NSE6 : Fortinet Network Security Expert 6 Exam

NSE6 Dumps
NSE6 Braindumps
NSE6 Real Questions
NSE6 Practice Test
NSE6 Actual Questions


Fortinet
NSE6
Fortinet Network Security Expert 6
https://killexams.com/pass4sure/exam-detail/NSE6
QUESTION: 129
Which of the following statements best describes the role of a DC agents in an FSSO DC?
A. Captures the login events and forward them to the collector agent.
B. Captures the user IP address and workstation name and forward that information to the
FortiGate devices.
C. Captures the login and logoff events and forward them to the collector agent.
D. Captures the login events and forward them to the FortiGate devices.
Answer: C
QUESTION: 130
Which of the following FSSO modes must be used for Novell eDirectory networks?
A. Agentless polling
B. LDAP agent
C. eDirectory agent
D. DC agent
Answer: C
QUESTION: 131
In a FSSO agentless polling mode solution, where must the collector agent be?
A. In any Windows server
B. In any of the AD domain controllers
C. In the master AD domain controller
D. The FortiGate device polls the AD domain controllers
Answer: D
QUESTION: 132
Which of the following statements are characteristics of a FSSO solution using advanced
access mode? (Choose three.)
A. Protection profiles can be applied to both individual users and user groups
B. Nested or inherited groups are supported
C. Usernames follow the LDAP convention: CN=User, OU=Name, DC=Domain
D. Usernames follow the Windows convention: Domain\username
E. Protection profiles can be applied to user groups only.
Answer: B, C, E
QUESTION: 133
Which of the following FSSO agents are required for a DC agent mode solution? (Choose
two.)
A. FSSO agent
B. DC agent
C. Collector agent
D. Radius server
Answer: B, C
QUESTION: 134
In a FSSO agent mode solution, how does the FSSO collector agent learn each IP address?
A. The DC agents get each user IP address from the event logs and forward that
information to the collector agent
B. The collector agent does not know, and does not need, each user IP address. Only
workstation names are known by the collector agent.
C. The collector agent frequently polls the AD domain controllers to get each user IP
address.
D. The DC agent learns the workstation name from the event logs and DNS is then used to
translate those names to the respective IP addresses.
Answer: D
QUESTION: 135
Which FSSO agents are required for a FSSO agent-based polling mode solution?
A. Collector agent and DC agents
B. Polling agent only
C. Collector agent only
D. DC agents only
Answer: A
QUESTION: 136
What configuration objects are automatically added when using the FortiGate's FortiClient
VPN Configurations Wizard?(Choose two)
A. Static route
B. Phase 1
C. Users group
D. Phase 2
Answer: B, D
QUESTION: 137
Which of the following statements are correct concerning layer 2 broadcast domains in
transparent mode VDOMs?(Choose two)
A. The whole VDOM is a single broadcast domain even when multiple VLAN are used.
B. Each VLAN is a separate broadcast domain.
C. Interfaces configured with the same VLAN ID can belong to different broadcast
domains.
D. All the interfaces in the same broadcast domain must use the same VLAN ID.
Answer: B, C
QUESTION: 138
Which of the following statements is correct regarding FortiGate interfaces and spanning
tree protocol? (Choose Two)
A. Only FortiGate switch interfaces Participate in spanning tree.
B. All FortiGate interfaces in transparent mode VDOMs participate in spanning tree.
C. All FortiGate interfaces in NAT/route mode VDOMs Participate in spanning tree.
D. All FortiGate interfaces in transparent mode VDOMs may block or forward BPDUs.
Answer: B, D
QUESTION: 139
On your Forti Gate 60D, you've configured firewall policies. They port forward traffic to
your Linux Apache web server. Select the best way to protect your web server by using
the IPS engine.
A. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and
Apache applications. Configured DLP to block HTTP GET request with credit card
numbers.
B. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and
Apache applications. Configure DLP to block HTTP GET with credit card numbers. Also
configure a DoS policy to prevent TCP SYn floods and port scans.
C. None. FortiGate 60D is a desktop model, which does not support IPS.
D. Enable IPS signatures for Linux and windows servers with FTP, HTTP, TCP, and SSL
protocols and Apache and PHP applications.
Answer: D
QUESTION: 140
Which changes to IPS will reduce resource usage and improve performance? (Choose
three)
A. In custom signature, remove unnecessary keywords to reduce how far into the signature
tree that FortiGate must compare in order to determine whether the packet matches.
B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for
protocols, applications and traffic directions that are not relevant.
C. In IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential
signatures.
D. In firewall policies where IPS is not needed, disable IPS.
E. In firewall policies where IPS is used, enable session start logs.
Answer: A, B, D

User: Oliver***** If you are looking for a valid nse6 practice test and exam simulator, then Killexams.com is the ultimate source of assistance. I opted for this wonderful exam simulator and received the best training ever. It guided me through every aspect of the nse6 exam and provided the best questions and answers I have ever seen. The study guides were also very helpful.

User: Bernardo***** I found the nse6 exam to be a very difficult and challenging subject, but Killexams.com helped me to pass it. It was extraordinary to see that more component questions of the authentic exams had been provided daily by the site. To prepare for the exam, I reviewed the questions and answers from Killexams.com and was able to score 91% with 58 questions in 90 minutes.

User: Charlotte***** I passed the NSE6 exam with 99% marks, an excellent feat considering I only had 15 days to prepare. Thanks to killexams.com and their fantastic material, even the hardest subjects became comfortable to understand. I hope their team continues to create more publications for other IT certification tests.

User: Tania***** My brother advised me to sign up with killexams.com to ensure a successful outcome in my nse6 exam. He knew that their resources were all I needed to guarantee good marks, and he was right. I followed his recommendation, and the result was a dream come true as I passed the exam with flying colors. Thank you, killexams.com!

User: Anne***** Unlike other online practice tests that are often posted by irresponsible individuals, killexams.com provides valid questions and answers that help guide you through the exam preparation process. Thanks to killexams.com, I passed my fortinet network security expert 6 exam on the first try. I initially relied on free online resources and failed. But with the help of killexams.com exam simulator, I was able to pass. Thank you, killexams.com, for providing me with the confidence I need to trust your resources.

---