Marcos Avila
Quiz by , created more than 1 year ago

NSE4 6.0 NSE4 6.0 Quiz on NAT, created by Marcos Avila on 16/08/2018.

742
1
0
Marcos Avila
Created by Marcos Avila over 6 years ago
Close

NAT

Question 1 of 20

1

are the terms used to refer to the mechanism that allows IPv6 addressed hosts to communicate with IPv4 addressed hosts and the reverse.

Select one of the following:

  • NAT64
    NAT46

  • NAT56
    NAT65

Explanation

Question 2 of 20

1

Without the mechanism NAT64 and 46, an IPv6 node on a network, such as a corporate LAN, would not be able to communicate with a website that was in an IPv4-only environment, and IPv4 environments would not be able to connect to IPv6 networks.

Select one of the following:

  • True
  • False

Explanation

Question 3 of 20

1

is NAT between two IPv6 networks

Select one of the following:

  • NAT66

  • NAT46

  • NAT64

Explanation

Question 4 of 20

1

What is NAT used for?

Select one of the following:

  • a. Preserving IP addresses

  • b. Traffic shaping

Explanation

Question 5 of 20

1

Which statement about NAT66 is true?

Select one of the following:

  • a. It is NAT between two IPv6 networks.

  • b. It is NAT between two IPv4 networks.

Explanation

Question 6 of 20

1

are a mechanism that allow sessions leaving the FortiGate firewall to use NAT. Defines a single IP address or a range of IP addresses to be used as the source address for the duration of the session. These assigned addresses will be used instead of the IP address assigned to that FortiGate interface.

Select one of the following:

  • IP Pools

  • SNAT

  • NAT

  • PAT

Explanation

Question 7 of 20

1

There are four types of IP pools that can be configured on the FortiGate firewall:

Select one or more of the following:

  • Overload

  • One-to-one

  • Fixed port range

  • Port block allocation

  • Dynamic

  • Static

Explanation

Question 8 of 20

1

What is the default IP pool type?

Select one of the following:

  • a. One-to-one

  • b. Overload

Explanation

Question 9 of 20

1

Which of the following is the default VIP type?

Select one of the following:

  • a. static-nat

  • b. load-balance

Explanation

Question 10 of 20

1

Which one of the following statements is true?

Select one of the following:

  • a. Central NAT is not enabled by default and can only be enabled on the CLI.

  • b. Both central NAT and firewall policy NAT can be enabled together.

Explanation

Question 11 of 20

1

What happens if NAT is enabled on a firewall policy and there is no matching central SNAT policy or no central SNAT policy configured?

Select one of the following:

  • a. No NAT will be applied.

  • b. The egress interface IP will be used.

Explanation

Question 12 of 20

1

Which method would be used for advanced application tracking and control?

Select one of the following:

  • a. Session helper

  • b. Application layer gateway

Explanation

Question 13 of 20

1

Which profile is an example of application layer gateway?

Select one of the following:

  • a. WAF profile

  • b. VOIP profile

Explanation

Question 14 of 20

1

If session diagnostic output indicates that a TCP protocol state is proto_state=01, which of the following statements is true?

Select one of the following:

  • a. The session is established.

  • b. The session is not established.

Explanation

Question 15 of 20

1

An administrator wants to check the total number of TCP sessions for an IP pool named INTERNAL. Which one of the following CLI commands should the administrator use?

Select one of the following:

  • a. diagnose firewall ippool-all stats INTERNAL

  • b. diagnose firewall ippool-all list INTERNAL

Explanation

Question 16 of 20

1

Which of the following statements about NAT port exhaustion is true?

Select one of the following:

  • a. Reducing the traffic traversing the border firewall will cause NAT port exhaustion.

  • b. Increased traffic traversing the border firewall can cause NAT port exhaustion.

Explanation

Question 17 of 20

1

: Changes the IP layer address of a packet
- Some protocols, like SIP, have addresses at the application layer, requiring session helpers or proxies
-Source NAT (SNAT)
-Destination NAT (DNAT)

: Changes the IP layer port number of a packet

: mechanism that allows IPv6 addressed hosts to communicate with IPv4 addressed hosts and the reverse

- : NAT between two IPv6 networks

Drag and drop to complete the text.

    NAT
    PAT
    NAT64 and NAT46
    NAT66

Explanation

Question 18 of 20

1

When more advanced application tracking and control is required

Select one of the following:

  • an application layer gateway (ALG) can be used. The VolP profile is an example of an ALG.

  • an application layer gateway can be used. The session helpers profile is an example of an ALG.

Explanation

Question 19 of 20

1

Listen
Last_ACK
Close_Wait
Close
Time_Wait
Fin_Wait
Syn & Syn/ACK
Syn_Sent
Established
None

Drag and drop to complete the text.

    9
    8
    7
    6
    5
    4
    3
    2
    1
    0

Explanation

Question 20 of 20

1

Even though UDP is stateless, FortiGate still uses two session state values:

Select one of the following:

  • UDP traffic one way only: 00
    UDP traffic both ways: 01

  • UDP traffic one way only: 01
    UDP traffic both ways: 00

Explanation