時間限定無料ダウンロード 最新のNSE5_FMG-7.0問題集で2024年最新のNSE5_FMG-7.0試験問題
最新のFortinet NSE5_FMG-7.0認定の練習テスト問題
Fortinet NSE5_FMG-7.0 認定は、FortiGate プラットフォームの高度な管理に関する知識とスキルを拡大したいネットワークセキュリティの専門家にとって優れた選択肢です。特に、スケーラブルで複雑なネットワーク環境のコンテキストで、FortiManager v7.0 プラットフォームを活用して、FortiGate デバイスを効率的に設定、管理、および保護し、全体的なネットワークセキュリティを強化する能力を証明できます。
質問 # 36
Which of the following statements are true regarding VPN Manager? (Choose three.)
- A. VPN Manager automatically adds newly-registered devices to a VPN community.
- B. VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time.
- C. VPN Manager must be enabled on a per ADOM basis.
- D. VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.
- E. Common IPsec settings need to be configured only once in a VPN Community for all managed gateways.
正解:B、C、E
質問 # 37
An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?
- A. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package
- B. When a new policy package is created, the administrator must assign the global policy package from the global ADOM.
- C. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.
- D. When a new policy package is created, the administrator needs to reapply the global policy package to ADOM1.
正解:C
質問 # 38
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.
Which troubleshooting step should you take to resolve the issue?
- A. Make sure Offline Mode is disabled
- B. Make sure FortiManager Access is enabled in the administrator profile
- C. Make sure the administrator IP address is part of the trusted hosts.
- D. Make sure ADOMs are enabled and the administrator has access to the Global ADOM
正解:C
解説:
Even if a user entered the correct userid/password, the FMG denies access if a user is logging in from an untrusted source IP subnets.
質問 # 39
You are moving managed FortiGate devices from one ADOM to a new ADOM.
Which statement correctly describes the expected result?
- A. Policy packages will be imported into the new ADOM automaticallyD
- B. The shared policy package will not be moved to the new ADOM
- C. Any pending device settings will be installed automatically
- D. Any unused objects from a previous ADOM are moved to the new ADOM automatically
正解:B
質問 # 40
View the following exhibit, which shows the Download Import Report:
Why it is failing to import firewall policy ID 2?
- A. The address object used in policy ID 2 already exist in ADON database with any as interface association and conflicts with address object interface association locally on the FortiGate
- B. Policy ID 2 is configured from interface any to port6 FortiManager rejects to import this policy because any interface does not exist on FortiManager
- C. Policy ID 2 does not have ADOM Interface mapping configured on FortiManager
- D. Policy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate.
正解:A
解説:
FortiManager_6.4_Study_Guide-Online - page 331 & 332
質問 # 41
What is the purpose of the Policy Check feature on FortiManager?
- A. To find and merge duplicate policies in the policy package
- B. To find and provide recommendation for optimizing policies in a policy package
- C. To find and delete disabled firewall policies in the policy package
- D. To find and provide recommendation to combine multiple separate policy packages into one common policy package
正解:B
質問 # 42
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package Fortinet is true?
- A. When a new policy package is created, you need to assign the global policy package from the global
ADOM. - B. When a new policy package is created, you need to reapply the global policy package to the ADOM.
- C. When a new policy package is created, you can select the option to assign the global policies to the new package.
- D. When a new policy package is created, it automatically assigns the global policies to the new package.
正解:D
解説:
Global Policy Package is applied at the ADOM level and you have the option to choose which ADOM policy packages you want to exclude (there is no option to choose Policy Packages to include).
質問 # 43
When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?
- A. FortiGate will reject the CLI commands that will cause the tunnel to go down.
- B. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.
- C. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.
- D. FortiManager will revert and install a previous configuration revision on the managed FortiGate.
正解:D
解説:
The configuration change will break the fgfm connection, causing the FortiGate unit to attempt to reconnect for 900 seconds. If the FortiGate cannot reconnect, it will rollback to its previous configuration.
質問 # 44
Which two statements regarding device management on FortiManager are true? (Choose two.)
- A. FortiGate devices in HA cluster devices are counted as a single device.
- B. The maximum number of managed devices for each ADOM is 500.
- C. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
- D. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
正解:A、C
質問 # 45
Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)
- A. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices
- B. The Security Fabric license, group name and password are required for the FortiManager Security Fabric
integration - C. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices
- D. The Security Fabric settings are part of the device level settings
正解:A、D
質問 # 46
Refer to the exhibit.
An administrator has created a firewall address object, Training which is used in the Local-FortiGate policy package.
When the installation operation is performed, which IP/Netmask will be installed on the Local-FortiGate, for the Training firewall address object?
- A. 10.200.1.0/24
- B. Local-FortiGate will automatically choose an IP/Netmask based on its network interface settings.
- C. It will create a firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values.
- D. 192.168.0.1/24
正解:D
質問 # 47
Refer to the exhibit.
Which two statements about the output are true? (Choose two.)
- A. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
- B. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
- C. Configuration changes directly made on the FortiGate have been automatically updated to device-level
- D. The latest history for the managed FortiGate does not match with the device-level database
正解:A、D
解説:
database
Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up - dev-db: modified - This is the device setting status which indicates that configuration changes were made on FortiManager. - conf: in sync - This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration. - cond: pending - This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion: - Revision DB does match FortiGate. - No changes were installed to FortiGate yet. - Device DB doesn't match Revision DB. - No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve: device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet): latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history: device database = reverted revision != FGT
質問 # 48
An administrator would like to create an SD-WAN using central management. What steps does the administrator need to perform to create an SD-WAN using central management?
- A. You must specify a gateway address when you create a default static route
- B. First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static route
- C. Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and SDWAN firewall policies.
- D. Remove all the interface references such as routes or policies
正解:C
質問 # 49
View the following exhibit.
An administrator has created a firewall address object, Training, which is used in the Local-FortiGate policy package. When the install operation is performed, which IP Netmask will be installed on the Local-FortiGate, for the Training firewall address object?
- A. 192.168.0.1/24
- B. It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values
- C. 10.0.1.0/24
- D. Local-FortiGate will automatically choose an IP Network based on its network interface settings.
正解:C
質問 # 50
Which two items does an FGFM keepalive message include? (Choose two.)
- A. FortiGate IPS version
- B. FortiGate configuration checksum
- C. FortiGate license information
- D. FortiGate uptime
正解:A、B
質問 # 51
Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.)
- A. When you configure MEA, you must open TCP or UDP port 540.
- B. You must open the ports to the Fortinet registry
- C. You must create a MEA special policy on FortiManager using the super user profile
- D. The administrator must have the super user profile.
正解:C、D
質問 # 52
An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.
What can prevent an admin account that has Super_User rights over the device from approving a workflow session?
- A. Trainer is not a part of workflow approval group
- B. Trainer does not have full rights over this ADOM
- C. Trainer must close Student's workflow session before approving the request
- D. Student, who submitted the workflow session, must first self-approve the request
正解:A
質問 # 53
......
試験は35の複数選択の質問で構成されており、60分の制限時間以内に完了する必要があります。この試験では、Fortimanagerの機能と機能、セキュリティポリシーとプロファイル、デバイスの発見と在庫、ファームウェアのアップグレードなど、さまざまなトピックについて説明します。候補者は、試験に合格し、NSE5_FMG-7.0認定を獲得するために最低70%を獲得する必要があります。
検証済みのNSE5_FMG-7.0問題集と解答で一年間無料最速更新:https://www.jpntest.com/shiken/NSE5_FMG-7.0-mondaishu