NSE4_FGT-6.4試験無料問題集（165題）「Fortinet NSE 4

出題：1

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

A. FortiGate automatically negotiates different local and remote addresses with the remote peer.

B. FortiGate automatically negotiates a new security association after the existing security association expires.

C. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

D. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

How do you format the FortiGate flash disk?

A. Select the format boot device option from the BIOS menu.

B. Load the hardware test (HQIP) image.

C. Execute the CLI command execute formatlogdisk.

D. Load a debug FortiOS image.

正解：A 解答を投票する

出題：3

An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

A. Packet payload

B. Ethernet header

C. IP header

D. Interface name

E. Application header

正解：A,C,D 解答を投票する

出題：4

Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

A. 10.200.1.1

B. 10.200.1.10

C. 10.200.3.1

D. 10.200.1.100

正解：A 解答を投票する

出題：5

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Server information disclosure attacks

B. Traffic to inappropriate web sites

C. SQL injection attacks

D. Traffic to botnetservers

E. Credit card data leaks

正解：A,C,E 解答を投票する

出題：6

If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?

A. IP address

B. FQDN address

C. User or User Group

D. No other object can be added

正解：A 解答を投票する

出題：7

Which of statement is true about SSL VPN web mode?

A. The tunnel is up while the client is connected.

B. The external network application sends data through the VPN.

C. It assigns a virtual IP address to the client.

D. It supports a limited number of protocols.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
Which two statements are true? (Choose two.)

A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet.

C. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

D. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

正解：A,C 解答を投票する

出題：9

Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

A. To generate logs

B. To allow for out-of-order packets that could arrive after the FIN/ACK packets

C. To finish any inspection operations

D. To remove the NAT operation

正解：B 解答を投票する

出題：10

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

A. The keyUsage extension must be set to keyCertSign.

B. The common name on the subject field must use a wildcard name.

C. The CA extension must be set to TRUE.

D. The issuer must be a public CA.

正解：A,C 解答を投票する

NSE4_FGT-6.4試験無料問題集「Fortinet NSE 4 - FortiOS 6.4 認定」