Which of the following statements about the FSSO collector agent timers is true?
A. The dead entry timeout interval is used to age out entries with an unverified status.
B. The workstation verify interval is used to periodically check of a workstation is still a domain member.
C. The IP address change verify interval monitors the server IP address where the collector agent is installed, and the updates the collector agent configuration if it changes.
D. The user group cache expiry is used to age out the monitored groups.
正解:A
質問 2:
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
A. The web-server certificate must be installed on the browser.
B. The CA certificate that signed the web-server certificate must be installed on the browser.
C. The public key of the web server certificate must be installed on the browser.
D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
正解:B
質問 3:
Examine the FortiGate configuration:

What will happen to unauthenticated users when an active authentication policy is followed by a fall through policy without authentication?
A. The user must log in again to authenticate.
B. The user will not be prompted for authentication.
C. User authentication happens at an interface level.
D. The user will be denied access to resources without authentication.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which statements about DNS filter profiles are true? (Choose two.)
A. They can redirect blocked requests to a specific portal.
B. They must be applied in firewall policies with SSL inspection enabled.
C. They can block DNS requests to known botnet command and control servers.
D. They can inspect HTTP traffic.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)
A. Enable Log Allowed Traffic on the Full Access firewall policy.
B. Enable Event Logging.
C. Enable a web filter security profile on the Full Access firewall policy.
D. Enable disk logging.
正解:A,C
質問 6:
Which statements about HA for FortiGate devices are true? (Choose two.)
A. Sessions handled by proxy-based security profiles cannot be synchronized.
B. Heartbeat interfaces are not required on the primary device.
C. HA management interface settings are synchronized between cluster members.
D. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.
正解:A,D
松丸** -
本当に使えて、本番試験にも無事合格した。内容は非常に明確です。 メモを取りたい場合は、印刷することもできます。