975 お客様のコメント
クリック」
質問 1:
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below.
Which of the following statements are correct regarding this setting? (Select all that apply.)
A. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.
B. When connecting to port7 you always connect to the master device.
C. Port7 appears in the routing table.
D. A gateway address may be configured for port7.
E. Interface settings on port7 will not be synchronized with other cluster members.
正解:D,E
質問 2:
Which spam filter is not available on a FortiGate device?
A. Spam grey listing
B. Email addresses included in the body of known SPAM messages.
C. Sender IP reputation database
D. Spam object checksums
E. URLs included in the body of known SPAM messages.
正解:A
質問 3:
In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?
A. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server
B. Request: Internal Host -> Slave FG -> Internet -> Web Server
C. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server
D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server
正解:C
質問 4:
A static route is configured for a FortiGate unit from the CLI using the following commands:
config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end
Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit's routing table?
A. You must disable DHCP client on that interface.
B. The Link Status of the wan1 interface is displayed as Up.
C. All other default routes should have an equal or higher distance.
D. The Administrative Status of the wan1 interface is displayed as Up.
正解:A
質問 5:
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?
A. File attachments
B. Message headers
C. TCP connection
D. Message body
正解:C
質問 6:
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
user1 # get system interface == [ internal ] namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE. physical mtu-overridE. disable == [ vlan1 ] namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
S 10.0.0.0/8 [10/0] is a summary, Null C 10.0.1.0/25 is directly connected, vlan1 C 10.0.1.128/25 is directly connected, internal
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130
:47922->10.0.1.1:443) from internal."
id=20085 trace_id=277 msg="allocate a new session-00000b21"
id=20085 trace_id=277 msg="iprope_in_check() check failed, drop"
Based on the output from these commands, which of the following is a possible cause of the problem?
A. The PC has an IP address in the wrong subnet.
B. The PC is using an incorrect default gateway IP address.
C. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.
D. The FortiGate unit has no route back to the PC.
正解:C
質問 7:
The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)
A. An FSAE Collector Agent must be installed on every domain controller.
B. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
C. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.
D. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.
E. An FSAE Domain Controller Agent must be installed on every domain controller.
正解:B,E
質問 8:
An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report.
Which of the following statements best describes how to do this?
A. When editing the chart, enter 'dns' in the Exclude Service field.
B. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.
C. When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.
D. Add the following entry to the Generic Field section of the Data Filter: service="!smtp".
正解:B
質問 9:
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
B. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.
正解:A,B,C
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below.
Which of the following statements are correct regarding this setting? (Select all that apply.)
A. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.
B. When connecting to port7 you always connect to the master device.
C. Port7 appears in the routing table.
D. A gateway address may be configured for port7.
E. Interface settings on port7 will not be synchronized with other cluster members.
正解:D,E
質問 2:
Which spam filter is not available on a FortiGate device?
A. Spam grey listing
B. Email addresses included in the body of known SPAM messages.
C. Sender IP reputation database
D. Spam object checksums
E. URLs included in the body of known SPAM messages.
正解:A
質問 3:
In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?
A. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server
B. Request: Internal Host -> Slave FG -> Internet -> Web Server
C. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server
D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server
正解:C
質問 4:
A static route is configured for a FortiGate unit from the CLI using the following commands:
config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end
Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit's routing table?
A. You must disable DHCP client on that interface.
B. The Link Status of the wan1 interface is displayed as Up.
C. All other default routes should have an equal or higher distance.
D. The Administrative Status of the wan1 interface is displayed as Up.
正解:A
質問 5:
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?
A. File attachments
B. Message headers
C. TCP connection
D. Message body
正解:C
質問 6:
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
user1 # get system interface == [ internal ] namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE. physical mtu-overridE. disable == [ vlan1 ] namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
S 10.0.0.0/8 [10/0] is a summary, Null C 10.0.1.0/25 is directly connected, vlan1 C 10.0.1.128/25 is directly connected, internal
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130
:47922->10.0.1.1:443) from internal."
id=20085 trace_id=277 msg="allocate a new session-00000b21"
id=20085 trace_id=277 msg="iprope_in_check() check failed, drop"
Based on the output from these commands, which of the following is a possible cause of the problem?
A. The PC has an IP address in the wrong subnet.
B. The PC is using an incorrect default gateway IP address.
C. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.
D. The FortiGate unit has no route back to the PC.
正解:C
質問 7:
The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)
A. An FSAE Collector Agent must be installed on every domain controller.
B. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
C. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.
D. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.
E. An FSAE Domain Controller Agent must be installed on every domain controller.
正解:B,E
質問 8:
An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report.
Which of the following statements best describes how to do this?
A. When editing the chart, enter 'dns' in the Exclude Service field.
B. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.
C. When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.
D. Add the following entry to the Generic Field section of the Data Filter: service="!smtp".
正解:B
質問 9:
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
B. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.
正解:A,B,C
松井** -
Pass4Testのこの問題集はFCNSP試験合格を最短で目指す人に最適な1冊だと思います。この本を読んで、大体理解できたと思います!