NSE4_FGT-7.2試験無料問題集（183題）「Fortinet NSE 4

出題：1

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

A. diagnose wad session list | grep hook-pre&&hook-out

B. diagnose wad session list | grep hook=pre&&hook=out

C. diagnose wad session list

D. diagnose wad session list | grep "hook=pre"&"hook=out"

正解：C 解答を投票する

出題：2

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, which statement about VLAN IDs is true?

A. The two VLAN subinterfaces can have the same VLAN ID only if they belong to different VDOMs.

B. The two VLAN subinterfaces must have different VLAN IDs.

C. The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in the same subnet.

D. The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in different subnets.

正解：C,D 解答を投票する

出題：3

Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

A. Traffic matching the signature will be silently dropped and logged.

B. The signature setting includes a group of other signatures.

C. Traffic matching the signature will be allowed and logged.

D. The signature setting uses a custom rating threshold.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Refer to the exhibits.
Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.

Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)

A. For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.

B. For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.

C. The traffic sourced from the client and destined to the server is sent to FGT-1.

D. The cluster can load balance ICMP connections to the secondary.

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Full Content inspection

B. Proxy-based inspection

C. Flow-based inspection

D. Certificate inspection

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?

A. IP address

B. FQDN address

C. User or User Group

D. No other object can be added

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Refer to the exhibit.
The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.
An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

A. Configure a web override rating for download.com and select Malicious Websites as the subcategory.

B. Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

C. Set the Freeware and Software Downloads category Action to Warning.

D. Configure a separate firewall policy with action Deny and an FQDN address object for *.download.com as destination address.

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

A. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

B. FortiGate devices are not in sync because one device is down.

C. FortiGate SN FGVM010000065036 HA uptime has been reset.

D. FortiGate SN FGVM010000064692 has the higher HA priority.

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

A. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.

B. The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

C. The IP version of the sources and destinations in a firewall policy must be different.

D. The IP version of the sources and destinations in a policy must match.

E. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

正解：B,D,E 解答を投票する

出題：10

Examine this output from a debug flow:

Why did the FortiGate drop the packet?

A. The next-hop IP address is unreachable.

B. It matched an explicitly configured firewall policy with the action DENY.

C. It matched the default implicit firewall policy.

D. It failed the RPF check .

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

NSE4_FGT-7.2試験無料問題集「Fortinet NSE 4 - FortiOS 7.2 認定」