NSE4_FGT-6.4試験無料問題集（165題）「Fortinet NSE 4

出題：1

Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

A. Connections are tracked using source port and source MAC address.

B. Port address translation is not used.

C. Source IP is translated to the outgoing interface IP.

D. This is known as many-to-one NAT.

正解：B,C 解答を投票する

出題：2

What devices form the core of the security fabric?

A. Two FortiGate devices and one FortiAnalyzer device

B. One FortiGate device and one FortiAnalyzer device

C. Two FortiGate devices and one FortiManager device

D. One FortiGate device and one FortiManager device

正解：A 解答を投票する

出題：3

Refer to the exhibit.

The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.

B. The sensor will block all attacks aimed at Windows servers.

C. The sensor will gather a packet log for all matched traffic.

D. The sensor will reset all connections that match these signatures.

正解：A,B 解答を投票する

出題：4

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

A. The keyUsage extension must be set to keyCertSign.

B. The common name on the subject field must use a wildcard name.

C. The CA extension must be set to TRUE.

D. The issuer must be a public CA.

正解：A,C 解答を投票する

出題：5

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

A. The firmware image must be manually uploaded to each FortiGate.

B. Traffic load balancing is temporally disabled while upgrading the firmware.

C. Uninterruptable upgrade is enabled by default.

D. Only secondary FortiGate devices are rebooted.

正解：B,C 解答を投票する

出題：6

Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How does FortiGate process the traffic sent to http://www.fortinet.com?

A. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.

B. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

C. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.

D. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.

正解：B 解答を投票する

出題：7

Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

A. Custom permission for Network

B. Read/Write permission for Firewall

C. Read/Write permission for Log & Report

D. CLI diagnostics commands permission

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

How do you format the FortiGate flash disk?

A. Select the format boot device option from the BIOS menu.

B. Load the hardware test (HQIP) image.

C. Execute the CLI command execute formatlogdisk.

D. Load a debug FortiOS image.

正解：A 解答を投票する

出題：9

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
Which two statements are true? (Choose two.)

A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet.

C. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

D. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

正解：A,C 解答を投票する

出題：10

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

A. FortiAnalyzer

B. Downstream FortiGate

C. FortiManager

D. Root FortiGate

正解：D 解答を投票する

NSE4_FGT-6.4試験無料問題集「Fortinet NSE 4 - FortiOS 6.4 認定」