NSE4_FGT-7.2試験無料問題集（183題）「Fortinet NSE 4

出題：1

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, which statement about VLAN IDs is true?

A. The two VLAN subinterfaces can have the same VLAN ID only if they belong to different VDOMs.

B. The two VLAN subinterfaces must have different VLAN IDs.

C. The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in the same subnet.

D. The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in different subnets.

正解：C,D 解答を投票する

出題：2

Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking

B. On the Static URL Filter configuration, set Type to Simple

C. On the Static URL Filter configuration, set Action to Monitor.

D. On the Static URL Filter configuration, set Action to Exempt.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which timeout setting can be responsible for deleting SSL VPN associated sessions?

A. SSL VPN idle-timeout

B. SSL VPN dtls-hello-timeout

C. SSL VPN http-request-body-timeout

D. SSL VPN login-timeout

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

A. diagnose wad session list | grep hook-pre&&hook-out

B. diagnose wad session list | grep hook=pre&&hook=out

C. diagnose wad session list

D. diagnose wad session list | grep "hook=pre"&"hook=out"

正解：C 解答を投票する

出題：5

Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)

A. Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.

B. Any web request fortinet.com is allowed to bypass the proxy.

C. All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D. Browsers can be configured to retrieve this PAC file from the FortiGate.

正解：B,D 解答を投票する

出題：6

Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

A. Traffic matching the signature will be silently dropped and logged.

B. The signature setting includes a group of other signatures.

C. Traffic matching the signature will be allowed and logged.

D. The signature setting uses a custom rating threshold.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.
When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.

Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?

A. In the firewall policy configuration, enable match-vip.

B. In the VIP configuration, enable arp-reply.

C. Configure a loopback interface with address 203.0.113.2/32.

D. Enable port forwarding on the server to map the external service port to the internal service port.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

When configuring a firewall virtual wire pair policy, which following statement is true?

A. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

B. Only a single virtual wire pair can be included in each policy.

C. Exactly two virtual wire pairs need to be included in each policy.

D. Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

正解：A 解答を投票する

出題：9

Which statement about the policy ID number of a firewall policy is true?

A. It defines the order in which rules are processed.

B. It is required to modify a firewall policy using the CLI.

C. It represents the number of objects used in the firewall policy.

D. It changes when firewall policies are reordered.

正解：B 解答を投票する

出題：10

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.
Which FortiGate configuration can achieve this goal?

A. Zero trust network access

B. SSL VPN bookmark

C. SSL VPN quick connection

D. SSL VPN tunnel

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

NSE4_FGT-7.2試験無料問題集「Fortinet NSE 4 - FortiOS 7.2 認定」