[2023年04月11日] NSE4_FGT-7.2のPDF問題集にはあなたに不可欠なNSE4_FGT-7.2試験解答を合格に繋ぐ！ [Q47-Q63]

[2023年04月11日] NSE4_FGT-7.2のPDF問題集にはあなたに不可欠なNSE4_FGT-7.2試験解答を合格に繋ぐ！

NSE4_FGT-7.2のPDF解答で完璧な予見NSE4_FGT-7.2練習試験問題

質問 # 47
Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

• A. Packet payload
• B. IP header
• C. Application header
• D. Interface name
• E. Ethernet header

正解：A、B、D

解説：
Reference:
Study Guide - Routing - Diagnostics - Packet Capture Verbosity Level.
# diagnose sniffer packet <interface> '<filter>' <verbosity> <count> <timestamp> <frame size> In the example, verbosity is 5.
The verbosity level specifies how much info you want to display.
1 (default): IP Headers.
2: IP Headers, Packet Payload.
3. IP Headers, Packet Payload, Ethernet Headers.
4: IP Headers, Interface Name.
5: IP Headers, Packet Payload, Interface Name.
6: IP Headers, Packet Payload, Ethernet Headers, Interface Name.

質問 # 48
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

• A. soft-timeout
• B. new-session
• C. auth-on-demand
• D. Idle-timeout
• E. hard-timeout

正解：B、D、E

解説：
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221

質問 # 49
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

• A. Antivirus scanning
• B. Intrusion prevention
• C. File filter
• D. DNS filter

正解：A、B

質問 # 50
Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

• A. There are 19 security recommendations for the security fabric.
• B. There are five devices that are part of the security fabric.
• C. This security fabric topology is a logical topology view.
• D. Device detection is disabled on all FortiGate devices.

正解：A、C

解説：
References:
https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/761085/results
https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/736125/security-fabric-topology

質問 # 51
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

• A. On both FortiGate devices, set Dead Peer Detection to On Demand.
• B. On HQ-FortiGate, disable Diffie-Helman group 2.
• C. On Remote-FortiGate, set port2 as Interface.
• D. On HQ-FortiGate, set IKE mode to Main (ID protection).

正解：C、D

質問 # 52
You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk . What is the default behavior when the local disk is full?

• A. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.
• B. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.
• C. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.
• D. No new log is recorded until you manually clear logs from the local disk .

正解：B

質問 # 53
Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

• A. Read/Write permission for Firewall
• B. Read/Write permission for Log & Report
• C. CLI diagnostics commands permission
• D. Custom permission for Network

正解：C

解説：
https://kb.fortinet.com/kb/documentLink.do?externalID=FD50220

質問 # 54
Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

• A. The name of the firewall policy is all_users_web.
• B. Social networking web filter category is configured with the action set to authenticate.
• C. Access to the social networking web filter category was explicitly blocked to all users.
• D. The action on firewall policy ID 1 is set to warning.

正解：B

質問 # 55
Which statement about video filtering on FortiGate is true?

• A. It inspects video files hosted on file sharing services.
• B. It is available only on a proxy-based firewall policy.
• C. Full SSL Inspection is not required.
• D. Video filtering FortiGuard categories are based on web filter FortiGuard categories.

正解：B

質問 # 56
Which two statements explain antivirus scanning modes? (Choose two.)

• A. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
• B. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
• C. In proxy-based inspection mode, files bigger than the buffer size are scanned.
• D. In flow-based inspection mode, files bigger than the buffer size are scanned.

正解：A、B

解説：
An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That is large enough for most files, except video files. If your FortiGate model has more RAM, you may be able to increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this threshold balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No. Regardless of vendor or model, you must make a choice. This is because of the difference between scans in theory, that have no limits, and scans on real-world devices, that have finite RAM. In order to detect 100% of malware regardless of file size, a firewall would need infinitely large RAM--something that no device has in the real world. Most viruses are very small. This table shows a typical tradeoff. You can see that with the default 10 MB threshold, only 0.01% of viruses pass through.

質問 # 57
Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.


If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

• A. 10.200.3.1, 10.0.1.10, and 443, respectively
• B. 10.0.1.254, 10.0.1.10, and 443, respectively
• C. 10.0.1.254, 10.0.1.10, and 10443, respectively

正解：A

質問 # 58
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

• A. Implement web filter authentication for the specified website.
• B. Implement a DNS filter for the specified website.
• C. Implement web filter quotas for the specified website
• D. Implement a web filter category override for the specified website

正解：A

質問 # 59
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

• A. FTM
• B. HTTPS
• C. FortiTelemetry
• D. SSH

正解：B、D

解説：
Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/995103/buildingsecurity-into-fortios

質問 # 60
When configuring a firewall virtual wire pair policy, which following statement is true?

• A. Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.
• B. Exactly two virtual wire pairs need to be included in each policy.
• C. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.
• D. Only a single virtual wire pair can be included in each policy.

正解：C

質問 # 61
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which configuration change will bring phase 2 up?

• A. On HQ-FortiGate, set Encryption to AES256.
• B. On HQ-FortiGate, enable Diffie-Hellman Group 2.
• C. On Remote-FortiGate, set Seconds to 43200.
• D. On HQ-FortiGate, enable Auto-negotiate.

正解：A

質問 # 62
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

• A. get system performance status
• B. get system arp
• C. get system status
• D. diagnose sys top

正解：B

解説：
"If you suspect that there is an IP address conflict, or that an IP has been assigned to the wrong device, you may need to look at the ARP table."

質問 # 63
......

NSE4_FGT-7.2リアル試験問題と正確なFortinet NSE 4 - FortiOS 7.2のPDF解答：https://www.jpntest.com/shiken/NSE4_FGT-7.2-mondaishu

リアルFortinet試験の素晴らしい練習問題集でNSE4_FGT-7.2試験：https://drive.google.com/open?id=1RnKvSIofteuSIJFRT6OtOd0iuZaJoOZA