View the exhibit.

Which of the following statements are correct? (Choose two.)
A. This setup requires at least two firewall policies with the action set to IPsec.
B. This is a redundant IPsec setup.
C. Dead peer detection must be disabled to support this type of IPsec setup.
D. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
正解:B,D
質問 2:
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
A. SQL injection attacks
B. Credit card data leaks
C. Traffic to inappropriate web sites
D. Server information disclosure attacks
E. Traffic to botnetservers
正解:A,D,E
質問 3:
Refer to the exhibit.

The exhibits show the firewall policies and the objects used in the firewall policies. The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.
Based on the input criteria, which of the following will be highlighted?
A. The policy with ID 1
B. The policy with ID 4
C. The policies with ID 2 and 3
D. The policy with ID 5
正解:D
質問 4:
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. Only secondary FortiGate devices are rebooted.
B. The firmware image must be manually uploaded to each FortiGate.
C. Traffic load balancing is temporally disabled while upgrading the firmware.
D. Uninterruptable upgrade is enabled by default.
正解:C,D
質問 5:
Examine this output from a debug flow:

Why did the FortiGate drop the packet?
A. It matched the default implicit firewall policy.
B. The next-hop IP address is unreachable.
C. It failed the RPF check.
D. It matched an explicitly configured firewall policy with the action DENY.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)
A. Configure split tunneling for content inspection.
B. Configure host restrictions by IP or MAC address.
C. Configure SSL offloading to a content processor (FortiASIC).
D. Configure two-factor authentication using security certificates.
E. Configure a client integrity check (host-check).
正解:B,D,E
質問 7:
An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)
A. Device detection on all interfaces is enforced for 30 minutes.
B. A session for denied traffic is created.
C. The number of logs generated by denied traffic is reduced.
D. Denied users are blocked for 30 minutes.
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
1101 お客様のコメント
クリック」








Ozaki -
NSE4_FGT-6.2試験参考書は有効的な資料です。10日間の準備の後、NSE4_FGT-6.2試験に合格しました。 私はとても感謝しています!