following items is NOT a packet characteristic matched by a firewall service object?

When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server...

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 int...

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 int...

WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?

Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?

Which of the following must be configured on a FortiGate unit to redirect content requests to remote web cache servers?

Which of the following represents the method used on a FortiGate unit running FortiOS version 4.2 to apply traffic shaping to P2P traffic, such as BitTorrent?

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following stateme...

Which of the following represents the correct order of criteria used for the selection of a Master unit within a FortiGate High Availability (HA) cluster when master override is di...

In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to...

Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)

What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)

Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that app...

Which of the following statements are correct regarding Application Control?

Examine the exhibit shown below then answer the question that follows it. Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:

For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions?

How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

Examine the Exhibits shown below, then answer the question that follows. Review the following DLP Sensor (Exhibit 1): Review the following File Filter list for rule #1 (Exhibit 2):...

The eicar test virus is put into a zip archive, which is given the password of "Fortinet" in order to open the archive. Review the configuration in the exhibits shown below; then a...

With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Do...

Select the answer that describes what the CLI command diag debug authd fsso list is used for.

In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit?

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibi...

Examine the following log message for IPS and identify the valid responses below. (Select all that apply.) 2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert...

Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) config ips se...

Identify the correct properties of a partial mesh VPN deployment:

Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it. Which of the following statements are correct regarding this configuration?...

Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it. Which of the following statements are correct regarding this configuration? (Sele...