NSE4_FGT-7.0試験無料問題集（175題）「Fortinet NSE 4

出題：1

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A. Any web request fortinet.com is allowed to bypass the proxy.

B. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

C. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

D. Browsers can be configured to retrieve this PAC file from the FortiGate.

正解：A,D 解答を投票する

出題：2

Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

A. Custom permission for Network

B. Read/Write permission for Firewall

C. Read/Write permission for Log & Report

D. CLI diagnostics commands permission

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A. Universally Unique Identifier

B. Policy ID

C. Sequence ID

D. Log ID

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A. Static routes are required to allow traffic to the next hop.

B. By default, all interfaces are part of the same broadcast domain.

C. FortiGate forwards frames without changing the MAC address.

D. The existing network IP schema must be changed when installing a transparent mode.

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which of the following statements about central NAT are true? (Choose two.)

A. Central NAT can be enabled or disabled from the CLI only.

B. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

C. Source NAT, using central NAT, requires at least one central SNAT policy.

D. IP tool references must be removed from existing firewall policies before enabling central NAT.

正解：A,D 解答を投票する

出題：6

A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?

A. SSL/SSH Inspection profile is incorrect

B. Antivirus profile configuration is incorrect

C. Application control is not enabled

D. Antivirus definitions are not up to date

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Refer to the exhibits.

Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

A. FortiGate will start sending all files to FortiSandbox for inspection.

B. Administrators can access FortiGate only through the console port.

C. Administrators cannot change the configuration.

D. FortiGate has entered conserve mode.

正解：C,D 解答を投票する

出題：8

Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

A. There are five devices that are part of the security fabric.

B. Device detection is disabled on all FortiGate devices.

C. There are 19 security recommendations for the security fabric.

D. This security fabric topology is a logical topology view.

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which of statement is true about SSL VPN web mode?

A. The tunnel is up while the client is connected.

B. The external network application sends data through the VPN.

C. It assigns a virtual IP address to the client.

D. It supports a limited number of protocols.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A. ADVPN is only supported with IKEv2.

B. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

C. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

D. Tunnels are negotiated dynamically between spokes.

正解：B,D 解答を投票する

NSE4_FGT-7.0試験無料問題集「Fortinet NSE 4 - FortiOS 7.0 認定」