Refer to the exhibit.
The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
A. If there is a full-through policy in place, users will not be prompted for authentication.
B. Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.
C. Authentication is enforced at a policy level; all users will be prompted for authentication.
D. Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.
正解:C
質問 2:
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
A. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
B. NGFW policy-based mode policies support only flow inspection
C. NGFW policy-based mode does not require the use of central source NAT policy
D. NGFW policy-based mode can only be applied globally and not on individual VDOMs
正解:A,B
質問 3:
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
A. To detect intermediary NAT devices in the tunnel path.
B. To encapsulation ESP packets in UDP packets using port 4500.
C. To force a new DH exchange with each phase 2 rekey.
D. To dynamically change phase 1 negotiation mode aggressive mode.
正解:A,B
質問 4:
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
A. The primary device in the cluster is always assigned IP address 169.254.0.1.
B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
C. Virtual IP addresses are used to distinguish between cluster members.
D. Heartbeat interfaces have virtual IP addresses that are manually assigned.
正解:A,B
質問 5:
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
A. It limits the scope of application control to scan application traffic using parent signatures only
B. It limits the scope of application control to scan application traffic based on application category only.
C. It limits the scope of application control to the browser-based technology category only.
D. It limits the scope of application control to scan application traffic on DNS protocol only.
正解:B
質問 6:
Refer to the exhibits.
Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)
A. Administrators cannot change the configuration.
B. Administrators can access FortiGate only through the console port.
C. FortiGate has entered conserve mode.
D. FortiGate will start sending all files to FortiSandbox for inspection.
正解:A,C
質問 7:
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
A. Phase 2 SA expiration can be time-based, volume-based, or both.
B. Phase 2 SAs are used for encrypting and decrypting the data exchanged through the tunnel.
C. Both the phase 1 SA and phase 2 SA are bidirectional.
D. A phase 1 SA is bidirectional, while a phase 2 SA is directional.
E. An SA never expires.
正解:A,B,D
小仓** -
手に取りました。NSE4_FGT-6.4に関心のある方はおすすめの本です。
これ一つでで勉強することにしました。