In an IPSec gateway-to-gateway configuration, two FortiGate units create a VPN tunnel between two separate private networks.
Which of the following configuration steps must be performed on both FortiGate units to support this configuration? (Select all that apply.)
A. Set the operating mode of the FortiGate unit to IPSec VPN mode.
B. Define the Phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with the remote peer.
C. Configure the appropriate user groups on the Fortigate units to allow users access to the IPSec VPN connection.
D. Create firewall policies to control traffic between the IP source and destination address.
E. Define the Phase 1 parameters that the FortiGate unit needs to authenticate the remote peers.
正解:B,D,E
質問 2:
A FortiGate 60 unit is configured for your small office. The DMZ interface is connected to a network containing a web server and email server. The Internal interface is connected to a network containing 10 user workstations and the WAN1 interface is connected to your ISP.
You want to configure firewall policies so that your users can send and receive email messages to the email server on the DMZ network. You also want the email server to be able to retrieve email messages from an email server hosted by your ISP using the POP3 protocol.
Which policies must be created for this communication? (Select all that apply.)
A. WAN1 > DMZ
B. DMZ > WAN1
C. Internal > WAN1
D. DMZ > Internal
E. Internal > DMZ
F. WAN1 > Internal
正解:B,E
質問 3:
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function.
An administrator must assign a set of UTM features to a group of users.
Which of the following is the correct method for doing this?
A. The administrator must enable the UTM features in an identify-based policy applicable to the user group.
B. The administrator must apply the UTM features directly to a user object.
C. Enable a set of unique UTM features under "Edit User Group".
D. When defining the UTM objects, the administrator must list the user groups which will use the UTM object.
正解:A
質問 4:
DLP archiving gives the ability to store session transaction data on a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)
A. SMTP
B. POP3
C. IPSec
D. SNMP
E. HTTP
正解:A,B,E
質問 5:
If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range?
A. 172.168.0.1 - 172.168.0.10
B. 210.192.168.3 - 210.192.168.10
C. 210.192.168.1 - 210.192.168.4
D. All of the above.
正解:B
Katou -
問題集にある問題がたくさん出てきました。Pass4Testの問題集は信頼できます。試験に合格しました。ありがとうございます。