NSE4_FGT-6.4試験無料問題集（165題）「Fortinet NSE 4

出題：1

Which two statements are true about collector agent advanced mode? (Choose two.)

A. Security profiles can be applied only to user groups, not individual users.

B. Advanced mode uses Windows convention-NetBios: Domain\Username.

C. FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate

D. Advanced mode supports nested or inherited groups

正解：C,D 解答を投票する

出題：2

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)

A. Antivirus scanning

B. File filter

C. DNS filter

D. Intrusion prevention

正解：A,D 解答を投票する

出題：3

NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

A. Application control

B. Antivirus

C. Web proxy

D. Web filtering

正解：B 解答を投票する

出題：4

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

A. On Remote-FortiGate, set port2 as Interface.

B. On both FortiGate devices, set Dead Peer Detection to On Demand.

C. On HQ-FortiGate, set IKE mode to Main (ID protection).

D. On HQ-FortiGate, disable Diffie-Helman group 2.

正解：A,C 解答を投票する

出題：5

Which of statement is true about SSL VPN web mode?

A. The tunnel is up while the client is connected.

B. The external network application sends data through the VPN.

C. It assigns a virtual IP address to the client.

D. It supports a limited number of protocols.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which statement about the IP authentication header (AH) used by IPsec is true?

A. AH does not provide any data integrity or encryption.

B. AH does not support perfect forward secrecy.

C. AH provides strong data integrity but weak encryption.

D. AH provides data integrity bur no encryption.

正解：D 解答を投票する

出題：7

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?

A. On Demand

B. Enabled

C. On Idle

D. Disabled

正解：C 解答を投票する

出題：8

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

A. The internal IP address of the FortiGate device.

B. The remote user's virtual IP address.

C. The public IP address of the FortiGate device.

D. remote user's public IP address

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

A. There are five devices that are part of the security fabric.

B. Device detection is disabled on all FortiGate devices.

C. There are 19 security recommendations for the security fabric.

D. This security fabric topology is a logical topology view.

正解：C,D 解答を投票する

出題：10

Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How does FortiGate process the traffic sent to http://www.fortinet.com?

A. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.

B. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

C. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.

D. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.

正解：B 解答を投票する

NSE4_FGT-6.4試験無料問題集「Fortinet NSE 4 - FortiOS 6.4 認定」