NSE 4 Flash Cards

How are ISDB objects updated?

Via fortiguard

How can you access the Fortigate CLI via the web GUI?

Via the console widget.

Content processors handle tasks such as (4)

Virus scanning/anti-virus Encryption Decryption Attack detection

What are the four types of interface role?

WAN LAN DMZ Undefined

Are usernames and passwords case-sensitive on FortiOS?

Yes

Can quarantined IP's be be automatically brought out of this state?

Yes

Does the fortigate security fabric work when participating devices are in split-vdom mode?

Yes

Does the Fortinet Security Fabric integrate with other devices? How?

Yes, API

Can you use ISDB objects as sources or destinations in a firewall policy?

Yes, both

Can you customize administrative port numbers? If so, where in the GUI?

Yes, from system > settings

What are the default creds on a Fortigate?

admin/no password

Like all firewalls, fortigate's firewall policy evaluation logic is...

first-match

What command is entered to gather the current status of the Fortigate via CLI?

get system status

What port are package updates downloaded on?

https / tcp/443/ssl

Incoming interface and outgoing interface can be __________ or _____

interfaces or zones

A zone is a _______ grouping of __________

logical, interfaces

If split-task vdom mode is enabled on the downstream fortigate, it can only join the security fabric on the interface in its...

root VDOM

The fortigate that you are configuring the security fabric on is called the...

root fortigate

What URL is contacted by the Fortigate if you choose to make live queries over HTTPS?

securewf.fortiguard.net

From which data source does the fortinet security fabric rating come from?

security audit fortiguard data

What URL does the Fortigate contact for live queries?

service.fortiguard.net

How does one disable the password reset account?

set admin-maintainer disable

What command would someone enter to get all the attribute values for a system interface?

show full-configuration system interface <port num>

What command would someone enter to get only the non-default attribute values for a system interface?

show system interface <port num>

Where would one go to make sure their fortigate's firewall policies can reference multiple interfaces?

system > feature visibility > enable multiple interface policies

What are the credentials one would use to begin the password reset process on a Fortigate?

u: maintainer pw: bcpb<system serial number> (all letters must be upper case)

Package updates like Antivirus and IPS are downloaded from which URL, by the Fortigate?

update.fortiguard.net

What 4 steps must be taken to enable the security fabric on the root fortigate?

1) Navigate to sec fabric > settings 2) Enable fortigate telemetry on any interfaces that other fabric participants will be downstream from 3) Configure a group name for the fabric 4) Enter the fortianalyzer IP

What 3 steps must be taken to enable the security fabric on a non-root fortigate device?

1) Navigate to security fabric > settings 2) Enable 'connect to upstream fortigate' 3) Enter same group name for security fabric as was configured on root fortigate

If an administrator wanted to take automatic action against a security event, following an if/then logic, what could they use within the security fabric?

Automation Stitches

In the security fabric, how can you stop an automation stitch's trigger from notifying you constantly about a repetitive event?

Configure a minimum interval.

What access method is valid when initiating a password reset?

Console port only.

What are the three types of SPUs

Content processors (CPs) Security processors (SPs) Network processors (NPs)

What are the two main internal servers that run on a Fortigate?

DHCP DNS

What Fortigate internal-server function is enabled by default on port 1 or the 'internal' interface?

DHCP server

What 3 items does active scanning look for in the security fabric?

Device type, OS, and OS version

What does a security processor do?

Directly attached to network interfaces Increases system performance by accelerating IPS functionality

Agent-based identification within the security fabric uses which software?

FortiClient

What is Fortigate connector for Cisco ACI?

FortiOS, subset of features for Cisco ACI (north-south) data flows. Integrates physical or virtual appliance.

What 5 protocols, that are not strictly speaking administrative, are enabled or disabled in the admin protocol section of the interface config?

FortiTelemetry CAPWAP FMG-Access FTM (fortitoken mobile push access) Radius Accounting

What are the three types of Fortigates you can deploy in virtualized networks?

Fortigate VM Fortigate VMX Fortigate Connector for Cisco ACI

What two devices are at the core of the Fortinet Security Fabric?

Fortigate and Fortianalyzer

What is the FDN?

Fortiguard distribution network

What queries are made live by the Fortigate?

Fortiguard web filtering DNS filtering antispam

What are the recommended products to bring into the Fortinet Security Fabric, outside of fortigate and fortianalyzer (6)?

Fortimanager, fortiap, fortiswitch, forticlient, fortisandbox, fortimail

What are the three resolution methods on the Fortigate's internal DNS server?

Forward Non-recursive (do not attempt to contact external DNS server if cannot resolve with own zones) Recursive (if can't find in own zones, contact external DNS server)

Briefly describe the role of a Fortigate in NAT mode

Functions as a router, all interfaces have IPs, packets routed by IP

Briefly describe the role of a Fortigate in Transparent mode

Functions like a switch, interfaces have no IP addresses, cannot route packets

With which public cloud providers can you connect, with Fortigate's fabric connector?

GCP OCI AWS Azure

By default, firewall policy names are mandatory when you're configuring them on the ___. But, if you want, you can change this behavior by going to which part of the firewalls configuration?

GUI, you can change it by going to system > feature visibility

What is a DHCP reservation in Fortigate language?

IP address assignment rule

What 3 types of data go into an internet service object on a fortigate?

IP addresses, IP protocols, and port numbers

Use the following mnemonic device to list the different types of fortigate policy types: I'm Very Poised, More Loopy Doing Treks

IPv4/v6 Virtual wire pair Proxy Multicast Local in policy (source and dest is fortigate itself) DoS Traffic shaping

What function of a Fortigate helps to define interface settings that are commonly grouped together based on the interface's location in the network topology?

Interface Roles

What is ISDB? Name a few examples

Internet service database, the source of which is fortiguard Used to easily permit access to cloud applications and services through a fortigate A good example is SFB, or O365

What protocol is used by Fortigate to discover other Fortinet devices in the security fabric?

LLDP

What is one of the few disadvantages of deploying Fortigates as a VM, as opposed to their hardware counterparts?

Lack of dedicated/purpose-built hardware like SPUs/FortiASICs.

What are the three options for address assignment on an interface?

Manual (static) DHCP PPPoE

What tiers of Fortigate have dedicated management interfaces?

Mid-range and high-end only

In order, what three key pieces of information are shown in the title of a Fortigate's configuration file?

Model, firmware major version, firmware build number

What is Fortigate VMX?

Modified version of FortiOS, subset of features for VMWare NSX (east-west) data flows

What are the two modes of operation on a Fortigate?

NAT and Transparent

Can a password reset process be started remotely?

No

Can you restore an encrypted configuration file on a different Fortigate model than it was exported from?

No

Can you select multiple interfaces or 'any' interface in a firewall policy by default?

No

If a configuration backup is unencrypted, can you restore to a different model number?

No

If any internet service is specified as a source in a firewall policy, could you also specify an IP in the source field of that same policy?

No

If an Internet service is specified as the destination in a firewall policy, could you also specify a destination IP and destination service in that same policy? Why or why not?

No, because the internet service object already contains those two criteria.

Is a content processor 'bound' to an interface?

No, it sits closer to applications

Can a banned IP in the security fabric be brought out of this state automatically?

No, must be unbanned by an administrator

Do all hardware Fortigates include a CP?

No, some entry-level Fortigates do not include a CP.

Does agentless identification within the security fabric work when the fortigate and downstream device are in different subnets?

No, they have to be in the same subnet for it to work.

What 3 pieces of info does the fortimail stats widget provide?

Number of... Non-spam emails Spam emails Virus emails

What does nTurbo do?

Offloads firewall sessions that include flow-based security profiles to NP4 or NP6 network processors.

In NAT mode, all interfaces must have IP addresses if they are to be used. What is one exception to this?

One-arm sniffer mode

What does a network processor do?

Packet processing Directly attached to network interface

What four management-related protocols are enabled by default on a Fortigate?

Ping, http, https and ssh

What are your options for authorizing security fabric participants?

Pre-authorize, or authorize after they have tried to join the fabric

How does the FDN determine which server/data center to direct your Fortigate to?

Prefer DC in nearest time zone, but will adjust based on server load

If split-task vdom is enabled on the root fortigate, it can allow downstream fortigate devices to join the security fabric...

Root and fg-traffic VDOMS

For a device to participate in the security fabric, it must be authorized on a minimum of...

Root fortigate and fortianalyzer

Fortigates contain ___s, which accelerate processing of traffic as it flows through the firewall.

SPUs (security processing units)

What source criteria isn't ever considered mandatory in a firewall policy?

Source user

Where in the GUI do you navigate to if you want to see features that are hidden by default?

System > Feature visibility

What happens when you restore from a previous configuration?

The Fortigate reboots.

Which license is required for the security rating widget to work?

The security rating license

What is the password reset process for a Fortigate VM?

There is none, you must revert to a snapshot or re-provision the VM.

What is the default IP of a Fortigate out of the box?

192.168.1.99/24

What is the valid range of seconds that the passive scanning threshold can be set to?

20 - 3600 seconds

What is the default idle timeout for administrators?

5 minutes

How long do you have to enter the password reset account info after boot?

60 seconds at most

By default, how long will a Fortigate try to identify a device in the security fabric using passive scanning, before it moves to active scanning?

90 seconds

What is an interface Alias?

A friendly descriptor for the interface.

Briefly describe what the Fortinet Security Fabric is

A single console wherein all of the Fortinet products participating in the configured fabric can be seen, managed, orchestrated, etc.

What are the three remediation options for a quarantine automation stitch?

Access layer quarantine using FortiAP or FortiSwitch FortiClient quarantine IP Ban

What function of the Fortigate can be used to limit what portions of configuration or which VDOMs an administrator can view?

Admin profiles

The two types of device identification in the security fabric are...

Agentless Agent

What happens if nTurbo is disabled?

All sessions are processed by the regular CPU on the Fortigate.

How can you limit the IPs that a particular administrator account can log into the Fortigate from?

Trust Sources under System > Administrators

By default, is TCP or UDP used for live queries from the Fortigate? And, which ports?

UDP (53 or 8888) (proprietary protocol)