An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The operation mode is transparent.
B. The interface is a member of a virtual wire pair.
C. The interface has been configured for one-arm sniffer.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
正解:A,B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Refer to the exhibit.
The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?
A. Enable two-factor authentication
B. Enable restrict access to trusted hosts
C. Change Administrator profile
D. Change password
正解:C
質問 3:
Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)
A. Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
B. No certificate is required on the remote peer when you set the certificate signature as the authentication method
C. Pre-shared key and certificate signature as authentication methods
D. Extended authentication (XAuth) to request the remote peer to provide a username and password
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.
Which FortiGate configuration can achieve this goal?
A. SSL VPN quick connection
B. SSL VPN bookmark
C. SSL VPN tunnel
D. Zero trust network access
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Which statement describes a characteristic of automation stitches?
A. They can have one or more triggers.
B. They can be created on any device in the fabric.
C. They can be run only on devices in the Security Fabric.
D. They can run multiple actions simultaneously.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).
Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
A. The volume of traffic being inspected is too high for this model of FortiGate.
B. The firewall policy performs the full content inspection on the file.
C. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
D. The flow-based inspection is used, which resets the last packet to the user.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Refer to the exhibits.
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.
In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)
A. Enable match vip in the Deny policy.
B. Disable match-vip in the Deny policy.
C. Set the Destination address as Web_server in the Deny policy.
D. Set the Destination address as Deny_IP in the Allow-access policy.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Refer to the exhibit, which contains a static route configuration.
An administrator created a static route for Amazon Web Services.
Which CLI command must the administrator use to view the route?
A. get router info routing-table all
B. get internet-service route list
C. get router info routing-table database
D. diagnose firewall proute list
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
相泽** -
NSE4_FGT-7.2合格率はやや高めの試験ですが、安心します。比較的高度な知識、最新事例など深く広く問われますねぇ