Fortinet NSE 4 (Security) - 02. Firewall Policies

Ace your homework & exams now with Quizwiz!

When utilizing the Policy Lookup function in the GUI, how is a disabled policy handled?

Disabled policies are skipped

What is the policy type that checks for the anomalous patterns in the network traffic that arrives at a FortiGate interface?

DoS Policy

True/False? It is ok if a firewall policy does not have a destination interface configured as long as the source interface is configured?

False. Each policy must set a source and destination interface, even if one or both are set to any

True/False? When moving a policy up/down in the list, the Policy ID changes to match the policies position within the policy list.

False. The Policy ID does not change

True/False? When configuring a firewall policy, the Name field is required regardless of whether the policy is being configured in the GUI or the CLI?

False. The field is only required when configuring a policy in the GUI

True/False? It is possible to configure a user for the destination of a firewall policy.

False. The user identification is determined at the ingress interface

True/False? It is possible to configure both an Internet Service Object and a Service in a firewall policy?

False. These have an either/or relationship. Note: Internet Service Objects and Addresses also have an either/or relationship and cannot be configured on the same policy

True/False? When configuring schedules for firewall policies, the Pre-expiration event log setting is available for either of the Recurring or One-Time types?

False. This setting is only available when the type is set to One Time

What is the policy type that controls traffic flow through FortiGate?

Firewall Policy

What is the policy type that controls the traffic between the interfaces in a virtual wire pair?

Firewall Virtual Wire Pair Policy

Is it possible to enable unnamed policies on the GUI? If so, how?

It is possible by enabling the Allow Unnamed Policies setting on the Feature Visibility page

What does it mean if the GUI Firewall Policy option Generate Logs when Session Starts is not displayed?

It means your FortiGate does not have internal storage. Note: This setting is available in the CLI regardless

What is the policy type that controls the traffic to a FortiGate interface and can be used to restrict administrative access?

Local In Policy

What is the policy type that allows multicast packets to pass from one interface to another?

Multicast Policy

When configuring schedules for firewall policies, where are the schedules configured?

Policy & Objects > Schedules

When configuring new Internet Service Database (ISDB) Objects, what are the two types of objects available for configuration?

Predefined or Geographic Based

What are the two types of traffic shapers?

Shared and Per IP

If you configure a firewall policy with the any interface, you can view the firewall policy list only in which view?

The By Sequence view

What setting must be enabled to allow you to select multiple interfaces in a firewall policy?

The Multiple Interface Policies setting under the Feature Visibility page

When configuring schedules for firewall policies, what will happen if a schedule is configured as Recurring and the Start Time and Stop Time are identical?

The schedule will run for 24 hours

When configuring schedules for firewall policies, what will happen if a schedule is configured as Recurring and the Stop Time is earlier than the Start Time?

The stop time will occur the next day

What types of object is used to configure groups of geographical regions?

These are configured as an ISDB (Internet Service Database) Object

What is the purpose of the following commands? config system fortiguard set update-ffdb [enable | disable]

This disables ISDB updates so that they only occur during a change control window

What is the purpose of the policy lookup feature on FortiGate?

To find a matching policy based on input criteria

When configuring schedules for firewall policies, what will happen if a schedule is configured as Recurring and the All Day option is enabled?

Traffic will be allowed for 24 hours on the days selected

True/False? When configuring schedules for firewall policies schedules as One Time, the Start Date/Time must be earlier than the Stop Date/Time.

True

What are the first six traffic match criteria that FortiGate analyzes before determining if it matches a policy and further evaluation is needed?

1. Incoming interface 2. Outgoing interface 3. Source (IP address, user, internet services) 4. Destination (IP address or internet services) 5. Service (IP protocol and port number) 6. Schedule

What are the two available Firewall Policy views? Which one is the default?

1. Interface Pair View (default) 2. By Sequence

What are the three methods that a user can be authenticated when added to the source of a firewall policy?

1. Local - configured locally on FortiGate 2. Remote - LDAP, RADIUS, etc. 3. FortiGate Single Sign-On (FSSO) - retrieved from domain controller

What are the supported characters in a firewall object name?

1. Numbers 2. Letters 3. Special characters: hyphen and underscore 4. Spaces (although these should be avoided because it can make editing policies in the CLI difficult)

What are the three types of traffic shaping policies?

1. Shared policy shaping - Bandwidth management of security policies 2. Per-IP shaping - Bandwidth management of user IP addresses 3. Application control shaping - Bandwidth management by application

When creating IPv4/IPv6 consolidated firewall policies, what are the fields that cannot be shared between IPv4 and IPv6?

1. Source addresses 2. Destination addresses 3. IP pools

True/False? There is an either/or relationship between internet service objects and source address objects in firewall policies.

True. You can select either a source address or an internet service, but not both

When configuring schedules for firewall policies, what is the purpose of the Pre-expiration event log setting, which is only available for One Time types of schedules?

Turning this setting on will generate an event N number of days before the schedule expires. Note: N can be configured from 1 to 100 days using the Number of days before field


Related study sets

MM - Warm the Interior and Expel Cold

View Set

Vocabulary Workshop Level D Unit 10 Answers

View Set

Chapter 18: Emotional and Social Development in Late Adulthood

View Set

NCLEX 10000 MUSCULOSKELETAL DISORDERS

View Set