別格で売上ナンバーワンNSE4_FGT-6.4試験にはは2022年最新のFortinet練習問試験合格させます
Fortinet NSE 4問題集でNSE4_FGT-6.4試験完全版問題で試験学習ガイド
質問 76
Which two statements ate true about the Security Fabric rating? (Choose two.)
- A. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
- B. It provides executive summaries of the four largest areas of security focus.
- C. Many of the security issues can be fixed immediately by click ng Apply where available.
- D. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
正解: C,D
解説:
Explanation
FortiGate_Security_6.4_Study_Guide-Online. page 89
質問 77
Examine the network diagram shown in the exhibit, then answer the following question:
Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?
- A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]
- B. 172.16.32.0/24 is directly connected, port1
- C. 10.4.200.0/30 is directly connected, port2
- D. 0.0.0.0/0 [20/0] via 10.4.200.2, port2
正解: B
質問 78
Refer to the exhibit.
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)
- A. FortiGate devices are not in sync because one device is down.
- B. FortiGate SN FGVM010000064692 has the higher HA priority.
- C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
- D. FortiGate SN FGVM010000065036 HA uptime has been reset.
正解: B,D
質問 79
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).
Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
- A. The firewall policy performs the full content inspection on the file.
- B. The volume of traffic being inspected is too high for this model of FortiGate.
- C. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
- D. The flow-based inspection is used, which resets the last packet to the user.
正解: D
質問 80
Refer to the exhibit.
Which contains a PerformanceSLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?
- A. The Ping protocol is not supported for the public servers that are configured.
- B. You need to turn on the Enable probe packets switch.
- C. There may not be a static route to route the performance SLA traffic.
- D. Participants configured are not SD-WAN members.
正解: B
質問 81
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).
Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
- A. The firewall policy performs the full content inspection on the file.
- B. The volume of traffic being inspected is too high for this model of FortiGate.
- C. The flow-based inspection is used, which resets the last packet to the user.
- D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
正解: A
質問 82
Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)
- A. Any web request fortinet.com is allowed to bypass the proxy.
- B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
- C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
- D. Browsers can be configured to retrieve this PAC file from the FortiGate.
正解: A,D
質問 83
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection?
(Choose two.)
- A. The issuer must be a public CA.
- B. The CA extension must be set to TRUE.
- C. The keyUsage extension must be set to keyCertSign.
- D. The common name on the subject field must use a wildcard name.
正解: B,D
質問 84
Which scanning technique on FortiGate can be enabled only on the CLI?
- A. Trojan scan
- B. Ransomware scan
- C. Heuristics scan
- D. Antivirus scan
正解: C
質問 85
Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)
- A. Source IP
- B. Spillover
- C. Session
- D. Volume
正解: C,D
解説:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/49719/configuring-sd-wan-load-balancing
質問 86
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
- A. FortiGate automatically negotiates a new security association after the existing security association expires.
- B. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
- C. FortiGate automatically negotiates different local and remote addresses with the remote peer.
- D. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
正解: D
解説:
Explanation
https://kb.fortinet.com/kb/documentLink.do?externalID=12069
質問 87
Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)
- A. Create a new service object for TELNET and set the maximum session TTL.
- B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.
- C. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.
- D. Set the maximum session TTL value for the TELNET service object.
正解: A,B
質問 88
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.
An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?
- A. The firewall policy is not using a full SSL inspection profile.
- B. The HTTPS signatures have not been added to the sensor.
- C. The IPS filter is missing the Protocol: HTTPS option.
- D. A DoS policy should be used, instead of an IPS sensor.
- E. A DoS policy should be used, instead of an IPS sensor.
正解: A
質問 89
Examine the two static routes shown in the exhibit, then answer the following question.
Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?
- A. FortiGate will load balance all traffic across both routes.
- B. FortiGate will only actuate the port1 route in the routing table
- C. FortiGate will route twice as much traffic to the port2 route
- D. FortiGate will use the port1 route as the primary candidate.
正解: D
解説:
Explanation
"If multiple static routes have the same distance, they are all active; however, only the one with the lowest priority is considered the best path."
質問 90
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.
An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?
- A. The firewall policy is not using a full SSL inspection profile.
- B. The HTTPS signatures have not been added to the sensor.
- C. The IPS filter is missing the Protocol: HTTPS option.
- D. A DoS policy should be used, instead of an IPS sensor.
- E. A DoS policy should be used, instead of an IPS sensor.
正解: A
質問 91
Refer to the exhibit.
Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?
- A. Participants configured are not SD-WAN members.
- B. The Ping protocol is not supported for the public servers that are configured.
- C. There may not be a static route to route the performance SLA traffic.
- D. You need to turn on the Enable probe packets switch.
正解: A
質問 92
......
Fortinet NSE4_FGT-6.4 認定試験の出題範囲:
トピック | 出題範囲 |
---|---|
トピック 1 |
|
トピック 2 |
|
トピック 3 |
|
トピック 4 |
|
トピック 5 |
|
トピック 6 |
|
トピック 7 |
|
トピック 8 |
|
トピック 9 |
|
最適な道は練習テストFortinet NSE4_FGT-6.4問題集:https://www.jpntest.com/shiken/NSE4_FGT-6.4-mondaishu