NSE4 7.2 Security UPDATED ACTUAL
Exam Questions and CORRECT Answers
What 2 ways does FortiGate to make SNAT? - CORRECT ANSWER - 1. Outgoing
interfaces address
2. Using an IP pool
What are the four types of IP pools? - CORRECT ANSWER - 1. Overload (default)
2. One-to-one
3. Fixed port range
4. Port block allocation
How does overload IP pool type work? - CORRECT ANSWER - It uses the addresses in
the IP pool rather than the interface's address
How does One to One IP pool type work? - CORRECT ANSWER - There is a single
mapping of an internal address to an external address.
How does Fixed port range IP pool work? - CORRECT ANSWER - It is defined a range
of external IP addresses that will be mapped to a number of internal addresses. FW calculates the
port block size and number of available port blocks.
How does Port block allocation range IP pool work? - CORRECT ANSWER - It defines
only external IPs. Each source IP address is limited to the number of blocks and ports. It is the
most flexible way to admin the addresses.
Which is the default type of VIPs? - CORRECT ANSWER - Static NAT
What are the two possible types of VIPs? - CORRECT ANSWER - 1. Static NAT
(default)
, 2. FQDN
Which IP address is used in VIPs SNAT and DNAT? - CORRECT ANSWER - The IP
defined in the VIP
What happens if port forwarding is enabled? - CORRECT ANSWER - one to one
mappong is no longer performed
If making SNAT with VIPs what thing has to be kept in mind? - CORRECT ANSWER -
SNAT is made if the VIP is referenced in an incoming firewall policy. Otherwise it uses the IP
address from the interface.
Which is the default state of central NAT? - CORRECT ANSWER - disable
What two options in the GUI are enabled once central NAT is enabled? - CORRECT
ANSWER - 1. Central SNAT
2. DNAT & Virtual IPs
True or false. Central NAT can be enabled by GUI or CLI? - CORRECT ANSWER - true
True or false. Does central NAT behaves like an firewall policy? - CORRECT ANSWER -
true
What are the matching criteria for SNAT policies? - CORRECT ANSWER - 1. Incoming
interfaces
2. Outgoing interfaces
3. Source address
4. Protocol
5. Source port (explicit port mapping)
Exam Questions and CORRECT Answers
What 2 ways does FortiGate to make SNAT? - CORRECT ANSWER - 1. Outgoing
interfaces address
2. Using an IP pool
What are the four types of IP pools? - CORRECT ANSWER - 1. Overload (default)
2. One-to-one
3. Fixed port range
4. Port block allocation
How does overload IP pool type work? - CORRECT ANSWER - It uses the addresses in
the IP pool rather than the interface's address
How does One to One IP pool type work? - CORRECT ANSWER - There is a single
mapping of an internal address to an external address.
How does Fixed port range IP pool work? - CORRECT ANSWER - It is defined a range
of external IP addresses that will be mapped to a number of internal addresses. FW calculates the
port block size and number of available port blocks.
How does Port block allocation range IP pool work? - CORRECT ANSWER - It defines
only external IPs. Each source IP address is limited to the number of blocks and ports. It is the
most flexible way to admin the addresses.
Which is the default type of VIPs? - CORRECT ANSWER - Static NAT
What are the two possible types of VIPs? - CORRECT ANSWER - 1. Static NAT
(default)
, 2. FQDN
Which IP address is used in VIPs SNAT and DNAT? - CORRECT ANSWER - The IP
defined in the VIP
What happens if port forwarding is enabled? - CORRECT ANSWER - one to one
mappong is no longer performed
If making SNAT with VIPs what thing has to be kept in mind? - CORRECT ANSWER -
SNAT is made if the VIP is referenced in an incoming firewall policy. Otherwise it uses the IP
address from the interface.
Which is the default state of central NAT? - CORRECT ANSWER - disable
What two options in the GUI are enabled once central NAT is enabled? - CORRECT
ANSWER - 1. Central SNAT
2. DNAT & Virtual IPs
True or false. Central NAT can be enabled by GUI or CLI? - CORRECT ANSWER - true
True or false. Does central NAT behaves like an firewall policy? - CORRECT ANSWER -
true
What are the matching criteria for SNAT policies? - CORRECT ANSWER - 1. Incoming
interfaces
2. Outgoing interfaces
3. Source address
4. Protocol
5. Source port (explicit port mapping)
