Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
A. The subject alternative name (SAN) field in the server certificate.
B. The subject field in the server certificate.
C. The host field in the HTTP header.
D. The serial number in the server certificate.
E. The server name indication (SNI) extension in the client hello message.
正解:A,B,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors.
What is the reason for the certificate warning errors?
A. The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
B. With full SSL inspection it is not possible to avoid certificate warning errors at the browser level.
C. The SSL cipher compliance option is not enabled on the SSL inspection profile. This setting is required when the SSL inspection profile is defined with a private CA certificate.
D. The browser does not recognize the certificate in use as signed by a trusted CA.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which two statements are true regarding FortiGate HA configuration synchronization? (Choose two.)
A. Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster
B. Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
C. Checksums of devices are compared against each other to ensure configurations are the same.
D. Checksums of devices will be different from each other because some configuration items are not synced to other HA members.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which method allows management access to the FortiGate CLI without network connectivity?
A. CLI console widget
B. SSH console
C. Telnet console
D. Serial console
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Refer to the exhibit, which shows the IPS sensor configuration.

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
A. The sensor will reset all connections that match these signatures.
B. The sensor will allow attackers matching the Microsoft.Windows.iSCSl.Target.DoS signature.
C. The sensor will gather a packet log for all matched traffic.
D. The sensor will block all attacks aimed at Windows servers.
正解:B,D
質問 6:
Which statement is a characteristic of automation stitches?
A. They can have one or more triggers.
B. They can run multiple actions at the same time.
C. They can be created only on downstream devices in the fabric.
D. They can be run only on devices in the Security Fabric.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Refer to the exhibit.

Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.
What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?
A. The signature setting uses a custom rating threshold.
B. Traffic matching the signature will be allowed and logged.
C. The signature setting includes a group of other signatures.
D. Traffic matching the signature will be silently dropped and logged.
正解:D
776 お客様のコメント
クリック」





Misaki -
FCP_FGT_AD-7.4試験の概要もちゃんとあり、基礎的な内容から書かれています。
試験問題と解説があるので、実際どのような問題が出るのかも分かりやすい。