NSE4_FGT-6.2無料問題集「Fortinet NSE 4

質問 1

What files are sent to FortiSandbox for inspection in flow-based inspection mode?

（A）All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus profile.

（B）All suspicious files that match patterns defined in the antivirus profile.

（C）All suspicious files that are above the defined oversize limit value in the protocol options.

（D）All suspicious files that do not have their hash value in the FortiGuard antivirus signature database.

正解：B 解答を投票する

質問 2

Examine the exhibit, which contains a virtual IP and firewall policy configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address
10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

（A）10.200.1.10

（B）10.0.1.254

（C）10.200.1.1

（D）Any available IP address in the WAN (port1) subnet 10.200.1.0/24

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

（A）A phase 2 configuration is not required.

（B）This VPN cannot be used as part of a hub-and-spoke topology.

（C）A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

（D）The IPsec firewall policies must be placed at the top of the list.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

（A）Configure fortinet.com access to bypass the IPS engine.

（B）Implement firewall authentication for all users that need access to fortinet.com.

（C）Manually install the FortiGate deep inspection certificate as a trusted CA.

（D）Configure an SSL-inspection exemption for fortinet.com.

正解：B、D 解答を投票する

質問 5

View the exhibit:

Which the FortiGate handle web proxy traffic rue? (Choose two.)

（A）Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

（B）Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

（C）port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.

（D）port-VLAN1 is the native VLAN for the port1 physical interface.

正解：A、C 解答を投票する

質問 6

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

（A）To allow for out-of-order packets that could arrive after the FIN/ACK packets.

（B）To generate logs

（C）To remove the NAT operation.

（D）To finish any inspection operations.

正解：A 解答を投票する

質問 7

View the exhibit.

Which of the following statements are correct? (Choose two.)

（A）Dead peer detection must be disabled to support this type of IPsec setup.

（B）This setup requires at least two firewall policies with the action set to IPsec.

（C）The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

（D）This is a redundant IPsec setup.

正解：C、D 解答を投票する

質問 8

NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

（A）Antivirus

（B）Web filtering

（C）Application control

（D）Web proxy

正解：A 解答を投票する

質問 9

What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

（A）Enable disk logging.

（B）Enable Event Logging.

（C）Enable Log Allowed Traffic on the Full Access firewall policy.

（D）Enable a web filter security profile on the Full Access firewall policy.

正解：C、D 解答を投票する

質問 10

How does FortiGate select the central SNAT policy that is applied to a TCP session?

（A）It selects the SNAT policy specified in the configuration of the outgoing interface.

（B）It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

（C）It selects the first matching central SNAT policy, reviewing from top to bottom.

（D）It selects the central SNAT policy with the lowest priority.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

NSE4_FGT-6.2 無料問題集「Fortinet NSE 4 - FortiOS 6.2」

弊社を連絡する

関連リンク

トップ試験