Advanced Security Technologies Beyond the Firewall Exam / NSE6 Dumps / NSE6 Exam Questions / NSE6 PDF Dumps / NSE6 VCE Dumps

Recently Published Fortinet NSE6 Dumps from PassLeader with VCE and PDF (Question 11 – Question 20)

PassLeader just published the NEWEST Fortinet NSE6 exam dumps! And, PassLeader offer two types of the NSE6 dumps — NSE6 VCE dumps and NSE6 PDF dumps, both VCE and PDF contain the NEWEST NSE6 exam questions, they will help you PASSING the Fortinet NSE6 exam easily! Now, get the NEWEST NSE6 dumps in VCE and PDF from PassLeaderhttp://www.passleader.com/nse6.html (145 Q&As Dumps)

What’s more, part of that PassLeader NSE6 dumps now are freehttps://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ

QUESTION 11
When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?

A.    The name of the attribute that identifies each user (Common Name Identifier).
B.    The user account or group element names (user DN).
C.    The server secret to allow for remote queries (Primary server secret).
D.    The credentials for an LDAP administrator (password).

Answer: C

QUESTION 12
In “diag debug flow” output, you see the message “Allowed by Policy-1: SNAT”. Which is true?

A.    The packet matched the topmost policy in the list of firewall policies.
B.    The packet matched the firewall policy whose policy ID is 1.
C.    The packet matched a firewall policy, which allows the packet and skips UTM checks.
D.    The policy allowed the packet and applied session NAT.

Answer: B

QUESTION 13
Which is NOT true about the settings for an IP pool type port block allocation?

A.    A Block Size defines the number of connections.
B.    Blocks Per User defines the number of connection blocks for each user.
C.    An Internal IP Range defines the IP addresses permitted to use the pool.
D.    An External IP Range defines the IP addresses in the pool.

Answer: B

QUESTION 14
Which define device identification? (Choose two.)

A.    Device identification is enabled by default on all interfaces.
B.    Enabling a source device in a firewall policy enables device identification on the source interfaces of that policy.
C.    You cannot combine source user and source device in the same firewall policy.
D.    FortiClient can be used as an agent based device identification technique.
E.    Only agentless device identification techniques are supported.

Answer: BD

QUESTION 15
Which is true of FortiGate’s session table?

A.    NAT/PAT is shown in the central NAT table, not the session table.
B.    It shows TCP connection states.
C.    It shows IP, SSL, and HTTP sessions.
D.    It does not show UDP or ICMP connection state codes, because those protocols are connectionless.

Answer: B

QUESTION 16
Which user group types does FortiGate support for firewall authentication? (Choose three.)

A.    RSSO
B.    Firewall
C.    LDAP
D.    NTLM
E.    FSSO

Answer: ABE

QUESTION 17
Which of the following statements is true regarding the differences between route-based and policy-based IPsec VPNs? (Choose two.)

A.    The firewall policies for policy-based are bidirectional. The firewall policies for route-based are unidirectional.
B.    In policy-based VPNs the traffic crossing the tunnel must be routed to the virtual IPsec interface. In route-based, it does not.
C.    The action for firewall policies for route-based VPNs may be Accept or Deny, for policy-based VPNs it is Encrypt.
D.    Policy-based VPN uses an IPsec interface, route-based does not.

Answer: AC

QUESTION 18
Which portion of the configuration does an administrator specify the type of IPsec configuration (either policy-based or route-based)?

A.    Under the IPsec VPN global settings.
B.    Under the phase 2 settings.
C.    Under the phase 1 settings.
D.    Under the firewall policy settings.

Answer: D

QUESTION 19
Which of the following options best defines what Diffie-Hellman is?

A.    A symmetric encryption algorithm.
B.    A “key-agreement” protocol.
C.    A “Security-association-agreement” protocol.
D.    An authentication algorithm.

Answer: B

QUESTION 20
How many packets are interchanged between both IPSec ends during the negotiation of a main-mode phase 1?

A.    5
B.    3
C.    2
D.    6

Answer: D


Learning the PassLeader NSE6 dumps with VCE and PDF for 100% passing Fortinet certificationhttp://www.passleader.com/nse6.html (145 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE6 dumps for freehttps://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ