NSE4_FGT-7.0試験無料問題集（175題）「Fortinet NSE 4

出題：1

What is the primary FortiGate election process when the HA override setting is disabled?

A. Connected monitored ports > Priority > System uptime > FortiGate Serial number

B. Connected monitored ports > System uptime > Priority > FortiGate Serial number

C. Connected monitored ports > Priority > HA uptime > FortiGate Serial number

D. Connected monitored ports > HA uptime > Priority > FortiGate Serial number

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

An administrator wants to configure timeouts for users. Regardless of the user's behavior, the timer should start as soon as the user authenticates and expire after the configured value.
Which timeout option should be configured on FortiGate?

A. idle-timeout

B. soft-timeout

C. hard-timeout

D. new-session

E. auth-on-demand

正解：C 解答を投票する

出題：3

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Full Content inspection

B. Proxy-based inspection

C. Flow-based inspection

D. Certificate inspection

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which two statements are true about the FGCP protocol? (Choose two.)

A. Elects the primary FortiGate device

B. Runs only over the heartbeat links

C. Is used to discover FortiGate devices in different HA groups

D. Not used when FortiGate is in Transparent mode

正解：A,B 解答を投票する

出題：5

Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?

A. A DoS policy should be used, instead of an IPS sensor.

B. The HTTPS signatures have not been added to the sensor.

C. A DoS policy should be used, instead of an IPS sensor.

D. The firewall policy is not using a full SSL inspection profile.

E. The IPS filter is missing the Protocol: HTTPS option.

正解：D 解答を投票する

出題：6

Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.
What will be the impact of using Include in every user group option in a RADIUS configuration?

A. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

B. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

C. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

D. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

正解：C 解答を投票する

出題：7

Which statement about the IP authentication header (AH) used by IPsec is true?

A. AH does not provide any data integrity or encryption.

B. AH does not support perfect forward secrecy.

C. AH provides strong data integrity but weak encryption.

D. AH provides data integrity bur no encryption.

正解：D 解答を投票する

出題：8

An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

A. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.

B. Strict RPF checks the best route back to the source using the incoming interface.

C. Strict RPF allows packets back to sources with all active routes.

D. The strict RPF check is run on the first sent and reply packet of any new session.

正解：B 解答を投票する

出題：9

How do you format the FortiGate flash disk?

A. Select the format boot device option from the BIOS menu.

B. Load the hardware test (HQIP) image.

C. Execute the CLI command execute formatlogdisk.

D. Load a debug FortiOS image.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

A. Apple FaceTime will be allowed, based on the Apple filter configuration.

B. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn

C. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration

D. Apple FaceTime will be allowed, based on the Categories configuration.

正解：C 解答を投票する

NSE4_FGT-7.0試験無料問題集「Fortinet NSE 4 - FortiOS 7.0 認定」