Valid C_HRHFC_2311 Dumps shared by ExamDiscuss.com for Helping Passing C_HRHFC_2311 Exam! ExamDiscuss.com now offer the newest C_HRHFC_2311 exam dumps, the ExamDiscuss.com C_HRHFC_2311 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com C_HRHFC_2311 dumps with Test Engine here:
Access C_HRHFC_2311 Dumps Premium Version
(184 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 23/85
Refer to the exhibits.
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.
In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.
In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)
Correct Answer: B,C
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LAN/ta-p/189641 The exhibits show a network diagram and firewall configurations for a FortiGate unit that has two policies: Allow_access and Deny. The Allow_access policy allows traffic from the WAN (port1) interface to the LAN (port3) interface with the destination address of VIP and the service of HTTPS. The VIP object maps the external IP address 10.200.1.10 and port 10443 to the internal IP address 10.0.1.10 and port 443 of the Webserver. The Deny policy denies traffic from the WAN (port1) interface to the LAN (port3) interface with the source address of Deny_IP and the destination address of All.
In this scenario, the administrator wants to deny Webserver access for Remote-User2, who has the IP address 10.200.3.2, which is included in the Deny_IP address object. Remote-User1, who has the IP address 10.200.3.1, must be able to access the Webserver.
To achieve this goal, the administrator can make two changes to deny Webserver access for Remote-User2:
Set the Destination address as Webserver in the Deny policy. This will make the Deny policy more specific and match only the traffic that is destined for the Webserver's internal IP address, instead of any destination address.
Enable match-vip in the Deny policy. This will make the Deny policy apply to traffic that matches a VIP object, instead of ignoring it1. This way, the Deny policy will block Remote-User2's traffic that uses the VIP object's external IP address and port.
In this scenario, the administrator wants to deny Webserver access for Remote-User2, who has the IP address 10.200.3.2, which is included in the Deny_IP address object. Remote-User1, who has the IP address 10.200.3.1, must be able to access the Webserver.
To achieve this goal, the administrator can make two changes to deny Webserver access for Remote-User2:
Set the Destination address as Webserver in the Deny policy. This will make the Deny policy more specific and match only the traffic that is destined for the Webserver's internal IP address, instead of any destination address.
Enable match-vip in the Deny policy. This will make the Deny policy apply to traffic that matches a VIP object, instead of ignoring it1. This way, the Deny policy will block Remote-User2's traffic that uses the VIP object's external IP address and port.
- Question List (85q)
- Question 1: Refer to the exhibit. (Exhibit) A network administrator is t...
- Question 2: Which CLI command will display sessions both from client to ...
- Question 3: Which timeout setting can be responsible for deleting SSL VP...
- Question 4: Which two settings are required for SSL VPN to function betw...
- Question 5: Which two statements are true about the RPF check? (Choose t...
- Question 6: Refer to the exhibit to view the firewall policy Why would t...
- Question 7: Which two statements are correct about NGFW Policy-based mod...
- Question 8: Refer to the exhibit. (Exhibit) The global settings on a For...
- Question 9: Which two statements are correct regarding FortiGate HA clus...
- Question 10: Refer to the exhibit. (Exhibit) Given the routing database s...
- Question 11: Refer to the exhibit. (Exhibit) An administrator has configu...
- Question 12: Why does FortiGate keep TCP sessions in the session table fo...
- Question 13: Which two statements about FortiGate FSSO agentless polling ...
- Question 14: Refer to the exhibits. Exhibit A shows the application senso...
- Question 15: If the Services field is configured in a Virtual IP (VIP), w...
- Question 16: What inspection mode does FortiGate use if it is configured ...
- Question 17: Which two features of IPsec IKEv1 authentication are support...
- Question 18: Which of the following statements is true regarding SSL VPN ...
- Question 19: Refer to the exhibit. (Exhibit) An administrator is running ...
- Question 20: Which two statements describe how the RPF check is used? (Ch...
- Question 21: How can you disable RPF checking?...
- Question 22: Which statement is correct regarding the use of application ...
- Question 23: Refer to the exhibits. The exhibits show a network diagram a...
- Question 24: Which three authentication timeout types are availability fo...
- Question 25: Refer to the exhibit. (Exhibit) Which contains a network dia...
- Question 26: What are two benefits of flow-based inspection compared to p...
- Question 27: Refer to the exhibit. (Exhibit) The exhibit shows a diagram ...
- Question 28: An organization requires remote users to send external appli...
- Question 29: Which statement is correct regarding the security fabric?...
- Question 30: Which two statements are true about the FGCP protocol? (Choo...
- Question 31: Which statements about the firmware upgrade process on an ac...
- Question 32: Which two types of traffic are managed only by the managemen...
- Question 33: Which three CLI commands can you use to troubleshoot Layer 3...
- Question 34: 51 Which statement is correct regarding the inspection of so...
- Question 35: What are two features of collector agent advanced mode? (Cho...
- Question 36: An administrator has configured outgoing Interface any in a ...
- Question 37: Refer to the exhibit, which contains a session diagnostic ou...
- Question 38: Refer to the exhibit. The exhibit shows the FortiGuard Categ...
- Question 39: Which three options are the remote log storage options you c...
- Question 40: Refer to the exhibit. Refer to the web filter raw logs. (Exh...
- Question 41: A team manager has decided that, while some members of the t...
- Question 42: Which statement about the policy ID number of a firewall pol...
- Question 43: On FortiGate, which type of logs record information about tr...
- Question 44: Refer to the exhibit. (Exhibit) The exhibit contains a netwo...
- Question 45: An administrator configures FortiGuard servers as DNS server...
- Question 46: Which CLI command will display sessions both from client to ...
- Question 47: Refer to the exhibits. (Exhibit) Exhibit A shows system perf...
- Question 48: Refer to the exhibit. (Exhibit) Based on the raw log, which ...
- Question 49: Which two protocols are used to enable administrator access ...
- Question 50: Which of the following are valid actions for FortiGuard cate...
- Question 51: An administrator has a requirement to keep an application se...
- Question 52: Examine this output from a debug flow: (Exhibit) Why did the...
- Question 53: Which statements best describe auto discovery VPN (ADVPN). (...
- Question 54: Which CLI command allows administrators to troubleshoot Laye...
- Question 55: Refer to the exhibit. (Exhibit) The exhibit displays the out...
- Question 56: When a firewall policy is created, which attribute is added ...
- Question 57: Refer to the exhibit. (Exhibit) Based on the ZTNA tag, the s...
- Question 58: Why does FortiGate Keep TCP sessions in the session table fo...
- Question 59: Examine this PAC file configuration. Which of the following ...
- Question 60: Which feature in the Security Fabric takes one or more actio...
- Question 61: Refer to exhibit. An administrator configured the web filter...
- Question 62: Which three pieces of information does FortiGate use to iden...
- Question 63: An administrator needs to configure VPN user access for mult...
- Question 64: Refer to the exhibit showing a debug flow output. (Exhibit) ...
- Question 65: Which two inspection modes can you use to configure a firewa...
- Question 66: Which statement correctly describes the use of reliable logg...
- Question 67: An administrator is running the following sniffer command: W...
- Question 68: Which three statements explain a flow-based antivirus profil...
- Question 69: Refer to the exhibit. (Exhibit) In the network shown in the ...
- Question 70: Which two statements are correct regarding FortiGate FSSO ag...
- Question 71: What are two scanning techniques supported by FortiGate? (Ch...
- Question 72: Which two settings can be separately configured per VDOM on ...
- Question 73: View the exhibit. (Exhibit) Which of the following statement...
- Question 74: Which statement about the deployment of the Security Fabric ...
- Question 75: An administrator observes that the port1 interface cannot be...
- Question 76: Which statements best describe auto discovery VPN (ADVPN). (...
- Question 77: Which three statements are true regarding session-based auth...
- Question 78: What is a reason for triggering IPS fail open?...
- Question 79: Which two statements ate true about the Security Fabric rati...
- Question 80: Which of the following statements about backing up logs from...
- Question 81: What are two functions of ZTNA? (Choose two.)...
- Question 82: FortiGate is configured as a policy-based next-generation fi...
- Question 83: What is the limitation of using a URL list and application c...
- Question 84: Refer to the exhibit showing a debug flow output. (Exhibit) ...
- Question 85: Which two statements explain antivirus scanning modes? (Choo...
