PassLeader just published the NEWEST Fortinet NSE6 exam dumps! And, PassLeader offer two types of the NSE6 dumps — NSE6 VCE dumps and NSE6 PDF dumps, both VCE and PDF contain the NEWEST NSE6 exam questions, they will help you PASSING the Fortinet NSE6 exam easily! Now, get the NEWEST NSE6 dumps in VCE and PDF from PassLeader — http://www.passleader.com/nse6.html (145 Q&As Dumps)
What’s more, part of that PassLeader NSE6 dumps now are free — https://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ
QUESTION 81
The exhibit shows a part output of the diagnostic command ‘diagnose debug application ike 255’, taken during establishment of a VPN. Which of the following statement are correct concerning this output? (Choose two.)
A. The quick mode selectors negotiated between both IPsec VPN peers is 0.0.0.0/32 for both source and destination addresses.
B. The output corresponds to a phase 2 negotiation.
C. NAT-T enabled and there is third device in the path performing NAT of the traffic between both IPsec VPN peers.
D. The IP address of the remote IPsec VPN peer is 172.20.187.114.
Answer: BD
QUESTION 82
What is required in a FortiGate configuration to have more than one dialup IPsec VPN using aggressive mode?
A. All the aggressive mode dialup VPNs MUST accept connections from the same peer ID.
B. Each peer ID MUST match the FQDN of each remote peer.
C. Each aggressive mode dialup MUST accept connections from different peer ID.
D. The peer ID setting must NOT be used.
Answer: C
QUESTION 83
Which of the following statements are correct concerning IKE mode config? (Choose two.)
A. It can dynamically assign IP addresses to IPsec VPN clients.
B. It can dynamically assign DNS settings to IPsec VPN clients.
C. It uses the ESP protocol.
D. It can be enabled in the phase 2 configuration.
Answer: AB
QUESTION 84
Which statement is correct concerning an IPsec VPN with the remote gateway setting configured as ‘Dynamic DNS’?
A. The FortiGate will accept IPsec VPN connection from any IP address.
B. The FQDN resolution of the local FortiGate IP address where the VPN is terminated must be provided by a dynamic DNS provider.
C. The FortiGate will Accept IPsec VPN connections only from IP addresses included on a dynamic DNS access list.
D. The remote gateway IP address can change dynamically.
Answer: D
QUESTION 85
Which of the following protocols are defined in the IPsec Standard? (Choose two.)
A. AH
B. GRE
C. SSL/TLS
D. ESP
Answer: AD
QUESTION 86
Which statement concerning IPS is false?
A. IPS packages contain an engine and signatures used by both IPS and other flow-based scans.
B. One-arm topology with sniffer mode improves performance of IPS blocking.
C. IPS can detect zero-day attacks.
D. The status of the last service update attempt from FortiGuard IPS is shown on System>Config>FortiGuard and in output from ‘diag autoupdate version’.
Answer: D
QUESTION 87
Which best describes the mechanism of a TCP SYN flood?
A. The attackers keeps open many connections with slow data transmission so that other clients cannot start new connections.
B. The attackers sends a packets designed to sync with the FortiGate.
C. The attacker sends a specially crafted malformed packet, intended to crash the target by exploiting its parser.
D. The attacker starts many connections, but never acknowledges to fully form them.
Answer: D
QUESTION 88
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?
A. The workstation fails to reply to the polls frequently done by the collector agent.
B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
C. The work station notifies the DC agent that the user has logged off.
D. The collector agent gets the logoff events when polling the respective domain controller.
Answer: D
QUESTION 89
Which of the following statements best describes the role of a DC agents in an FSSO DC?
A. Captures the login events and forward them to the collector agent.
B. Captures the user IP address and workstation name and forward that information to the FortiGate devices.
C. Captures the login and logoff events and forward them to the collector agent.
D. Captures the login events and forward them to the FortiGate devices.
Answer: C
QUESTION 90
Which of the following FSSO modes must be used for Novell eDirectory networks?
A. Agentless polling
B. LDAP agent
C. eDirectory agent
D. DC agent
Answer: C
Learning the PassLeader NSE6 dumps with VCE and PDF for 100% passing Fortinet certification — http://www.passleader.com/nse6.html (145 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE6 dumps for free — https://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ