An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
A. Add user accounts to Active Directory (AD).
B. Add user accounts to the Ignore User List.
C. Add the support of NTLM authentication.
D. Add user accounts to the FortiGate group fitter.
正解:B
質問 2:
Refer to the exhibit.
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
A. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
B. port1 is a native VLAN.
C. port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
D. Traffic between port2 and port2-vlan1 is allowed by default.
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.
Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)
A. FortiGate allocates port blocks on a first-come, first-served basis.
B. FortiGate generates a system event log for every port block allocation made per user.
C. FortiGate allocates 128 port blocks per user.
D. FortiGate allocates port blocks per user, based on the configured range of internal IP addresses.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?
A. Sequence ID
B. Log ID
C. Universally Unique Identifier
D. Policy ID
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?
A. IP address
B. FQDN address
C. No other object can be added
D. User or User Group
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?
A. Enabled
B. On Idle
C. On Demand
D. Disabled
正解:B
質問 7:
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, which configuration change will bring phase 2 up?
A. On HQ-FortiGate, enable Diffie-Hellman Group 2.
B. On HQ-FortiGate, enable Auto-negotiate.
C. On Remote-FortiGate, set Seconds to 43200.
D. On HQ-FortiGate, set Encryption to AES256.
正解:D
質問 8:
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
A. FortiGate uses the AD server as the collector agent.
B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
C. FortiGate directs the collector agent to use a remote LDAP server.
D. FortiGate does not support workstation check .
正解:B,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Refer to the exhibit showing a debug flow output.
What two conclusions can you make from the debug flow output? (Choose two.)
A. The default route is required to receive a reply.
B. A firewall policy allowed the connection.
C. Anew traffic session was created.
D. The debug flow is for ICMP traffic.
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
长谷** -
C_HRHFC_2311の知識としてもこの本を真面目に勉強すれば合格点を取れると思います。