NSE4 System and Network Administration • Complete Question Bank
Complete NSE4 System and Network Administration question bank — all 0 questions with answers and detailed explanations.
config system interface
edit "wan1"
set vdom "root"
set ip 10.0.0.1 255.255.255.0
set allowaccess ping https ssh
set type wan
set role wan
set snmp-index 1
next
endconfig firewall policy
edit 1
set srcintf "internal"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
endRefer to the exhibit.
config router static
edit 1
set device port1
set gateway 203.0.113.1
set dst 0.0.0.0 0.0.0.0
set distance 10
next
edit 2
set device port2
set gateway 10.0.0.1
set dst 0.0.0.0 0.0.0.0
set distance 20
next
endA medium-sized enterprise has a FortiGate 100F in NAT/Route mode with three interfaces: port1 (WAN, 203.0.113.1/24, gateway 203.0.113.254), port2 (internal, 192.168.1.1/24), and port3 (DMZ, 10.0.0.1/24). The internal network hosts a web server at 192.168.1.10 and a mail server at 192.168.1.20. The DMZ hosts a public web server at 10.0.0.10 and a public DNS server at 10.0.0.20. The company has a single public IP 203.0.113.1. The administrator has configured the following: - Port forwarding: external HTTP to DMZ web server (10.0.0.10:80) and external DNS to DMZ DNS server (10.0.0.20:53). - Outbound NAT (IP Pool) for internal users to 203.0.113.1. - Firewall policies allowing internal to external, DMZ to external, and external to DMZ (for forwarded services).
Users report that they can access the Internet but cannot reach the internal web server (192.168.1.10) via its public IP (203.0.113.1:80). The DMZ web server is accessible from the Internet. What is the most likely cause?
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Detects and prevents network intrusions
Identifies and controls application traffic
Blocks access to malicious or unauthorized websites
Scans and removes malware from traffic
Decrypts and inspects encrypted traffic
Drag a concept onto its matching description — or click a concept then click the description.
Scans files for malware
Controls access to URLs and web categories
Identifies and allows/denies application traffic
Detects and blocks network attacks
Decrypts encrypted traffic for inspection
You run the following command on a FortiGate:
``` diagnose sys session filter dport 443 diagnose sys session list ```
The output shows: ``` proto=6 proto_state=01 duration=3600 expire=3599 ```
What does this indicate?
You run the following diagnose command on a FortiGate and see the output:
diagnose sys session filter dport 443 diagnose sys session list
... proto=6 proto_state=01 duration=3600 expire=3599 ...
What does the 'proto_state=01' indicate?