631 お客様のコメント
クリック」
質問 1:
Refer to the exhibit, which shows device registration on FortiManager.
What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?
A. Based on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.
B. Spoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.
C. On both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.
D. On NGFW-1, the configuration was changed and spokes are wailing for an autoupdate.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
What does the command set forward-domain <domain_ID> in a transparent VDOM interface do?
A. It isolates traffic within a specific VLAN by assigning a broadcast domain to an interface based on the VLAN ID.
B. It assigns a unique domain ID to the interface, allowing it to operate across multiple VLANs within the same VDOM.
C. It configures the interface to prioritize traffic based on the domain ID, enhancing quality of service for specified VLANs.
D. It restricts the interface to managing traffic only from the specified VLAN, effectively segregating network traffic.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibit, which shows the FortiGuard Distribution Network of a FortiGate device.
FortiGuard Distribution Network on FortiGate
An administrator is trying to find the web filter database signature on FortiGate to resolve issues with websites not being filtered correctly in a flow-mode web filter profile. Why is the web filter database version not visible on the GUI, such as with IPS definitions?
A. The web filter database is stored locally, but the administrator must run over CLI diagnose autoupdate versions.
B. The web filter database is stored locally on FortiGate, but it is hidden behind the GUI. It requires enabling debug mode to make it visible.
C. The web filter database is not hosted on FortiGate: FortiGate queries FortiGuard or FortiManager for web filter ratings on demand.
D. The web filter database is only accessible after manual syncing with a valid FDS server using diagnose test update info.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which statement about network processor (NP) offloading is true?
A. When NP acceleration is enabled, firewall sessions may not offload if proxy-based security profiles are included in the firewall policy.
B. For UDP traffic, the FortiGate CPU offloads the first packet to identify it as fast-path traffic.
C. The FortiGate CPU offloads all firewall sessions that require FortiOS session helper to the network processing unit (NPU).
D. You can disable the NP for each firewall policy using the command np-acceleration set to loose.
正解:A
質問 5:
Which two statements about IKEv2 are true if an administrator decides to implement IKEv2 in the VPN topology? (Choose two.)
A. It supports the extensible authentication protocol (EAP).
B. It includes stronger Diffie-Hellman (DH) groups, such as Elliptic Curve (ECP) groups.
C. It supports interoperability with devices using IKEv1.
D. It exchanges a minimum of two messages to establish a secure tunnel.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Refer to the exhibit. The routing tables of FortiGate_A and FortiGate_B are shown. FortiGate_A and FortiGate_B are in the same autonomous system.
The administrator wants to dynamically add only route 172.16.1.248/30 on FortiGate_A.
What must the administrator configure?
A. A BGP route map out for 172.16.1.248/30 on FortiGate_B
B. The prefix 172.16.1.248/30 in the BGP Networks section on FortiGate_B
C. Enable Redistribute Connected in the BGP section on FortiGate_B.
D. A BGP route map in for 172.16.1.248/30 on FortiGate_A
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Refer to the exhibit, which contains a partial VPN configuration.
What can you conclude from this VPN IPsec phase 1 configuration?
A. FortiGate will not add a route to its routing or forwarding information base when the dynamic tunnel is negotiated.
B. Peer IDs are unencrypted and exposed, creating a security risk.
C. This configuration is the best for networks with regular traffic intervals, providing a balance between connectivity assurance and resource utilization.
D. A separate interface is created for each dial-up tunnel, which can be slower and more resource intensive, especially in large networks.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
Refer to the exhibit, which shows device registration on FortiManager.
What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?
A. Based on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.
B. Spoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.
C. On both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.
D. On NGFW-1, the configuration was changed and spokes are wailing for an autoupdate.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
What does the command set forward-domain <domain_ID> in a transparent VDOM interface do?
A. It isolates traffic within a specific VLAN by assigning a broadcast domain to an interface based on the VLAN ID.
B. It assigns a unique domain ID to the interface, allowing it to operate across multiple VLANs within the same VDOM.
C. It configures the interface to prioritize traffic based on the domain ID, enhancing quality of service for specified VLANs.
D. It restricts the interface to managing traffic only from the specified VLAN, effectively segregating network traffic.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibit, which shows the FortiGuard Distribution Network of a FortiGate device.
FortiGuard Distribution Network on FortiGate
An administrator is trying to find the web filter database signature on FortiGate to resolve issues with websites not being filtered correctly in a flow-mode web filter profile. Why is the web filter database version not visible on the GUI, such as with IPS definitions?
A. The web filter database is stored locally, but the administrator must run over CLI diagnose autoupdate versions.
B. The web filter database is stored locally on FortiGate, but it is hidden behind the GUI. It requires enabling debug mode to make it visible.
C. The web filter database is not hosted on FortiGate: FortiGate queries FortiGuard or FortiManager for web filter ratings on demand.
D. The web filter database is only accessible after manual syncing with a valid FDS server using diagnose test update info.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which statement about network processor (NP) offloading is true?
A. When NP acceleration is enabled, firewall sessions may not offload if proxy-based security profiles are included in the firewall policy.
B. For UDP traffic, the FortiGate CPU offloads the first packet to identify it as fast-path traffic.
C. The FortiGate CPU offloads all firewall sessions that require FortiOS session helper to the network processing unit (NPU).
D. You can disable the NP for each firewall policy using the command np-acceleration set to loose.
正解:A
質問 5:
Which two statements about IKEv2 are true if an administrator decides to implement IKEv2 in the VPN topology? (Choose two.)
A. It supports the extensible authentication protocol (EAP).
B. It includes stronger Diffie-Hellman (DH) groups, such as Elliptic Curve (ECP) groups.
C. It supports interoperability with devices using IKEv1.
D. It exchanges a minimum of two messages to establish a secure tunnel.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Refer to the exhibit. The routing tables of FortiGate_A and FortiGate_B are shown. FortiGate_A and FortiGate_B are in the same autonomous system.
The administrator wants to dynamically add only route 172.16.1.248/30 on FortiGate_A.
What must the administrator configure?
A. A BGP route map out for 172.16.1.248/30 on FortiGate_B
B. The prefix 172.16.1.248/30 in the BGP Networks section on FortiGate_B
C. Enable Redistribute Connected in the BGP section on FortiGate_B.
D. A BGP route map in for 172.16.1.248/30 on FortiGate_A
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Refer to the exhibit, which contains a partial VPN configuration.
What can you conclude from this VPN IPsec phase 1 configuration?
A. FortiGate will not add a route to its routing or forwarding information base when the dynamic tunnel is negotiated.
B. Peer IDs are unencrypted and exposed, creating a security risk.
C. This configuration is the best for networks with regular traffic intervals, providing a balance between connectivity assurance and resource utilization.
D. A separate interface is created for each dial-up tunnel, which can be slower and more resource intensive, especially in large networks.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
中村** -
見やすく、FCSS_EFW_AD-7.4勉強しやすい本だと思いました。過去問解説もくわしくて、とても勉強しやすい本でした。