NSE2 Exam

Page No |
Fortinet
NSE2 EXAM
The Evolution of Cybersecurity Exam
Product: Full File
For More Information:

https://www.dumpsplanet.com/NSE2-dumps
https://www.dumpsplanet.com
m/
Questions and Answers PDF 2/41
Product Questions: 150

Version: 6.0
Question:1
Which data center FortiGate model has 40G ports?
A. FortiGate 500D
B. FortiGate 1500D
C. FortiGate 3700D
D. FortiGate 3810D
Answer: C
Question:2
Which data center FortiGate model has 100G ports?
A. FortiGate 500D
B. FortiGate 1500D
C. FortiGate 3700D
D. FortiGate 3810D
Answer: D
Question:3
Which FortiASIC is used to accelerate firewall performance?
A. Content Processor
B. CPU
C. Network Processor
D. Switching Processor
Answer: C
Question:4
Howmanyindividual FortiGuard services are available to FortiGate

appliances?
m/
A. 4
B. 5
C. 7
D. 8
Answer: A
Question:5
Where are virtual machine firewall appliances typically deployed?
A. Campus edge
B. Data center
C. Small or branch office
D. Cloud
Answer: B
Question:6
Which FortiASIC is used to accelerate NGFW performance?
A. Content Processor
B. CPU
C. Network Processor
D. Switching Processor
Answer: A
Question:7
What integration is required for SDN Functionality?
A. Different Hypervisor Support

B. Orchestration API Support
C. Virtual machine Firewall
D. Flexible Management Software
Answer: B
Question:8
Howmany elements makeupthe High Performance Integrated Network
Security Platform?
A. 3
m/
B. 4
C. 5
D. 6
Answer: A
Question:9
What type of Firewall is used for data center north-south traffic?
A. NGFW Appliance
B. High Speed Data Center Firewall
D. UTM
Answer: B
Question: 10
A. NGFW Appliance
D. UTM
Answer: C
Question: 11
Whatlength of contract (term) options are availableforlicensing FortiGuard
and FortiCare services with a FortiGate purchase?
A. 1 year only
B. 1 and 2 yearoptions
C. 1, 2 and 3 yearoptions
D. 3 years only
Answer: B
Question: 12
Where are UTM appliances typically deployed?
A. Campus edge
B. Data center
m/
C. Small or branch office

D. Cloud
Answer: C
Question: 13
Which FortiGate modelshave been tested by NSSin 2014 for NGFW
Performance? (select all that apply)
A. FortiGate 500D
B. FortiGate 1500D
C. FortiGate 3600
D. FortiGate 3700D
Answer: B,C
Question: 14
Which of the following is the core element of the High Performance
A. Integrated Network Security Platform?

B. Threat Intelligence Services
C. Management and Analytics
D. Application and Wireless SecurityVirtualization and Cloud
E. FortiGate Firewall Platform
Answer: E
Question: 15
Which is a typical Data Center Firewall throughput range?
A. 1 - 100Mbps
B. 1- 1Gbps
C. 1- 20Gbps
D. 10 – 100Gbps
Answer: D
Question: 16
A. NGFW Appliance
m/

D. UTM
Answer: B
Question: 17
Which FortiGate models are typically used in the data center?
A. FortiGate 30-90 Series

B. FortiGate 100 – 800 Series
C. FortiGate 1000 – 3000 Series
D. FortiGate 7000 Series
Answer: C
Question: 18
How are FortiCare service prices calculated?
A. As a % ofthe software price

B. As a % of the hardware price
C. Independent of the hardware price
D. Fixed price regardless of the FortiGate model chosen
Answer: B
Question: 19
Which is a typical NGFW throughput range?
A. 1 - 100Mbps
B. 1- 1Gbps
C. 1- 20Gbps
D. 10 – 100Gbps
Answer: C
Question: 20
Which of the following is not a key FortiGate differentiator?
A. FortiGuard Threat Research & Security Updates

B. Industry Leading Price
C. Network & Security Convergence
D. Industry Leading Price/Performance
m/
Answer: B
Question: 21
FortiGate delivers 5x the performance of other NGFWs because of which technology?
A. Distributed Packet Selection

B. Content Cache Evaluation
C. Custom ASICs
Answer: C
Question: 22
The primary reason a customer would buy a Next Generation Firewall is:
A. To protect a data center from a DDoS attack.

B. To secure the enterprise edge from network-based threats.
C. To provide wireless connectivity to guest users.
Answer: B
Question: 23
What elements must you purchase to get an NGFW solution from Fortinet?
A. FortiGate model
B. FortiGuard services
C. Both FortiGate model and FortiGuard services
Answer: C
Question: 24
True or false, an NGFW canidentify an application amid the total traffic flowing
through the firewall appliance regardless of the port it uses?
A. True
B. False
Answer: A
Question: 25
m/
FortiGuard’s services receive top ratings from which independent industry test service?
A. Virus Bulletin
B. AV Comparatives
C. NSS Labs
D. All of the above
Answer: D
Question: 26
FortiGate NGFWs are available as:
A. Hardware appliances
B. Virtual appliances
C. Both hardware and virtual appliances
Answer: C
Question: 27
Which FortiGuard service is used by FortiGate NGFWs?
A. Endpoint
B. DDoS
C. IPS
D. All of the above
Answer: C
Question: 28
True or false, FortiGuard provides the NGFW services for FortiGate?
A. True
B. False
Answer: B
Question: 29
Trueor false, a top reason a customer would buy a Next Generation Firewall is toget
additional protection against advanced threats and to reduce risk of data breach:
A. True
B. False
m/
Answer: A
Question: 30
The main customer segment for Next Gen Firewalls is:
A. Enterprise
B. Data Center
C. Small/Home Office
Answer: A
Question: 31
Which of the following are feasible locations to deploy a firewall in the data center?
A. At the data centeredge

B. At the data centercore
C. Top-of-rack
D. All of the above
Answer: D
Question: 32
Which of the following is a correct statement about Virtual Domain functionality?
A. Virtual Domains are used to give hackers the appearance of firewall protection in lieu of an actual
firewall appliance
B. Virtual Domains allow a single FortiGate appliance to be divided upintomultiple logical
firewall instances that can be managed and configured independently.
C. Virtual Domains are used only when protecting virtualized servers.
Answer: B
Question: 33
Whichofthe FortiGate productlines offer NP6 ASIC acceleration, high 10GbE port density, AND high-
speed 40/100 GbE interfaces?
A. All entry-level, mid-range, and high-end FortiGate product lines

B. High-end FortiGate product lines (1000 to 5000-series)
C. Only carrier-grade FortiGate 5000-series chassis and blade solution
m/
Answer: C
Question: 34
What was a given customer scenario when high connections/second and concurrent user sessions
were important firewall performance criteria?
A. Massive numbers of mobileusers accessing data centerservicesatthesame timeduringpeak

periods
B. Online shoppers cannot check out due to poor web site design and keep logging in over and over
C. Researchers transferring very large data sets from remote scientific instruments
D. There are never scenarios where connections/sec and concurrent user sessions matter; firewall
throughput is the only thing that matters
Answer: A
Question: 35
What didseveral key industry analysts cite as aprimary reason Fortinet has ascended to be atop
vendor in carrier and enterprise data center firewalls?
A. Strong security appliance performance andprice

B. Aggressive marketing and brandingefforts
C. Direct sales channels that bypass the middleman
Answer: A
Question: 36
Which of the following statements is correct about security functions available in FortiGate data
center firewalls?
A. They deliver very high firewall throughput, but as a tradeoff do not have intrusion prevention or
antivirus functionality in thebox
B. All FortiGates offer firewall, intrusion prevention, antivirus and other security functionality built
into a common platform
C. Touse multiple security functions, multiple virtual domains mustbeconfigured - one
VDOM must be configuredforfirewall, another for intrusionprevention, etc.
Answer: B
Question: 37
Which is a correct statement about the hardware IPv6 capabilities of the latestgeneration FortiASIC
NP6 network processors?
m/
A. The FortiASIC NP6 cannot yet handle IPv6 packet forwarding

B. The FortiASIC NP6 can forward IPv6 packets, but at a slower rate than IPv4 packets
C. The FortiASIC NP6 can forward IPv6 packets at the same rate as IPv4 packets
Answer: C
Question: 38
TRUEor FALSE– For firewall throughputabove 100Gbps, customersmust always

choose achassis-based solution from vendors, because thepowerand thermal
requirements are just toomuchfor compact appliance form factors.
A. True
B. False
Answer: A
Question: 39
Thelatestgeneration FortiASIC NP6 canforward 45 million IPv4 packetspersecond
(pps). What is its IPv6 forwarding performance in comparison?
A. 1 million packets persecond

B. 4.5 million packets persecond
C. 45 million packets persecond
D. 100 million packets persecond
Answer: C
Question: 40
What is a key reason FortiGate firewalls are much more power efficient than competing vendor
solutions?
A. FortiGate firewalls use custom ASICs that consume one-tenth the power of generalpurpose Intel
CPUs
B. FortiGate firewalls offer slow networkspeedsinordertoconserve power
C. FortiGate firewalls runonbattery packstodraw less power from theplug
Answer: B
Question: 41
The primary reason a customer would buy a UTM device is:
A. To sandbox malicious threats before they are able to attack applications.
m/
B. To connect and secure small and branch office networks.

C. To provide wireless connectivity to guest users.
Answer: B
Question: 42
FortiGate appliances support which WAN connectivity technologies:
A. Cable, DSL, 3G/4G, Satellite, Dial-up

B. Only dial-up
C. Bluetooth
Answer: A
Question: 43
Trueorfalse,FortiGateappliancesprovidereducedcomplexity,simplified management
and reduced training costs?
A. True
B. False
Answer: B
Question: 44
FortiGate appliance provide which FortiGuard Services:
A. Antivirus service only

B. Antivirus and anti-spam servicesonly
C. Web filtering, antivirus and anti-spamservices
D. Web filtering, antivirus and Web application security services
Answer: C
Question: 45
True or false, a UTM’s main function is to enable 2-factor authentication for an enterprise?
A. True
B. False
Answer: A
m/
Question: 46
True or false, FortiGate appliances are used primarily to accelerate application delivery
performance?
A. True
B. False
Answer: B
Question: 47
FortiGate appliances are available as:
A. Hardware-only appliances
B. Virtual-only appliances
C. Both hardware and virtual appliances
Answer: C
Question: 48
True or false, a UTM device is needed most by organizations that need to protect Web applications?
A. True
B. False
Answer: B
Question: 49
True or false, a UTM device is needed most by organizations that need to protect against DDoS
attacks?
A. True
B. False
Answer: B
Question: 50
If a customer needs a consolidated security device including firewall, VPN, IPS, antivirus, anti-spam,
andweb filtering, toconnectandsecure small and branch office networks, they mostlikely will need:
A. A UTM appliance
m/
B. A DDoS Attack Mitigation Appliance

C. A Web Application Firewall
Answer: A
Question: 51
If an organization needs to connect and secure small and branch offices, they most likely will need:
A. A Web Application Firewall

B. A UTM device
C. 2-factor authentication
Answer: B
Question: 52
True or false, a primary reason a customer would buy a UTM device is to protect applications from
code-based vulnerabilities before they are able to attack applications?
A. True
B. False
Answer: B
Question: 53
Advanced threats focus on
A. Getting access to corporate usersemail

B. Disguising themselves in order to slip past known security detection
C. Overwhelming and consuming available internet bandwidth
D. Creating situations where services are unavailable to users
Answer: B
Question: 54
Which growing cyber challenges does a malicious hacker use to his benefit in planning an attack?
A. Growing attack surface

B. Integrated attack transit
C. Accelerated threat volume
D. All of the above
m/
Answer: D
Question: 55
True or False, FortiGuard Security Services are designed for both physical and virtual security
solutions.
A. True
B. False
Answer: B
Question: 56
The three steps in Fortinet’s Advanced Threat Protection system are:
A. Detect, analyze, share

B. Prevent, detect, mitigate
C. Block, allow, remediate
Answer: B
Question: 57
Synergistic development of your security services will deliver:
A. The most effective networkperformance

B. Layered security with noredundancy
C. Both a. and b
Answer: A
Question: 58
Trueor False , Asingle CPRLsignature can catch manyvariants of asinglemalware, including new
ones
A. True
B. False
Answer: A
Question: 59
The main purpose of the Fortinet Advanced Threat Protection system is :
m/
A. To deliver effective prevention by turning unknown threats into known threats, and providing
consistent protection globally
B. To organize security and networking products by threat category
C. To provide a set of qualifying questions on ATP attacks to our customers
Answer: A
Question: 60
Which of the below elements indicate a growing, more sophisticated cybercrime society/ecosystem?
A. Education and training

B. Storefront , Service economy
C. Specialty / Diversity
D. All of the above
Answer: D
Question: 61
Which Fortinet solution does NOT leverage FortiGuard Labs’ threat intelligence?
A. FortiGate
B. FortiSandbox
C. FortiSwitch
D. FortiMail
Answer: C
Question: 62
What is FortiGuard Labs?
A. Fortinet’s in-house security research and response team

B. A threat research team that constantly monitors the evolving threat landscape globally
C. A team that develops new adaptive defense tools to help protect against multi-vector Zero-day
attacks.
D. All of the above
Answer: D
Question: 63
What type of attack element can the Anti-spam Service help prevent?
m/
A. Creating a botnet
B. Getting control over an application
C. Serving email witha malicious link
Answer: C
Question: 64
What type of attack element can Web filtering help prevent?
A. Botnet creation
B. Manipulation of end users leading to access of malicious websites
C. Getting control over an application
Answer: B
Question: 65
What type of traffic requires an east-west security strategy?
A. Traffic between end user and the Internet

B. Traffic between applications and/or servers located within data center
C. Traffic between end user and data center resources
D. Wi-Fi traffic at data center
Answer: C
Question: 66
What type of traditional security strategy is required for traffic between the end user and the data
center resources?
A. East-West
B. Virtualization
C. Public Cloud
D. North-South
Answer: D
Question: 67
Within the SDNS framework, which layer does Fortinet's single plane of glass solution function at?
A. Data plane
B. Control plane
C. Security Plane
m/
D. Management plane
Answer: C
Question: 68
Select an example of information a virtual firewall can learn from the control plane functions.
A. A new workload VM has spun up that requires protection

B. An employee is about to leave their workstation
C. There will be a sudden burst of users togging in 30 minutes from now
D. The power supply is having voltage fluctuations
Answer: A
Question: 69
Which best describes how FortiGate is integrated with OpenStack Neutron?
A. The FortiGate Connector allows OpenStack to run as a VM within a FortiGate physical appliance.
B. The FortiGate Connector uses the ML2 plug-in interface to replace the network node within
OpenStack Neutron.
C. TheFortigate Servicemanager communicateddirectlywiththe OpenStack SDNcontroller.
The FortiGate Service manager launches a ……. OpenStack Firewall Node.
Answer: B
Question: 70
Select that Cisco SDN platform that is supported by Fortinet.
A. Cisco ACI
B. CiscoNSX
C. Cisco SDN
D. Cisco CAI
Answer: B
Question: 71
What is one type of data center technology driving the shift in focus to East-West security?
A. SDN
B. Increased Traffic
C. SAN
D. High Availability
m/
Answer: A
Question: 72
Within the SDNS framework, which layer does Fortinet's single plane of glass solution function at?
A. Security Plane
B. Management plane
C. Control plane
D. Data plane
Answer: D
Question: 73
What are the three types of Fortinet virtual appliances in the SDN security solution?
A. integrated
B. Ported
C. Private
D. Cloud
E. Hybrid
Answer: A, B,D
Question: 74
Select that Cisco SDN platform that is supported by Fortinet.
A. Cisco CAI
B. Cisco SDN
C. Cisco ACI
D. Cisco NSX
Answer: C
Question: 75
Select the Fortinet product that offers a central management component in a VMware NSX
environment to provide detection of changes such as new workloads, auto-scaling and auto-
provisioning.
A. FortiGate NSX Manager

B. FortiSDN Manager
C. FortiManager
m/
D. FortiGate VMX Service Manager
Answer: B
Question: 76
How are FortiGate VM virtual appliances licensed?
A. By number of virtual portinterfaces

B. By how it is orchestrated with an SDN platform
C. By VM with price tiers by instance size
D. FortiGate VM virtual appliances are always free
Answer: A
Question: 77
What type of traffic requires an east-west security strategy?
A. Traffic between end user and the Internet

B. Traffic between applications and/or servers located within data center
C. Wi-Fi traffic at data center
D. Traffic between end user and data center resources
Answer: A
Question: 78
Fortinet supports which three leading SDN platforms? (Select three.)
A. Openstack
B. POX
C. ONOS
D. VMwareNSX
E. Cisco ACI
Answer: C,D,E
Question: 79
What type of traffic flows over the data plane of the SDNS Framework?
A. Routing and switching table traffic

B. Storage area network traffic
C. Production network traffic
D. Network management traffic
m/
Answer: D
Question: 80
What is the definition of a virtual firewall?
A. Advanced firewall without routingcapabilities

B. Firewall engine encapsulated in a virtual machine
C. Provides layer 2 protection but not layer 3 security
D. Host-based firewall instead of network packet-based firewall
Answer: C
Question: 81
What are the benefits of SDN technologies?
A. Interoperability and standardization

B. Agility and elasticity
C. Best-of-breed and single-source supplier
D. Reduces cost and hardware independence
Answer: B
Question: 82
What granularity of micro-segmentation does FortiGate VMX integration offer in a VMware NSX
environment?
A. Only VMs on different port groups can be segmented from each other
B. Individual VMs can be segmented irrespective of physical or logical network topotogy
C. VMs on different vSwitches can be segmented from each other
D. Only VMs on different networks can be segmented from each other
Answer: B
Question: 83
Application Security is getting more difficult due to which factor(s)?
A. The use of cloud-based application hosting platforms

B. Wireless access and IPv6 addressing changes
C. The implementation of HTML5
D. Application complexity and the increasing number of applications
m/
Answer: D
Question: 84
The AppSec solution is best targeted at which segment(s)?
A. Small and medium businesses

B. Small Office/Home Office
C. Camers only
D. Mid-sized, Enterprise. MSP. and Carrierorganizations
Answer: D
Question: 85
Email security is the key functionality of which Fortinet product?
A. FortiAuthenticator
B. FortiExchange
C. FortiMail
D. FortiWeb
Answer: D
Question: 86
Which Application Solution product is placed at the front door of the data center?
A. FortiDDoS
B. ForliADC
C. FortiWeb
D. FortiManager
Answer: A
Question: 87
Which feature of the FortiADC allows users to reliably access the best performing application server?
A. Secure Traffic (SSL) offloading

B. Server Load Balancing
C. Wireless access service
D. Server Health Checking
Answer: A
m/
Question: 88
FortiMail is best used for:
A. Scanning emails for grammar and other common typos

B. Sending email to group distributionlists
C. Protecting against email-based threats including spam, phishing and malware
D. Deep inspection of email content for incorrect email addresses
Answer: C
Question: 89
For financial services, the greatest challenge that can be addressed with application security is:
A. Enabing two-factor authentication for end users

B. Providing online access for their customers with bulletproof security
C. Providing mobile device access to banking applications
D. Accessing credit cards online for payments
Answer: B
Question: 90
Which of the following is the closest competitor to Fortinet's Application Security Offerings?
A. AT&T
B. Arbor Networks
C. Kemp Technologies
D. F5
Answer: D
Question: 91
What is driving the evolving digital economy?
A. Consumer brand loyalty to trusted suppliers.

B. An increase in cybercriminal activity that demands a robust response.
C. Infrastructure evolution, evolving threat landscape, regulation, and compliance.
D. The Internet of Things and Bring-Your-Own-Device access combine to make the Internet available
from anywhere.
Answer: C
m/
Question: 92
Which three (3) of these choices represent the new ways of thinking that must be adopted to achieve
Security without Compromise? (Select three by clicking on multiple checkboxes.)
A. Complexity is the Enemy ofSecurity

B. Regulation and Compliance are Required
C. Today's Networks are Borderless
D. Slow is Broken
E. Security is Everybody's Problem
Answer:A,C,D
Question: 93
One of the major attributes of the Fortinet Security Fabric is "Scalable". Why is that important?
A. It allows bT devices to be secured.

B. It leverages threat intelligence provided by FortiGuard Labs.
C. It covers known threats as well as unknown threats.
D. It ensures that security operates at the speed of the network.
Answer: D
Question: 94
The Fortinet Security Fabric provides coverage to two common types of cloud computing
environments. One of those types is public cloud Infrastructure as a Service (laaS) providers such as
Amazon AWS and Microsoft Azure. What is the other type?
A. Cloud deployment servers such as Fog.

B. Cloud grid computing services such as BOINC or Seti@home.
C. Software as a Service (SaaS) providers such as Salesforce.com and DropBox.com.
D. "Top of Rack" orvpremise private cloud.
Answer: D
Question: 95
What is the name of the Fortinet solution which ties together Fortinet's Enterprise Firewall, Cloud
Security, Advanced Threat Protection, Application Security and Secure Access products so that they
all operate in a coordinated and cooperative manner?
m/
A. Fortinet Secure Foundation

B. Fortinet Security Fabric
C. Fortinet Security Tapestry
D. The Secure Framework
Answer: B
Question: 96
Fortinet's Secure Access Solution extends security policies to the very edge of the network and is an
active participant in which security architecture?
A. Fortinet Secure Foundation

B. Fortinet Security Fabric
C. The Secure Framework
D. Fortinet Security Tapestry
Answer: B
Question: 97
Which three of these are the business drivers for UTM Replacement? (Select three.)
A. Match the threat landscape

B. Consolidate network, web, and messagingsecurity
C. Keep up with faster networks
D. Simplify the network
E. Add integrated wireless APs
Answer:A,C,D
Question: 98
Which customer benefit occurs because the Management & Analytics solution is able to harvest the
vast telemetry from across the broad Security Fabric and analyze it through a single-point-of-
inspection? (Choose one)
m/
Select one:
A. The top priorities are easilyidentified,

B. The velocity of inbound data is increased geometrically.
C. Vast amounts of data are presented on many distinct interfaces.
D. The staffing levels in the NOC and SOC are increased.
Answer: A
Question: 99
Although the amount of work is increasing, the skills required to perform the work are increasingly
more advanced, and the sheer volume of security data generated is skyrocketing, what key resource
is not keeping pace?(Choose one)
Select one:
A. Centralized logging storage.

B. Talented security staff.
C. The backbone network.
D. Time
Answer: B
Question: 100
Which marketsegmentis FortiCloud primarily aimed at? (Choose one)

Select one:
A. Healthcare
B. Large enterprise
C. SMB
D. Distributed retail
Answer: C
Question: 101
The fact that there are elements constantly coming on and off the network, all with varying levels of
security protection, creating an attack surface that is constantly in flux, requires what kind of
analysis? (Choose one)
Select one:
A. Next-level analysis
B. Log analysis
C. SOC analysis
D. NOC analysis
m/
Answer: A
Question: 102
The Management & Analytics solutionconsists ofwhichfour Fortinetproducts?(Choosefour)
Select one ormore:
A. FortiManager
B. FortiAnalyzerv
C. FortiAuthenticator
D. FortiSIEM
E. FortiCloud
F. FortiMail
Answer:A,B,D,E
Question: 103
What are the four main usecases for the Fortinet Management& Analytics solution?(Choose four)
Select one ormore:
A. Advanced IP routing
B. Compliance & Auditing
C. Investigation & Incidence Response
D. Remote logging
E. NOC/SOC Dashboards
F. Deployment & Maintenance
Answer:B,C,E,F
Question: 104
Whatisit called when the Management & Analytics solution is used to take security data from across
the broad Security Fabric and uncover insights that cannot be seen by studying data from these
sources individually? (Choose one)
Select one:
A. Single point of inspection

B. Big data
C. Cloud analysis
D. Information overload
Answer: A
Question: 105
m/
Whichtwo Management& Analytics products are designedto simplify configuration

management? (Choose two)
Select one or more:
A. FortiAnalyzer
B. FortiSIEM
C. FortiCloud
D. FortiAuthenticator
E. FortiManager
Answer: C,E
Question: 106
Whichtwobenefitsoccurwhendeploymentandconfiguration tasks arecentralizedandautomated?
(Choose two)
Select one or more:
A. Component configurations are simplified.

B. There are fewer configuration choices.
C. There are fewer opportunities for human error.
D. Component configurations drift overtime.
E. Tasks are completed in less time,v
Answer: E
Question: 107
FortiSIEM is similar to FortiAnalyzer in that they both connect with almost every element of the
Security Fabric (FortiGate, FortiClient, FortiSandbox, FortiWeb, FortiMail, FortiProxy, FortiDDoS, and
FortiAuthenticator). What other type of devices connect with FortiSIEM? (Choose one)
Select one:
A. USB smartphone chargers

B. loT devices
C. A huge number of 3rd party devices
D. Microwave ovens
Answer: C
Question: 108
Whatdo Web Application Firewalls dothat traditional edge firewalls donot? (Choose two.)
Select one ormore:
m/
A. Maintain a blacklist of dangerous web applications.

B. Block port numbers.
C. Create a whitelist of applications over time.
D. Block protocols.
Answer: A,C
Question: 109
Whatisan application white list?
Select one:
A. A list of generic webapplications.

B. Alistofdangerous web applications.
C. Alist oflegitimate webapplications.
D. A list of all existing web applications.
Answer: C
Question: 110
Whatwas theprecursortothe Web Application Firewall?
Select one:
A. Application Firewall
B. Internet Filter
C. Web Firewall
D. Antivirus software
Answer: C
Question: 111
Whichofthefollowing can be integrated with FortiWeb? (Choose two.)
Select one ormore:
A. FortiFax
B. FortiSandbox
C. FortiPhone
D. FortiConnect
E. FortiGate
Answer: B,E
Question: 112
m/
Whatdoesa Web Application Firewall do?

Select one:
A. It monitors and blocks HTTP traffic to and from a web application.

B. It allows applications to access online content.
C. It provides a means for businesses to monitor which web applications their users are accessing.
D. It prevents applications from accessing the web at certain times of the day.
Answer: A
Question: 113
What are thebenefits of FortiMail? (Choose three.)

Select one ormore:
A. In 2020 FortiMail will add spam filters.

B. In 2019 FortiMail will add machine learning to its framework.
C. FortiMail deploys anti-virus scanners.
D. FortiMail adds threat emulation and sandboxing.
E. FortiMail integrates with firewalls and sandboxing solutions.
Answer: C, D, E
Question: 114
Whatfeature canbeaddedto Secure Email Gateway?
Select one:
A. Data Leak Prevention (DLP)

B. Distributed Leak Prevention (DLP)
C. Data Storage Processing (DSP)
D. Data Level Protection (DLP)
Answer: A
Question: 115
What is phishing?
Select one:
A. Process of scanning for network vulnerabilities.

B. Practice of tricking unsuspecting people to reveal sensitive information or to extract money.
C. Process of installing a fake firewall instance onto the network.
D. Practice of changing usercredentials.
Answer: A
m/
Question: 116
Whatarethecharacteristics of FortiMail? (Choosetwo.)

Select one ormore:
A. FortiMail is a Secure Email Gateway (SEG).

B. FortiMail is a sandboxing solution.
C. FortiMail integrates with firewalls and sandboxing solutions.
D. FortiMail is a NGFW.
Answer: A,C
Question: 117
What are spam filters?
Select one:
A. Filters that send automated responses to the sender.

B. Filters that scan the network for malware presence.
C. Spam filters identify certain words or patterns in the headers orbodies of the messages in order to
validate the email content.
D. A network component that strengthens the authentication method.
Answer: C
Question: 118
Basic cloud security can be achieved by native cloud security tools. What is a potential problem
should customers rely solely on these tools? Select one:
A. Cloud native security tools interfere with Wi-Fi applications.

B. Cloud native security tools are oft-times too complex to be correctly implemented by the
customer.
C. Cloud native security tools are too expensive.
D. Customers are sometimes not aware of the limitations of native cloud security tools.
Answer: D
Question: 119
What does SaaS mean?

Select one:
A. A behaviour often observed of teenagers toward their parents.

B. Served at another Site.
m/
C. A thick liquid served with food, usually savory dishes, to add moistness and flavour.
D. Software as a Service.
Answer: D
Question: 120
Identify thecloudservicevendorswithwhichthe Fortinet Security Fabricintegrates. {Choose three.)
Select one ormore:
A. AWSv
B. Cumulus Cloud
C. Azure
D. Google Cloud
E. Cumulonimbus Cloud
Answer:A,C,D
Question: 121
What was the reason that drove organizations from the traditional network architecture to the
cloud?
Select one:
A. The cloud allows you to move datacenters and other services to a third-party network.
B. The cloud can make network security more complicated.
C. The cloud was an alluring fad.
D. Thecost savings that arerealized whenmoving from owning expensive hardware that is only
partially utilized to renting only when needed, v
Answer: D
Question: 122
What are some of theattributesidentified withan MPLSnetwork? (Choose two.)

Select one ormore:
A. All devices are assigned digital certificates for identification purposes.

B. Built-in data protection usingencryption.
C. The datacenter is the only conduit to the internet.
D. Data packets are assigned a label and eachlabel is associated with a pre-determined path through
the network.
Answer: C,D
Question: 123
m/
What are some of the weaknesses of SD-WAN? (Choose two.)

Select one ormore:
A. There is no built-in defense against advanced cyber-attacks.

B. There is no end-to-endencryption.
C. There is no means to authenticate and trust network devices.
D. Multiple access points to the internet exposes the network to more points of attack.
Answer: A,D
Question: 124
Whatwas a major weakness of the traditional network that MPLSsolved?
Select one:
A. Device identification x
B. Latency
C. Security
D. Scalability
Answer: A
Question: 125
The traditional network that supported multiple geographic locations used dedicated high-speed
lines to send data between HO and its branches. Identify an attribute of this type of network.
Select one:
A. The data line was not shared with other organizations.

B. Very upscale.
C. Data packets were assigned a pre-determined path through the network using labels.
D. Very scalable.
Answer: C
Question: 126
Whatistheprincipal architectural difference between MPLSand SD-WAN as it affectslatency?

Select one:
A. An MPLS network uses a dedicated line, while an SD-WAN network uses the party line.
B. In an MPLS network only the datacenter has direct internet access, while in an SD-WAN network
there are multiple access points.
C. An MPLS network uses a 80 bits encryption, while SD-WAN uses 256 bit.
D. An MPLS network uses the super-duper accelerator, while SD-WAN does not.
m/
Answer: B
Question: 127
Whal is thename of the Fortinet productthat providesboth SD-WAN and NGFW security? Select
one:
A. ForitKidslnTheHall
B. FortiSandbox
C. FortiGate
D. Forti Something
Answer: B
Question: 128
The traditional network that supported multiple geographic locations used dedicated high-speed
lines to send data between HQ and its branches. Identify an attribute of this type of network.
Select one:
A. Very scalable.
B. Very upscale.
C. The data line was not shared with other organizations.
D. Data packets were assigned a pre-determined path through the network using labels.
Answer: C
Question: 129
With the rise of the Internet, what happenedto the rate that new malware variants appear? (Choose
one.)
Select one:
A. The rate stayed the same.

B. The rate increased tremendously.
C. The rate decreased.
D. The rate increased slightly.
Answer: B
Question: 130
Whatwere the early formsofendpointsecurity productsknownas?{Choose one.)
Select one:
m/
A. Antivirus software
B. Disk-infectants
C. Floppy disks
D. Sandbox
Answer: A
Question: 131
Modern endpoint solutions must identify existing, known threats. What other type of threats must
they detect? (Choose one.) Select one:
A. Hard drive crash

B. Unknown threats
C. Low battery power
D. Wi-Fi interference
Answer: B
Question: 132
Whatmethoddidtheearlyantivirus productsusetodetectmalware? (Choose one.)
Select one:
A. Compare the signature of the file with a list of known virus signatures.
B. Compare the name of the file with a list of known virus names.
C. Search for the word "virus" in the contents of the file.
D. Search for the word "virus" in the file name.
Answer: A
Question: 133
What must modern endpoint solutions do to be effective today? (Choose one.) Select one:
A. Block all network traffic.

B. Block network connections that use the IPX protocol.
C. Include a multi-language spellchecker.
D. Go beyond simple signature comparisons.
Answer: D
Question: 134
Along with firewalls, most networks rely on a set of network services to function properly or provide
different types of
m/
networksecurity functions. Which of thefollowing are examples of theseservices? (Choose three.)

Select one ormore:
A. Anti-virus
B. Network switching
C. Endpoint control
D. Application layer filtering
E. DHCP
Answer: A,C
Question: 135
Second generation firewalls were designed to add more functionality. What additional functionality
did they bring?
Select one:
A. They observe network connections over time and continuously examine conversations between
endpoints.
B. They block any conversation that uses bad language.
C. They look up the IP address of the sender to determine if the source is on a suspect network.
D. They examine packet headers to detect if the packet contains viruses.
Answer: A
Question: 136
Innetwork security, whatis the purpose ofa firewall?
Select one:
A. Control the flow of networktraffic.

B. Prevent authorized users from accessing corporate servers.
C. Limit the number of users on the network.
D. Prevent unauthorized USB devices from being plugged into a user’s endpoint
Answer: A
Question: 137
Whatworksclosely with FortiGate firewall products toprovide thehighestlevel ofnetworksecurity?
Select one:
A. NSS Labs
B. Interpol
C. FortiGuard Labs
D. Gartner
m/
Answer: C
Question: 138
Whatis the nameofthe Fortinetproductthatprovidesboth SD-WAN and NGFWsecurity?
Select one:
A. FortiGate
B.FortiSandbox
C. ForitKidsInTheHall
D. FortiSomething
Answer: A
Question: 139
Whatarethesandbox characteristics?(Choose two.)
Select one ormore:
A. Sandbox only provides completely independent IOTs protection.

B. If something unexpected or wanton happens, it affects only the sandbox.
C. Sandbox provides the full networksecurity.
D. Sandbox confines the actions of code to the sandbox device and in isolation to the rest of the
network.
Answer: B,D
Question: 140
Whatbusiness problemsis FortiSandboxtryingtosolve? (Choose two.)
Select one ormore:
A. Between security and performance, business often chooses performance.

B. Presence of malignant code that is designed to exploit a specific weakness in an OS or application.
C. Network performance tuning is needed.
D. Need for firewall protection.
Answer: B
Question: 141
Whatisthe purpose of thesandbox?

Select one:
A. To observe the activity of unknown code in a quarantined environment.
m/
B. To flag and pass the known exploit to the endpoint to handle.

C. To run the vulnerability scan on all network endpoints.
D. To stop all the BYODs networktraffic
Answer: A
Question: 142
Whathappens tothe codeif the sandbox detects thatit has malicious intent?
Select one:
A. The code is passed to FortiGate to be handled.

B. The code could beexpunged.
C. The code is registered as “malware”, and then passed to the firewall.
D. The code is flagged as a “malware” and passed to the endpoint to handle.
Answer: B
Question: 143
What is the Fortinet’s SIEM product?
A. Select one:
B. FortiSandbox
C. FortiManager
D. FortiGate
E. FortiSIEM
Answer: D
Question: 144
Pick three tasks technology needstodotosatisfy compliancerequirements? (Choose three.)

Select one ormore:
A. Monitor, correlate, and notify events in real-time.

B. Allow public access to aggregated logs.
C. Store log data for a length of time to satisfy auditing requirements.
D. Prevent employees from accessing the internet.
E. Aggregate logs from many networksources.
Answer: A,C
Question: 145
Pick three regulatory standards and acts businesses, hospitals, and other organizations must comply
m/
with? (Choose three.)

Select one or more:
A. PCI
B. XSLT
C. HIPAA
D. GDPR
E. SPML
Answer:A,C,D
Question: 146
Whatarethe problems that SIEM solves? (Choose three.)
Select one ormore:
A. Authentication methods are almostnon-existent.

B. Lack of security awareness byemployees.
C. Cyber-attacks have become more sophisticated and stealthy.
Answer: C
Question: 147
Whatisthename of Fortinet's threatintelligence service?
Select one:
A. NSE
B. Fortinet Labs
C. FortiGate Labs
D. FortiGuard Labs
Answer: D
Question: 148
Whydothevarious vendorssharetheirthreat informationwithothervendors?
Select one:
A. In case they got somethingwrong.

B. Because it's not the threat information that sets vendors apart, it's what they can do with it.
C. So they don't have to try as hard as they would otherwise.
D. For legal, non-repudiation reasons
Answer: B
m/
Question: 149
The threat intelligence service catalogs the knowledge about existing or emerging attacks, including
the specific mechanisms
of theattack, theevidence thattheattack has happened.
This is also known by which term?
Select one:
A. Intelligence Catalogs
B. Indicators of Compromise
C. Implicators of Compromise
D. Machine Learning
E. Artificial Intelligence
Answer: A
Question: 150
What security challenge was created when the malware authors began to make malware that
morphs into different forms?
Select one:
A. The one-to-one malware signature matching method no longer worked.

B. The signature lists could no longer be stored on floppy discs.
C. email phishing
Answer: A
m/

NSE2 Exam

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

NSE2 Exam

Загружено:

Авторское право:

Доступные форматы

Page No |

Product: Full File

For More Information:

Product Questions: 150

Which data center FortiGate model has 40G ports?

Which FortiASIC is used to accelerate firewall performance?

Howmanyindividual FortiGuard services are available to FortiGate

A. Different Hypervisor Support

C. Small or branch office

A. Integrated Network Security Platform?

C. Virtual machine Firewall

A. FortiGate 30-90 Series

A. As a % ofthe software price

A. FortiGuard Threat Research & Security Updates

A. Distributed Packet Selection

A. To protect a data center from a DDoS attack.

Which FortiGuard service is used by FortiGate NGFWs?

A. At the data centeredge

A. All entry-level, mid-range, and high-end FortiGate product lines

A. Massive numbers of mobileusers accessing data centerservicesatthesame timeduringpeak

A. Strong security appliance performance andprice

A. The FortiASIC NP6 cannot yet handle IPv6 packet forwarding

TRUEor FALSE– For firewall throughputabove 100Gbps, customersmust always

A. 1 million packets persecond

A. To sandbox malicious threats before they are able to attack applications.

B. To connect and secure small and branch office networks.

A. Cable, DSL, 3G/4G, Satellite, Dial-up

A. Antivirus service only

FortiGate appliances are available as:

B. A DDoS Attack Mitigation Appliance

A. A Web Application Firewall

A. Getting access to corporate usersemail

A. Growing attack surface

The three steps in Fortinet’s Advanced Threat Protection system are:

A. Detect, analyze, share

A. The most effective networkperformance

The main purpose of the Fortinet Advanced Threat Protection system is :

A. Education and training

A. Fortinet’s in-house security research and response team

A. Traffic between end user and the Internet

A. A new workload VM has spun up that requires protection

Which best describes how FortiGate is integrated with OpenStack Neutron?

A. FortiGate NSX Manager

D. FortiGate VMX Service Manager

A. By number of virtual portinterfaces

A. Traffic between end user and the Internet

A. Routing and switching table traffic

A. Advanced firewall without routingcapabilities

A. Interoperability and standardization

A. The use of cloud-based application hosting platforms

A. Small and medium businesses

A. Secure Traffic (SSL) offloading

FortiMail is best used for:

A. Scanning emails for grammar and other common typos

A. Enabing two-factor authentication for end users

What is driving the evolving digital economy?

A. Consumer brand loyalty to trusted suppliers.

A. Complexity is the Enemy ofSecurity

A. It allows bT devices to be secured.

A. Cloud deployment servers such as Fog.

A. Fortinet Secure Foundation

A. Fortinet Secure Foundation

A. Match the threat landscape