You want to know which content processor (CP) model FortiGate contains.
Which command should you enter?
A. diagnose hardware lspci | grep 4e36
B. get hardware cp
C. diagnose hardware deviceinfo
D. get hardware status
正解:D
質問 2:
Why does the ISDB block layers 3 and 4 of the OSI model when applying content filtering?
(Choose two.)
A. FortiGate has a predefined list of all IPs and ports for specific applications downloaded from FortiGuard.
B. The ISDB works in proxy mode, allowing the analysis of packets in layers 3 and 4 of the OSI model.
C. The ISDB limits access by URL and domain.
D. The ISDB blocks the IP addresses and ports of an application predefined by FortiGuard.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
During the maintenance window, an administrator must sniff all the traffic going through a specific firewall policy, which is handled by NP6 interfaces. The output of the sniffer trace provides just a few packets.
Why is the output of sniffer trace limited?
A. The option npudbg is not added in the diagnose sniff packet command.
B. The traffic corresponding to the firewall policy is encrypted.
C. inspection-mode is set to proxy in the firewall policy.
D. auto-asic-off load is set to enable in the firewall policy,
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Refer to the exhibits.



The configuration of a user's Windows PC, which has a default MTU of 1500 bytes, along with FortiGate interfaces set to an MTU of 1000 bytes, and the results of PC1 pinging server
172.16.0.254 are shown.
Why is the user in Windows PC1 unable to ping server 172.16.0.254 and is seeing the message:
Packet needs to be fragmented but DF set?
A. The user must trigger different traffic because path MTU discovery techniques do not recognize ICMP payloads.
B. Fragmented packets must be encrypted. To connect any application successfully, the user must install the Fortinet_CA certificate in the Microsoft Management Console.
C. FortiGate honors the do not fragment bit and the packets are dropped. The user has to adjust the ping MTU to 972 to succeed.
D. Option ip.flags.mf must be set to enable on FortiGate. The user has to adjust the ping MTU to
1000 to succeed.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
An administrator must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic. Which SSL inspection setting helps reduce system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?
A. Use full SSL inspection to thoroughly inspect encrypted payloads.
B. Disable SSL inspection entirely to conserve resources.
C. Configure SSL inspection to handle HTTPS traffic efficiently.
D. Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
An administrator must optimize the performance of real-time voice and video applications across a WAN link with high packet loss.
Which combination of IPSec phase 1 parameters must the administrator configure to reduce errors and boost application reliability?
A. keepalive and keylive
B. fec-ingress and fsc-egrsss
C. fragmentation and fragmentation-mtu
D. dpd and dpd-retryinterval
正解:B
質問 7:
An administrator configured the following command on FortiGate.
config router ospf
set restart-mode graceful-restart
Which two statements correctly describe the result of the above command? (Choose two.)
A. After the default 40 seconds wait time, the OSPF neighbors will resume communication with the restarting router.
B. FortiGate is configured with graceful restart, and will exit graceful mode, if the network topology changes.
C. In an HA cluster, FortiGate devices will keep the OSPF routes in their routing table to avoid traffic interruption during an HA failover.
D. The OSPF neighbor that receives the grace link-state advertisement (LSA) will enter into helper mode.
正解:C,D
1161 お客様のコメント
クリック」





り*こ -
焦っている人におすすめ FCSS_EFW_AD-7.4試験直前の決定版だね!個人的には、非常に読みやすく、ストレスなく勉強を続けられました