Advanced Security Technologies Beyond the Firewall Exam / NSE6 Dumps / NSE6 Exam Questions / NSE6 PDF Dumps / NSE6 VCE Dumps

100% Valid Fortinet NSE6 Dumps with VCE and PDF shared by PassLeader (Question 91 – Question 100)

PassLeader just published the NEWEST Fortinet NSE6 exam dumps! And, PassLeader offer two types of the NSE6 dumps — NSE6 VCE dumps and NSE6 PDF dumps, both VCE and PDF contain the NEWEST NSE6 exam questions, they will help you PASSING the Fortinet NSE6 exam easily! Now, get the NEWEST NSE6 dumps in VCE and PDF from PassLeaderhttp://www.passleader.com/nse6.html (145 Q&As Dumps)

What’s more, part of that PassLeader NSE6 dumps now are freehttps://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ

QUESTION 91
In a FSSO agentless polling mode solution, where must the collector agent be?

A.    In any Windows server
B.    In any of the AD domain controllers
C.    In the master AD domain controller
D.    The FortiGate device polls the AD domain controllers

Answer: D

QUESTION 92
Which of the following statements are characteristics of a FSSO solution using advanced access mode? (Choose three.)

A.    Protection profiles can be applied to both individual users and user groups
B.    Nested or inherited groups are supported
C.    Usernames follow the LDAP convention: CN=User, OU=Name, DC=Domain
D.    Usernames follow the Windows convention: Domain\username
E.    Protection profiles can be applied to user groups only

Answer: BCE

QUESTION 93
Which of the following FSSO agents are required for a DC agent mode solution? (Choose two.)

A.    FSSO agent
B.    DC agent
C.    Collector agent
D.    Radius server

Answer: BC

QUESTION 94
In a FSSO agent mode solution, how does the FSSO collector agent learn each IP address?

A.    The DC agents get each user IP address from the event logs and forward that information to the collector agent.
B.    The collector agent does not know, and does not need, each user IP address. Only workstation names are known by the collector agent.
C.    The collector agent frequently polls the AD domain controllers to get each user IP address.
D.    The DC agent learns the workstation name from the event logs and DNS is then used to translate those names to the respective IP addresses.

Answer: D

QUESTION 95
Which FSSO agents are required for a FSSO agent-based polling mode solution?

A.    Collector agent and DC agents
B.    Polling agent only
C.    Collector agent only
D.    DC agents only

Answer: A

QUESTION 96
What configuration objects are automatically added when using the FortiGate’s FortiClient VPN Configurations Wizard? (Choose two.)

A.    Static route
B.    Phase 1
C.    Users group
D.    Phase 2

Answer: BD

QUESTION 97
Which of the following statements are correct concerning layer 2 broadcast domains in transparent mode VDOMs? (Choose two.)

A.    The whole VDOM is a single broadcast domain even when multiple VLAN are used.
B.    Each VLAN is a separate broadcast domain.
C.    Interfaces configured with the same VLAN ID can belong to different broadcast domains.
D.    All the interfaces in the same broadcast domain must use the same VLAN ID.

Answer: BC

QUESTION 98
Which of the following statements is correct regarding FortiGate interfaces and spanning tree protocol? (Choose two.)

A.    Only FortiGate switch interfaces Participate in spanning tree.
B.    All FortiGate interfaces in transparent mode VDOMs participate in spanning tree.
C.    All FortiGate interfaces in NAT/route mode VDOMs Participate in spanning tree.
D.    All FortiGate interfaces in transparent mode VDOMs may block or forward BPDUs.

Answer: BD

QUESTION 99
On your FortiGate 60D, you’ve configured firewall policies. They port forward traffic to your Linux Apache web server. Select the best way to protect your web server by using the IPS engine.

A.    Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications.
Configured DLP to block HTTP GET request with credit card numbers.
B.    Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications.
Configure DLP to block HTTP GET with credit card numbers. Also configure a DoS policy to prevent TCP SYn floods and port scans.
C.    None. FortiGate 60D is a desktop model, which does not support IPS.
D.    Enable IPS signatures for Linux and windows servers with FTP, HTTP, TCP, and SSL protocols and Apache and PHP applications.

Answer: D

QUESTION 100
Which changes to IPS will reduce resource usage and improve performance? (Choose three.)

A.    In custom signature, remove unnecessary keywords to reduce how far into the signature tree that FortiGate must compare in order to determine whether the packet matches.
B.    In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, applications and traffic directions that are not relevant.
C.    In IPS filters, switch from ‘Advanced’ to ‘Basic’ to apply only the most essential signatures.
D.    In firewall policies where IPS is not needed, disable IPS.
E.    In firewall policies where IPS is used, enable session start logs.

Answer: ABD


Learning the PassLeader NSE6 dumps with VCE and PDF for 100% passing Fortinet certificationhttp://www.passleader.com/nse6.html (145 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE6 dumps for freehttps://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ