[2023年11月19日] 究極のNSE5_FMG-7.0準備ガイド!無料最新のFortinet練習テスト問題集
今すぐゲットせよ!高評価Fortinet NSE5_FMG-7.0試験問題集
質問 # 39
What does a policy package status of Conflict indicate?
- A. The policy package configuration has been changed on both FortiManager and the managed device independently.
- B. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
- C. The policy configuration has never been imported after a device was registered on FortiManager.
- D. The policy package does not have a FortiGate as the installation target.
正解:A
質問 # 40
View the following exhibit.
An administrator has created a firewall address object, Training, which is used in the Local-FortiGate policy package. When the install operation is performed, which IP Netmask will be installed on the Local-FortiGate, for the Training firewall address object?
- A. Local-FortiGate will automatically choose an IP Network based on its network interface settings.
- B. 192.168.0.1/24
- C. 10.0.1.0/24
- D. It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values
正解:C
質問 # 41
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.
Which troubleshooting step should you take to resolve the issue?
- A. Make sure Offline Mode is disabled
- B. Make sure FortiManager Access is enabled in the administrator profile
- C. Make sure ADOMs are enabled and the administrator has access to the Global ADOM
- D. Make sure the administrator IP address is part of the trusted hosts.
正解:D
解説:
Even if a user entered the correct userid/password, the FMG denies access if a user is logging in from an untrusted source IP subnets.
Topic 1, Main Questions Pool B
質問 # 42
View the following exhibit:
Which two statements are true if the script is executed using the Remote FortiGate Directly (via CLI) option? (Choose two.)
- A. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate.
- B. FortiGate will auto-update the FortiManager's device-level database.
- C. You must install these changes using Install Wizard
- D. FortiManager will create a new revision history.
正解:B、D
質問 # 43
Which two statements about the scheduled backup of FortiManager are true? (Choose two.)
- A. It can be configured using the CLI and GUI.
- B. It supports FTP, SCP, and SFTP.
- C. It does not back up firmware images saved on FortiManager.
- D. It backs up all devices and the FortiGuard database.
正解:B、C
質問 # 44
View the following exhibit.
What is the purpose of setting ADOM Mode to Advanced?
- A. This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.
- B. The setting enables the ADOMs feature on FortiManager
- C. The setting disables concurrent ADOM access and adds ADOM locking
- D. The setting allows automatic updates to the policy package configuration for a managed device
正解:A
質問 # 45
Which three settings are the factory default settings on FortiManager? (Choose three.)
- A. FortiAnalyzer features are disabled
- B. Reports and Event Monitor panes are enabled
- C. Username is admin
- D. port1 interface IP address is 192.168.1.99/24
- E. Password is fortinet
正解:A、C、D
質問 # 46
Which two conditions trigger FortiManager to create a new revision history? (Choose two.)
- A. When changes to device-level database is made on FortiManager
- B. When FortiManager installs device-level changes to a managed device
- C. When FortiManager is auto-updated with configuration changes made directly on a managed device
- D. When configuration revision is reverted to previous revision in the revision history
正解:B、C
質問 # 47
An administrator configures a new firewall policy on FortiManager and has not yet pushed the changes to the managed FortiGate.
In which database will the configuration be saved?
- A. ADOM-level database
- B. Revision history database
- C. Configuration-level database
- D. Device-level database
正解:A
解説:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47942
質問 # 48
Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.)
- A. The administrator must have the super user profile.
- B. You must open the ports to the Fortinet registry
- C. You must create a MEA special policy on FortiManager using the super user profile
- D. When you configure MEA, you must open TCP or UDP port 540.
正解:A、C
質問 # 49
Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?
- A. Routing
- B. Security profiles
- C. SNMP
- D. NSX-T Service Template
正解:A
質問 # 50
In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric.
Given the administrator's actions, which statement correctly describes the expected result?
- A. The authorized FortiGate will appear in the root ADOM.
- B. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors.
- C. The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only.
- D. The authorized FortiGate will be automatically added to the Training ADOM.
正解:A
質問 # 51
In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?
- A. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.
- B. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.
- C. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
- D. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device
正解:A
解説:
FortiManager_6.4_Study_Guide-Online - page 346
FortiManager HA doesn't support IP takeover where an HA state transition is transparent to administrators. If a failure of the primary occurs, the administrator must take corrective action to resolve the problem that may include invoking the state transition. If the primary device fails, the administrator must do the following in order to return the FortiManager HA to a working state:
1. Manually reconfigure one of the secondary devices to become the primary device
2. Reconfigure all other secondary devices to point to the new primary device
質問 # 52
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package Fortinet is true?
- A. When a new policy package is created, you can select the option to assign the global policies to the new package.
- B. When a new policy package is created, you need to reapply the global policy package to the ADOM.
- C. When a new policy package is created, you need to assign the global policy package from the global ADOM.
- D. When a new policy package is created, it automatically assigns the global policies to the new package.
正解:D
解説:
Global Policy Package is applied at the ADOM level and you have the option to choose which ADOM policy packages you want to exclude (there is no option to choose Policy Packages to include).
質問 # 53
Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?
- A. Security profiles
- B. Routing
- C. SNMP
- D. NSX-T Service Template
正解:A
質問 # 54
View the following exhibit.
If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)
- A. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on
FortiGate under central management. - B. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
- C. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
- D. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
正解:B、C
解説:
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.
質問 # 55
Refer to the exhibit.
Which two statements about the output are true? (Choose two.)
- A. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
- B. The latest history for the managed FortiGate does not match with the device-level database
- C. Configuration changes directly made on the FortiGate have been automatically updated to device-level
- D. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
正解:A、B
解説:
database
Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up - dev-db: modified - This is the device setting status which indicates that configuration changes were made on FortiManager. - conf: in sync - This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration. - cond: pending - This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion: - Revision DB does match FortiGate. - No changes were installed to FortiGate yet. - Device DB doesn't match Revision DB. - No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve: device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet): latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history: device database = reverted revision != FGT
質問 # 56
......
Fortinet NSE5_FMG-7.0試験は、ポリシー管理、デバイス管理、設定管理など、FortiManager 7.0に関連する幅広いトピックをカバーしています。試験では、FortiManager 7.0の機能や機能に深い理解を持ち、ネットワーク環境で発生する一般的な問題や問題をトラブルシューティングする能力が求められます。この資格は、FortiManager 7.0を使用したセキュリティポリシーの効果的な管理能力を示すため、IT業界で高く評価されています。
Fortinet NSE5_FMG-7.0 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
Fortinet NSE5_FMG-7.0(Fortinet NSE 5 - FortiManager 7.0)認定試験は、FortiManagerを使用してFortinetセキュリティソリューションを管理および維持するIT専門家の知識とスキルをテストするために設計されています。この試験は、Fortinet製品の経験があり、FortiManagerベースのソリューションを管理する知識とスキルを強化したい個人を対象としています。この認定試験に合格することで、IT専門家はFortinetセキュリティソリューションを管理する専門知識を検証し、複雑なセキュリティインフラストラクチャを効果的に管理する能力を証明することができます。
合格率取得する秘訣はNSE5_FMG-7.0認定試験エンジンPDF:https://www.jpntest.com/shiken/NSE5_FMG-7.0-mondaishu