クリック」
質問 1:
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
A. It must be learned automatically through a dynamic routing protocol.
B. It must be provided in the SD-WAN member interface configuration.
C. It must be configured in a policy-route using the sdwan virtual interface.
D. It must be configured in a static route using the sdwan virtual interface.
正解:D
質問 2:
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The operation mode is transparent.
B. The interface is a member of a virtual wire pair.
C. The interface has been configured for one-arm sniffer.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
正解:A,B,C
質問 3:
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)
A. FQDN address
B. User or user group
C. Firewall service
D. IP Pool
正解:B,D
質問 4:
Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:
An administrator has added the following static route on FGTI.
Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?
A. The Gateway IP address is not in the same subnet as port1.
B. The new route's Distance value should be higher than 10.
C. The new route's destination subnet overlaps an existing route.
D. The Priority is 0, which means that this route will remain inactive.
正解:A
質問 5:
If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?
A. It archives the data for that IP address.
B. It notifies the administrator by sending an email.
C. It provides a DLP block replacement page with a link to download the file.
D. It blocks all future traffic for that IP address for a configured interval.
正解:D
質問 6:
Which of the following statements about the FSSO collector agent timers is true?
A. The dead entry timeout interval is used to age out entries with an unverified status.
B. The workstation verify interval is used to periodically check of a workstation is still a domain member.
C. The IP address change verify interval monitors the server IP address where the collector agent is installed, and the updates the collector agent configuration if it changes.
D. The user group cache expiry is used to age out the monitored groups.
正解:A
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
A. It must be learned automatically through a dynamic routing protocol.
B. It must be provided in the SD-WAN member interface configuration.
C. It must be configured in a policy-route using the sdwan virtual interface.
D. It must be configured in a static route using the sdwan virtual interface.
正解:D
質問 2:
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The operation mode is transparent.
B. The interface is a member of a virtual wire pair.
C. The interface has been configured for one-arm sniffer.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
正解:A,B,C
質問 3:
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)
A. FQDN address
B. User or user group
C. Firewall service
D. IP Pool
正解:B,D
質問 4:
Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:
An administrator has added the following static route on FGTI.
Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?
A. The Gateway IP address is not in the same subnet as port1.
B. The new route's Distance value should be higher than 10.
C. The new route's destination subnet overlaps an existing route.
D. The Priority is 0, which means that this route will remain inactive.
正解:A
質問 5:
If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?
A. It archives the data for that IP address.
B. It notifies the administrator by sending an email.
C. It provides a DLP block replacement page with a link to download the file.
D. It blocks all future traffic for that IP address for a configured interval.
正解:D
質問 6:
Which of the following statements about the FSSO collector agent timers is true?
A. The dead entry timeout interval is used to age out entries with an unverified status.
B. The workstation verify interval is used to periodically check of a workstation is still a domain member.
C. The IP address change verify interval monitors the server IP address where the collector agent is installed, and the updates the collector agent configuration if it changes.
D. The user group cache expiry is used to age out the monitored groups.
正解:A
0 お客様のコメント