Which of the following statements about central NAT are true? (Choose two.)
A. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
B. Source NAT, using central NAT, requires at least one central SNAT policy.
C. Central NAT can be enabled or disabled from the CLI only.
D. IP tool references must be removed from existing firewall policies before enabling central NAT .
正解:C,D
質問 2:
51 Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
A. The security actions applied on the web applications will also be explicitly applied on the third-party websites.
B. The application signature database inspects traffic only from the original web application server.
C. FortiGate can inspect sub-application traffic regardless where it was originated.
D. FortiGuard maintains only one signature of each web application that is unique.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. On HQ-FortiGate, enable Diffie-Hellman Group 2.
B. On HQ-FortiGate, enable Auto-negotiate.
C. On Remote-FortiGate, set Seconds to 43200.
D. On HQ-FortiGate, set Encryption to AES256.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 16. 1.0/24 and the remote quick mode selector is 192. 16.2.0/24. How must the administrator configure the local quick mode selector for site B?
A. 192. 168.0.0/8
B. 192. 168.3.0/24
C. 192. 168.2.0/24
D. 192. 168. 1.0/24
正解:C
質問 5:
Refer to the exhibit.
An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.

What is the impact of using the Include in every user group option in a RADIUS configuration?
A. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.
B. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.
C. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.
D. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.
正解:D
質問 6:
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
A. Enable Dead Peer Detection.
B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
C. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
D. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
A. The client FortiGate requires a manually added route to remote subnets.
B. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.
D. The server FortiGate requires a CA certificate to verify the client FortiGate certificate.
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Refer to the exhibits.


Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)
A. Administrators cannot change the configuration.
B. Administrators can access FortiGate only through the console port.
C. FortiGate has entered conserve mode.
D. FortiGate will start sending all files to FortiSandbox for inspection.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
1036 お客様のコメント
クリック」





音羽** -
NSE4_FGT-7.2問題集を所有する価値があります! 試験対策に万全な問題だと思う。