An administrator is configuring two FortiGate devices in an HA cluster. While configuring the devices, the administrator issues the following commands on both HA cluster members:

In which two ways do these commands impact the HA cluster? (Choose two.)
A. They force the former primary to shut down all its interfaces for one second when failover happens, excluding the heartbeat and reserved management interfaces.
B. They force the former primary to send gratuitous ARP packets when the failover happens to indicate that the virtual MAC address is now using a different device.
C. They force both HA devices for remote link monitoring to detect an issue in the forwarding path.
D. They force the switches to update their MAC forwarding tables, when failover happens.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You are using Virtual eXtensible LAN (VXLAN) extensively on FortiGate. Which specialized acceleration hardware must you use to improve FortiGate performance?
A. CP10
B. NTurbo
C. CPU
D. NP7
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which three approaches can successfully deploy advanced initial configurations?
A. Model device ZTP/LTP
B. Jinja scripting
C. Global ADOM
D. Metadata variables
正解:A,B,D
質問 4:
Refer to the exhibit, which shows device registration on FortiManager.

What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?
A. Based on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.
B. Spoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.
C. On both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.
D. On NGFW-1, the configuration was changed and spokes are wailing for an autoupdate.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
An administrator must enable direct communication between multiple spokes in a company's network. Each spoke has more than one internet connection. The requirement is for the spokes to connect directly without passing through the hub, and for the links to automatically switch to the best available connection. How can this automatic detection and optimal link utilization between spokes be achieved?
A. Establish static VPN tunnels between spokes with predefined backup routes.
B. Set up OSPF routing over static VPN tunnels between spokes.
C. Utilize ADVPN 2.0 to facilitate dynamic direct tunnels and automatic link optimization.
D. Implement SD-WAN policies at the hub to manage spoke link quality.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
An administrator is extensively using VXLAN on FortiGate. Which specialized acceleration hardware does FortiGate need to improve its performance?
A. NTurbo
B. 9
C. SP5
D. NP7
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
You configured the FortiGate devices in an enterprise network to join the Fortinet Security Fabric.
You have a list of IP addresses that must be blocked by the data center firewall. The list is updated daily. How can you automate updates to the firewall policy to add the IP addresses from the daily updated list?
A. With a CLI script in FortiManager
B. With metadata variables in FortiManager
C. With a Security Fabric automation
D. With an external connector from External Feeds
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Refer to the exhibit.

The packet capture output of a client hello message is shown.
You are updating a firewall policy that includes SSL certificate inspection. You are capturing packets from the traffic passing through this firewall policy.
Which two statements about the packet capture are correct? (Choose two.)
A. You can effectively apply a web filtering profile to this traffic.
B. You can effectively apply an antivirus security profile to this traffic.
C. The client supports only TLS versions 1.2 and 1.3.
D. The subject alternative name (SAN) is necessary to apply security profiles.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Refer to the exhibits.



A network topology, firewall policy, and SSL/SSH inspection profile configuration are shown.
What must you configure on firewall policy ID 2 to detect HTTPS attacks that target a Linux server hosting the website
A. Enable HTTPS in the protocol port mapping of the deep-inspection SSL/SSH inspection profile.
B. Set inspection-mode to f1ow to analyze the HTTPS packets and make sure that they are as expected.
C. Enable SSL inspection of the SSL server and upload the certificate of the Linux server website to the SSL/SSH inspection profile.
D. Set ips-sensor to IPS_block in the firewall policy.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
1032 お客様のコメント





仲根** -
問題を掲載しているので本番でも動じない実力を養うことができます。FCSS_EFW_AD-7.6試験終わりました。合格だ。教科書という感じが少なく読みやすさは抜群です。