NSE4_FGT-7.0試験無料問題集（175題）「Fortinet NSE 4

出題：1

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A. Change password

B. Change Administrator profile

C. Enable two-factor authentication

D. Enable restrict access to trusted hosts

正解：B 解答を投票する

出題：2

Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

A. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

B. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

C. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

D. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

正解：A,C 解答を投票する

出題：3

Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

A. It is allowed and inspected as long as the inspection is flow based

B. It is dropped.

C. It is allowed, but with no inspection

D. It is allowed and inspected, as long as the only inspection required is antivirus.

正解：B 解答を投票する

出題：4

Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

A. SMTP.Login.Brute.Force

B. ip_src_session

C. IMAP.Login.brute.Force

D. Location: server Protocol: SMTP

正解：C 解答を投票する

出題：5

Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

A. Apple FaceTime will be allowed, based on the Apple filter configuration.

B. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn

C. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration

D. Apple FaceTime will be allowed, based on the Categories configuration.

正解：C 解答を投票する

出題：6

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

A. Web application firewall

B. Denial of Service

C. Application control

D. Antivirus

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

A. Virtual IP addresses are used to distinguish between cluster members.

B. Heartbeat interfaces have virtual IP addresses that are manually assigned.

C. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

D. The primary device in the cluster is always assigned IP address 169.254.0.1.

正解：C,D 解答を投票する

出題：8

Refer to the exhibit.

The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

A. Disable match-vip in the Deny policy.

B. Set the Destination address as Deny_IP in the Allow-access policy.

C. Enable match vip in the Deny policy.

D. Set the Destination address as Web_server in the Deny policy.

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

A. Application control

B. Antivirus

C. Web proxy

D. Web filtering

正解：B 解答を投票する

出題：10

Refer to the exhibit.

The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.

B. The sensor will block all attacks aimed at Windows servers.

C. The sensor will gather a packet log for all matched traffic.

D. The sensor will reset all connections that match these signatures.

正解：A,B 解答を投票する

NSE4_FGT-7.0試験無料問題集「Fortinet NSE 4 - FortiOS 7.0 認定」