NSE4_FGT-6.4試験無料問題集（165題）「Fortinet NSE 4

出題：1

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

A. The internal IP address of the FortiGate device.

B. The remote user's virtual IP address.

C. The public IP address of the FortiGate device.

D. remote user's public IP address

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

A. Access to the social networking web filter category was explicitly blocked to all users.

B. Social networking web filter category is configured with the action set to authenticate.

C. The name of the firewall policy is all_users_web.

D. The action on firewall policy ID 1 is set to warning.

正解：B 解答を投票する

出題：3

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

A. On Remote-FortiGate, set port2 as Interface.

B. On both FortiGate devices, set Dead Peer Detection to On Demand.

C. On HQ-FortiGate, set IKE mode to Main (ID protection).

D. On HQ-FortiGate, disable Diffie-Helman group 2.

正解：A,C 解答を投票する

出題：4

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

A. The firewall policy performs the full content inspection on the file.

B. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

C. The volume of traffic being inspected is too high for this model of FortiGate.

D. The flow-based inspection is used, which resets the last packet to the user.

正解：D 解答を投票する

出題：5

Refer to the exhibit.

Based on the raw log, which two statements are correct? (Choose two.)

A. Traffic is blocked because Action is set to DENY in the firewall policy.

B. Log severity is set to error on FortiGate.

C. Traffic belongs to the root VDOM.

D. This is a security log.

正解：A,D 解答を投票する

出題：6

Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

A. FortiGate is using default FortiGuard communication settings.

B. A local FortiManager is one of the servers FortiGate communicates with.

C. There is at least one server that lost packets consecutively.

D. One server was contacted to retrieve the contract information.

正解：A,D 解答を投票する

出題：7

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
Which two statements are true? (Choose two.)

A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet.

C. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

D. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

正解：A,C 解答を投票する

出題：8

Which of statement is true about SSL VPN web mode?

A. The tunnel is up while the client is connected.

B. The external network application sends data through the VPN.

C. It assigns a virtual IP address to the client.

D. It supports a limited number of protocols.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scope of application control to scan application traffic using parent signatures only

B. It limits the scope of application control to the browser-based technology category only.

C. It limits the scope of application control to scan application traffic based on application category only.

D. It limits the scope of application control to scan application traffic on DNS protocol only.

正解：C 解答を投票する

出題：10

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

A. diagnose wad session list | grep hook-pre&&hook-out

B. diagnose wad session list | grep hook=pre&&hook=out

C. diagnose wad session list

D. diagnose wad session list | grep "hook=pre"&"hook=out"

正解：C 解答を投票する

NSE4_FGT-6.4試験無料問題集「Fortinet NSE 4 - FortiOS 6.4 認定」