What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)
A. Increase the FortiGuard cache time to live.
B. Increase the TCP session timers.
C. Reduce the maximum file size to inspect.
D. Reduce the session time to live.
正解:C,D
質問 2:
Examine the output of the 'get router info ospf neighbor' command shown in the exhibit; then answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
A. The interface ToRemote is OSPF network type point-to-point.
B. The local FortiGate is the backup designated router for the wan1 network.
C. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.
D. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1 network.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
View the exhibit, which contains a partial routing table, and then answer the question below.
Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)
A. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.
B. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.
C. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.
D. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.
正解:A,B
質問 4:
View the exhibit, which contains the output of get sys ha status, and then answer the question below.
Which statements are correct regarding the output? (Choose two.)
A. port 7 is used the HA heartbeat on all devices in the cluster.
B. The slave configuration is not synchronized with the master.
C. The HA management IP is 169.254.0.2.
D. Master is selected because it is the only device in the cluster.
正解:A,B
質問 5:
Examine the output from the 'diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.
Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
A. diagnose sniffer packet any 'port 4500'
B. diagnose sniffer packet any 'port 500'
C. diagnose sniffer packet any 'host 10.0.10.10'
D. diagnose sniffer packet any 'esp'
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
A. Policy monitor.
B. Logs.
C. Firewall monitor.
D. Crashlogs.
正解:B,D
質問 7:
A FortiGate device has the following LDAP configuration:
The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:
Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)
A. username.
B. dn.
C. password.
D. cnid.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
What does the dirty flag mean in a FortiGate session?
A. The next packet must be re-evaluated against the firewall policies.
B. Traffic has been identified as from an application that is not allowed.
C. Traffic has been blocked by the antivirus inspection.
D. The session must be removed from the former primary unit after an HA failover.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)