How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. FortiManager does not support rating requests.
B. FortiManager can download and maintain local copies of FortiGuard databases.
C. FortiManager supports only FortiGuard push to managed devices.
D. FortiManager will respond to update requests only if they originate from a managed device.
正解:B
質問 2:
Refer to the exhibit, which contains the output of get system ha status.
Which two statements about the output are true? (Choose two.)
A. port7 is used as the HA heartbeat on all devices in the cluster.
B. Primary is selected based on the priority configured under config system ha.
C. The HA management IP is 169.254.0.2.
D. The slave configuration is synchronized with the master.
正解:A,B
質問 3:
The CLI command set intelligent-mode <enable | disable> controls the IPS engine's adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?
A. Determines the optimal number of IPS engines required based on system load.
B. Determines when it is secure enough to stop scanning session traffic.
C. Downloads signatures on demand from FDS based on scanning requirements.
D. Choose a matching algorithm based on available memory and the type of inspection being performed.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which statement is true regarding File description (FD) conserve mode?
A. IPS inspection is affected when FortiGate enters FD conserve mode.
B. A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
C. FD conserve mode affects all daemons running on the device.
D. Restarting the WAD process is required to leave FD conserve mode.
正解:B
質問 5:
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.1.254 dev=2(port1)
tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.2.254 dev=3(port2)
tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254
gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2
Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?
A. port2.
B. port!
C. Both portl and port2.
D. port3.
正解:A
質問 6:
Which two statements about an auxiliary session are true? (Choose two.)
A. With the auxiliary session setting enabled, two sessions will be created in case of routing change.
B. With the auxiliary session disabled, only auxiliary sessions will be offloaded.
C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.
D. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
正解:B,C
質問 7:
Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; than answer the question below.
Which statement is true regarding the session in the exhibit?
A. It was created by a session helper or ALG.
B. It was created by the FortiGate kernel to allow push updates from FotiGuard.
C. It is for management traffic terminating at the FortiGate.
D. It is for traffic originated from the FortiGate.
正解:A
Shiroyama -
内容もしっかりしているし、かなりコスパが高いです。NSE7_EFW-6.4知識としてこれだけの情報を持っていれば、仕事にも必ず役に立つ。