NSE4 Security Profiles • Complete Question Bank
Complete NSE4 Security Profiles question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
config firewall policy
edit 1
set name "Web Access"
set srcintf "internal"
set dstintf "wan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "HTTPS"
set ssl-ssh-profile "deep-inspection"
set utm-status enable
set av-profile "default"
set webfilter-profile "strict"
next
endRefer to the exhibit. diagnose debug application sslvpn -1 debug sslvpn error: SSL_accept failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca debug sslvpn error: SSL_accept failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
Refer to the exhibit.
config firewall policy
edit 1
set name "Web-Server"
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "10.0.1.10"
set action accept
set schedule "always"
set service "HTTPS"
set utm-status enable
set ips-sensor "High_Security_Sensor"
set application-list "Block_Social_Media"
next
endRefer to the exhibit. diagnose ips anomaly list IPS anomalies detected: 1. ICMP Flood from 10.1.1.100 to 10.2.2.200: 5000 pps (threshold: 1000 pps) 2. TCP Scan from 10.1.1.100 to 10.2.2.200: 1000 pps (threshold: 500 pps) 3. UDP Flood from 10.1.1.100 to 10.2.2.200: 3000 pps (threshold: 2000 pps)
Refer to the exhibit.
```
config firewall ssl-ssh-profile
edit "deep-inspection"
set caname "Fortinet_CA_SSL"
config https
set ports 443
set status deep-inspection
end
set untrusted-caname ""
set whitelist-mode disable
next
end
```Refer to the exhibit.
config ips sensor
edit "sensor1"
config entries
edit 1
set severity medium
set action block
next
end
next
endRefer to the exhibit.
config firewall policy
edit 1
set name "SSL-Inspection"
set srcintf "wan1"
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "deep-inspection"
set profile-protocol-options "default"
set av-profile "default"
set webfilter-profile "default"
next
endRefer to the exhibit.
config ips sensor
edit "sensor1"
config entries
edit 1
set severity medium
set action block
next
edit 2
set severity critical
set action block
next
end
next
endDrag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Displays current system resource usage
Tests network connectivity to a host
Traces packet flow through the firewall
Displays the entire running configuration
Resets the device to factory defaults
Drag a concept onto its matching description — or click a concept then click the description.
One unit handles traffic; standby unit takes over on failure
Both units handle traffic simultaneously for load balancing
Multiple units act as a single logical firewall
Ensures active sessions are preserved after failover
FortiGate Clustering Protocol used for HA synchronization
Drag a concept onto its matching description — or click a concept then click the description.
Translates private source IP to public IP for outbound traffic
Translates public destination IP to private IP for inbound traffic
Assigns a range of ports to a private IP for NAT
Translates IPv6 traffic to IPv4 and vice versa
Translates IPv4 traffic to IPv6
Drag a concept onto its matching description — or click a concept then click the description.
Allows traffic matching the policy
Blocks traffic and sends a reset or ICMP unreachable
Routes traffic into an IPsec VPN tunnel
Routes traffic into an SSL VPN tunnel
Logs traffic without enforcing action (used for learning)