NSE4_FGT-7.0試験無料問題集（175題）「Fortinet NSE 4

出題：1

If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

A. The Services field is used when you need to bundle several VIPs into VIP groups.

B. The Services field removes the requirement to create multiple VIPs for different services.

C. The Services field prevents multiple sources of traffic from using multiple services to connect to a single

D. The Services field prevents SNAT and DNAT from being combined in the same policy.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Refer to the exhibit.

The exhibits show a network diagram and the explicit web proxy configuration.
In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?

A. 'host 192.168.0.1 and port 80'

B. 'host 10.0.0.50 and port 8080'

C. 'host 10.0.0.50 and port 80'

D. 'host 192.168.0.2 and port 8080'

正解：D 解答を投票する

出題：3

Refer to the exhibits.

Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

A. FortiGate will start sending all files to FortiSandbox for inspection.

B. Administrators can access FortiGate only through the console port.

C. Administrators cannot change the configuration.

D. FortiGate has entered conserve mode.

正解：C,D 解答を投票する

出題：4

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

A. FortiGate automatically negotiates different local and remote addresses with the remote peer.

B. FortiGate automatically negotiates a new security association after the existing security association expires.

C. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

D. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.
What will be the impact of using Include in every user group option in a RADIUS configuration?

A. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

B. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

C. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

D. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

正解：C 解答を投票する

出題：6

Which two types of traffic are managed only by the management VDOM? (Choose two.)

A. PKI

B. Traffic shaping

C. FortiGuard web filter queries

D. DNS

正解：C,D 解答を投票する

出題：7

Which two statements are correct about SLA targets? (Choose two.)

A. SLA targets are used only when referenced by an SD-WAN rule.

B. You can configure only two SLA targets per one Performance SLA.

C. SLA targets are optional.

D. SLA targets are required for SD-WAN rules with a Best Quality strategy.

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

A. Execute a debug flow.

B. Run a sniffer on the web server.

C. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10"

D. Capture the traffic using an external sniffer connected to port1.

正解：A 解答を投票する

出題：9

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

B. The public key of the web server certificate must be installed on the browser.

C. The web-server certificate must be installed on the browser.

D. The CA certificate that signed the web-server certificate must be installed on the browser.

正解：D 解答を投票する

出題：10

Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

A. It is allowed and inspected as long as the inspection is flow based

B. It is dropped.

C. It is allowed, but with no inspection

D. It is allowed and inspected, as long as the only inspection required is antivirus.

正解：B 解答を投票する

NSE4_FGT-7.0試験無料問題集「Fortinet NSE 4 - FortiOS 7.0 認定」