NSE6 : Fortinet Network Security Expert 6 Exam

NSE6 Dumps
NSE6 Braindumps
NSE6 Real Questions
NSE6 Practice Test
NSE6 Actual Questions


Fortinet
NSE6
Fortinet Network Security Expert 6
https://killexams.com/pass4sure/exam-detail/NSE6
QUESTION: 129
Which of the following statements best describes the role of a DC agents in an FSSO DC?
A. Captures the login events and forward them to the collector agent.
B. Captures the user IP address and workstation name and forward that information to the
FortiGate devices.
C. Captures the login and logoff events and forward them to the collector agent.
D. Captures the login events and forward them to the FortiGate devices.
Answer: C
QUESTION: 130
Which of the following FSSO modes must be used for Novell eDirectory networks?
A. Agentless polling
B. LDAP agent
C. eDirectory agent
D. DC agent
Answer: C
QUESTION: 131
In a FSSO agentless polling mode solution, where must the collector agent be?
A. In any Windows server
B. In any of the AD domain controllers
C. In the master AD domain controller
D. The FortiGate device polls the AD domain controllers
Answer: D
QUESTION: 132
Which of the following statements are characteristics of a FSSO solution using advanced
access mode? (Choose three.)
A. Protection profiles can be applied to both individual users and user groups
B. Nested or inherited groups are supported
C. Usernames follow the LDAP convention: CN=User, OU=Name, DC=Domain
D. Usernames follow the Windows convention: Domain\username
E. Protection profiles can be applied to user groups only.
Answer: B, C, E
QUESTION: 133
Which of the following FSSO agents are required for a DC agent mode solution? (Choose
two.)
A. FSSO agent
B. DC agent
C. Collector agent
D. Radius server
Answer: B, C
QUESTION: 134
In a FSSO agent mode solution, how does the FSSO collector agent learn each IP address?
A. The DC agents get each user IP address from the event logs and forward that
information to the collector agent
B. The collector agent does not know, and does not need, each user IP address. Only
workstation names are known by the collector agent.
C. The collector agent frequently polls the AD domain controllers to get each user IP
address.
D. The DC agent learns the workstation name from the event logs and DNS is then used to
translate those names to the respective IP addresses.
Answer: D
QUESTION: 135
Which FSSO agents are required for a FSSO agent-based polling mode solution?
A. Collector agent and DC agents
B. Polling agent only
C. Collector agent only
D. DC agents only
Answer: A
QUESTION: 136
What configuration objects are automatically added when using the FortiGate's FortiClient
VPN Configurations Wizard?(Choose two)
A. Static route
B. Phase 1
C. Users group
D. Phase 2
Answer: B, D
QUESTION: 137
Which of the following statements are correct concerning layer 2 broadcast domains in
transparent mode VDOMs?(Choose two)
A. The whole VDOM is a single broadcast domain even when multiple VLAN are used.
B. Each VLAN is a separate broadcast domain.
C. Interfaces configured with the same VLAN ID can belong to different broadcast
domains.
D. All the interfaces in the same broadcast domain must use the same VLAN ID.
Answer: B, C
QUESTION: 138
Which of the following statements is correct regarding FortiGate interfaces and spanning
tree protocol? (Choose Two)
A. Only FortiGate switch interfaces Participate in spanning tree.
B. All FortiGate interfaces in transparent mode VDOMs participate in spanning tree.
C. All FortiGate interfaces in NAT/route mode VDOMs Participate in spanning tree.
D. All FortiGate interfaces in transparent mode VDOMs may block or forward BPDUs.
Answer: B, D
QUESTION: 139
On your Forti Gate 60D, you've configured firewall policies. They port forward traffic to
your Linux Apache web server. Select the best way to protect your web server by using
the IPS engine.
A. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and
Apache applications. Configured DLP to block HTTP GET request with credit card
numbers.
B. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and
Apache applications. Configure DLP to block HTTP GET with credit card numbers. Also
configure a DoS policy to prevent TCP SYn floods and port scans.
C. None. FortiGate 60D is a desktop model, which does not support IPS.
D. Enable IPS signatures for Linux and windows servers with FTP, HTTP, TCP, and SSL
protocols and Apache and PHP applications.
Answer: D
QUESTION: 140
Which changes to IPS will reduce resource usage and improve performance? (Choose
three)
A. In custom signature, remove unnecessary keywords to reduce how far into the signature
tree that FortiGate must compare in order to determine whether the packet matches.
B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for
protocols, applications and traffic directions that are not relevant.
C. In IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential
signatures.
D. In firewall policies where IPS is not needed, disable IPS.
E. In firewall policies where IPS is used, enable session start logs.
Answer: A, B, D

User: Natalie***** Thanks to the Killexams.com team, I was able to appear for the NSE6 exam with confidence, thanks to their test papers with answered solutions. Their exam papers gave me the courage to attempt the exam, and I achieved a result of 77.25%. Killexams.com is the best way to pass the NSE6 exam, and I recommend their question bank to anyone who needs to pass an exam.

User: Mohammed***** Thanks to Killexams.com, I was able to get all the information and guidance I needed to crack the nse6 exam. The website is a treasure trove of valuable information and resources that can help any student achieve success in the exam. I especially appreciated the nse6 practice software program, which outlines each subject matter and randomizes the questions to simulate the actual exam experience. The ability to get a score and evaluate myself on different parameters was extremely helpful.

User: Tassy***** Spending the majority of my time surfing the internet was a common occurrence for me. However, my time on the internet proved to be useful when I discovered Killexams.com just before my NSE6 exam. It was a great stroke of luck for me, as it helped me to test myself correctly and put up an excellent performance in the exam.

User: Gabriel***** Thanks to the accurate questions, topics, and practice courses provided by killexams.com, I managed to pass the NSE6 exam with ease. The format of the course is highly convenient, allowing you to test in different formats and exercise sessions that suit you the best. The exam simulator is a fantastic tool that completely simulates the actual exam, which is crucial for the NSE6 exam with its unique question types. I will definitely use killexams.com for my upcoming certification tests.

User: Sveta***** I prepared for nse6 with the help of Killexams.com and found that they have pretty good study materials. I can confidently take other Fortinet tests as well.

---