Refer to the exhibit.
The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
A. If there is a full-through policy in place, users will not be prompted for authentication.
B. Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.
C. Authentication is enforced at a policy level; all users will be prompted for authentication.
D. Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.
正解:C
質問 2:
Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.
B. AH provides strong data integrity but weak encryption.
C. AH provides data integrity bur no encryption.
D. AH does not support perfect forward secrecy.
正解:C
質問 3:
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
A. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.
B. Strict RPF checks the best route back to the source using the incoming interface.
C. The strict RPF check is run on the first sent and reply packet of any new session.
D. Strict RPF allows packets back to sources with all active routes.
正解:B
質問 4:
Which two statements are correct about SLA targets? (Choose two.)
A. SLA targets are required for SD-WAN rules with a Best Quality strategy.
B. SLA targets are used only when referenced by an SD-WAN rule.
C. SLA targets are optional.
D. You can configure only two SLA targets per one Performance SLA.
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
A. FortiGate automatically negotiates a new security association after the existing security association expires.
B. FortiGate automatically negotiates different local and remote addresses with the remote peer.
C. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
D. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
A. Lookup is done on every packet, regardless of direction
B. Lookup is done on the trust reply packet from the responder
C. Lookup is done on the last packet sent from the responder
D. Lookup is done on the first packet from the session originator
正解:B,D
質問 7:
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
A. FortiGuard web filter cache
B. FortiGate hostname
C. NTP
D. DNS
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Refer to the exhibit.
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
A. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
B. port1 is a native VLAN.
C. port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
D. Traffic between port2 and port2-vlan1 is allowed by default.
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
进藤** -
初心者に優しい問題集になっており、無事、試験に合格することができました。本当に助かりました。誠に有難うございます