Download Fortinet FCNSP.v4 Dumps Latest Version Right Now From Braindump2go (1-10)
QUESTION 1
What are the requirements for a cluster to maintain TCP
connections after device or link failover? (Select all that apply.)
A. Enable session pick-up.
B. Only applies to connections handled
by a proxy.
C. Only applies to UDP and ICMP connections.
D. Connections must not be handled by a proxy.
Answer: AD
QUESTION 2
Two devices are in an HA cluster, the device hostnames are
STUDENT and REMOTE. Exhibit A shows the command output of ‘diag sys session
stat’ for the STUDENT device. Exhibit B shows the command output of ‘diag sys
session stat’ for the REMOTE device.
Exhibit A:
![wpsF9E3.tmp_thumb_thumb_thumb_thumb_[2]](http://examgod.com/l2pimages/14ed6e0f9221_866C/wpsF9E3.tmp_thumb_thumb_thumb_thumb_2.png "wpsF9E3.tmp_thumb_thumb_thumb_thumb_[2]")
Exhibit B:
![wps15DC.tmp_thumb_thumb_thumb_thumb_[2]](http://examgod.com/l2pimages/14ed6e0f9221_866C/wps15DC.tmp_thumb_thumb_thumb_thumb_2.png "wps15DC.tmp_thumb_thumb_thumb_thumb_[2]")
Given the information provided in the exhibits, which of the following
statements are correct? (Select all that apply.)
A. STUDENT is likely to be the master device.
B. Session-pickup is
likely to be enabled.
C. The cluster mode is definitely Active-Passive.
D. There is not enough information to determine the cluster mode.
Answer: AD
QUESTION 3
Which of the following statements are correct about the HA
diag command diagnose sys ha reset- uptime? (Select all that apply.)
A. The device this command is executed on is likely to switch from master
to slave status if master
override is disabled.
B. The device this command is executed on is likely to switch from master
to slave status if master
override is enabled.
C. This command has no impact on the HA algorithm.
D. This command resets the uptime variable used in the HA algorithm so it
may cause a new master
to become elected.
Answer: AD
QUESTION 4
In HA, the option Reserve Management Port for Cluster Member
is selected as shown in the Exhibit below.
![wps38A9.tmp_thumb_thumb_thumb_thumb_[2]](http://examgod.com/l2pimages/14ed6e0f9221_866C/wps38A9.tmp_thumb_thumb_thumb_thumb_2.png "wps38A9.tmp_thumb_thumb_thumb_thumb_[2]")
Which of the following statements are correct regarding this setting? (Select
all that apply.)
A. Interface settings on port7 will not be synchronized with other cluster
members.
B. The IP address assigned to this interface must not overlap
with the IP address subnet assigned to
another interface.
C. Port7 appears in the routing table.
D. A gateway address may be configured for port7.
E. When connecting to port7 you always connect to the master device.
Answer: AD
QUESTION 5
Review the IPsec diagnostics output of the command diag vpn
tunnel list shown in the Exhibit below.
![wps6787.tmp_thumb_thumb_thumb_thumb_[1]](http://examgod.com/l2pimages/14ed6e0f9221_866C/wps6787.tmp_thumb_thumb_thumb_thumb_1.png "wps6787.tmp_thumb_thumb_thumb_thumb_[1]")
Which of the following statements are correct regarding this output? (Select
all that apply.)
A. The connecting client has been allocated address 172.20.1.1.
B. In the Phase 1 settings, dead peer detection is enabled.
C. The tunnel is
idle.
D. The connecting client has been allocated address 10.200.3.1.
Answer: AB
QUESTION 6
Examine the Exhibit shown below; then answer the question
following it.
![wps8757.tmp_thumb_thumb_thumb_thumb_[2]](http://examgod.com/l2pimages/14ed6e0f9221_866C/wps8757.tmp_thumb_thumb_thumb_thumb_2.png "wps8757.tmp_thumb_thumb_thumb_thumb_[2]")
In this scenario, the Fortigate unit in Ottawa has the following routing
table:
S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2
C 172.20.167.0/24
is directly connected, port1
C 172.20.170.0/24 is directly connected, port2
Sniffer tests show that packets sent from the Source IP address 172.20.168.2
to the Destination IP address 172.20.169.2 are being dropped by the FortiGate
unit located in Ottawa. Which of the following correctly describes the cause for
the dropped packets?
A. The forward policy check.
B. The reverse path forwarding check.
C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit’s
routing table.
D. The destination workstation 172.20.169.2 does NOT have
the subnet 172.20.168.0/24 in its routing table.
Answer: B
QUESTION 7
Examine the two static routes to the same destination subnet
172.20.168.0/24 as shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 10
set device port1
next
edit 2
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 20
set device port2
next
end
Which of the following statements
correctly describes the static routing configuration provided above?
A. The FortiGate unit will evenly share the traffic to 172.20.168.0/24
through both routes.
B. The FortiGate unit will share the traffic to
172.20.168.0/24 through both routes, but the port2 route
will carry
approximately twice as much of the traffic.
C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through
port1.
D. Only the route that is using port1 will show up in the routing
table.
Answer: C
QUESTION 8
Examine the Exhibit shown below; then answer the question
following it.
The Vancouver FortiGate unit initially had the following information in its
routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C
172.21.0.0/16 is directly connected, port2
C 172.11.11.0/24 is directly
connected, port1
Afterwards, the following static route was added:
config router static
edit 6
set dst 172.20.1.0 255.255.255.0
set
pririoty 0
set device port1
set gateway 172.11.12.1
next
end
Since this change, the new static route is NOT showing up in the routing
table. Given the information provided, which of the following describes the
cause of this problem?
A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static
route that is already in the routing
table (172.20.0.0/16), so, we need to
enable allow-subnet-overlap first.
B. The ‘gateway’ IP address is NOT in the same subnet as the IP address of
port1.
C. The priority is 0, which means that the route will remain inactive.
D. The static route configuration is missing the distance setting.
Answer: B
QUESTION 9
Examine the static route configuration shown below; then
answer the question following it.
config router static
edit 1
set
dst 172.20.1.0 255.255.255.0
set device port1
set gateway 172.11.12.1
set distance 10
set weight 5
next
edit 2
set dst 172.20.1.0
255.255.255.0
set blackhole enable
set distance 5
set weight 10
next
end
Which of the following statements correctly describes the
static routing configuration provided? (Select all that apply.)
A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate
unit.
B. As long as port1 is up, all the traffic to 172.20.1.0/24 will be
routed by the static route number 1.
If the interface port1 is down, the
traffic will be routed using the blackhole route.
C. The FortiGate unit will NOT create a session entry in the session table
when the traffic is being
routed by the blackhole route.
D. The FortiGate unit will create a session entry in the session table
when the traffic is being routed
by the blackhole route.
E. Traffic to 172.20.1.0/24 will be shared through both routes.
Answer: AC
QUESTION 10
In the case of TCP traffic, which of the following correctly
describes the routing table lookups performed by a FortiGate unit when searching
for a suitable gateway?
A. A look-up is done only when the first packet coming from the client
(SYN) arrives.
B. A look-up is done when the first packet coming from the
client (SYN) arrives, and a second is performed
when the first packet coming
from the server (SYNC/ACK) arrives.
C. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK,
ACK).
D. A look-up is always done each time a packet arrives, from either the
server or the client side.
Answer: B
Braindump2go New Released Fortinet
FCNSP.v4 Dump PDF Free Download, 131 Questions in all, Passing Your Exam 100%
Easily! http://www.braindump2go.com/fcnsp-v4.html