クリック」
質問 1:
A FortiGate device has the following LDAP configuration:
The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:
Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)
A. username.
B. dn.
C. password.
D. cnid.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. FortiManager does not support rating requests.
B. FortiManager can download and maintain local copies of FortiGuard databases.
C. FortiManager supports only FortiGuard push to managed devices.
D. FortiManager will respond to update requests only if they originate from a managed device.
正解:B
質問 3:
View the exhibit, which contains an entry in the session table, and then answer the question below.
Which one of the following statements is true regarding FortiGate's inspection of this session?
A. FortiGate applied flow-based inspection.
B. FortiGate forwarded this session without any inspection.
C. FortiGate applied proxy-based inspection.
D. FortiGate applied explicit proxy-based inspection.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Examine the following routing table and BGP configuration; then answer the question below.
TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?
A. Enable the redistribution of connected routers into BGP.
B. Disable the setting network-import-check.
C. Enable the setting ebgp-multipath.
D. Enable the redistribution of static routers into BGP.
正解:B
質問 5:
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7....
ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430 ike 0: in BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C0000000100000001000000 ike 0:RemoteSite:4: initiator: aggressive mode get 1st response...
ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F
ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7
ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727)
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:RemoteSite:4: received peer identifier FQDN 'remore' ike 0:RemoteSite:4: negotiation result ike 0:RemoteSite:4: proposal id = 1:
ike 0:RemoteSite:4: protocol id = ISAKMP:
ike 0:RemoteSite:4: trans_id = KEY_IKE.
ike 0:RemoteSite:4: encapsulation = IKE/none
ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key -len=128
ike 0:RemoteSite:4: type=OAKLEY_HASH_ALG, val=SHA.
ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY.
ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024.
ike 0:RemoteSite:4: ISAKMP SA lifetime=86400
ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16:
B25B6C9384D8BDB24E3DA3DC90CF5E73
ike 0:RemoteSite:4: PSK authentication succeeded
ike 0:RemoteSite:4: authentication OK
ike 0:RemoteSite:4: add INITIAL-CONTACT
ike 0:RemoteSite:4: enc
BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12 ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140, id=baf47d0988e9237f/2 ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fda Which statements about this debug output are correct? (Choose two.)
A. The initiator has provided remote as its IPsec peer ID.
B. The negotiation is using AES128 encryption with CBC hash.
C. The remote gateway IP address is 10.0.0.1.
D. It shows a phase 1 negotiation.
正解:A,D
質問 6:
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)
A. A secondary unit is removed from the HA cluster.
B. One of the monitored interfaces in the primary unit is disconnected.
C. Primary unit stops sending HA heartbeat keepalives.
D. The FortiGuard license for the primary unit is updated.
正解:B,C
質問 7:
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)
A. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
C. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
D. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.
Why didn't the tunnel come up?
A. IKE mode configuration is not enabled in the remote IPsec gateway.
B. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.
C. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
正解:B
A FortiGate device has the following LDAP configuration:
The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:
Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)
A. username.
B. dn.
C. password.
D. cnid.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. FortiManager does not support rating requests.
B. FortiManager can download and maintain local copies of FortiGuard databases.
C. FortiManager supports only FortiGuard push to managed devices.
D. FortiManager will respond to update requests only if they originate from a managed device.
正解:B
質問 3:
View the exhibit, which contains an entry in the session table, and then answer the question below.
Which one of the following statements is true regarding FortiGate's inspection of this session?
A. FortiGate applied flow-based inspection.
B. FortiGate forwarded this session without any inspection.
C. FortiGate applied proxy-based inspection.
D. FortiGate applied explicit proxy-based inspection.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Examine the following routing table and BGP configuration; then answer the question below.
TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?
A. Enable the redistribution of connected routers into BGP.
B. Disable the setting network-import-check.
C. Enable the setting ebgp-multipath.
D. Enable the redistribution of static routers into BGP.
正解:B
質問 5:
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7....
ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430 ike 0: in BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C0000000100000001000000 ike 0:RemoteSite:4: initiator: aggressive mode get 1st response...
ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F
ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7
ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727)
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:RemoteSite:4: received peer identifier FQDN 'remore' ike 0:RemoteSite:4: negotiation result ike 0:RemoteSite:4: proposal id = 1:
ike 0:RemoteSite:4: protocol id = ISAKMP:
ike 0:RemoteSite:4: trans_id = KEY_IKE.
ike 0:RemoteSite:4: encapsulation = IKE/none
ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key -len=128
ike 0:RemoteSite:4: type=OAKLEY_HASH_ALG, val=SHA.
ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY.
ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024.
ike 0:RemoteSite:4: ISAKMP SA lifetime=86400
ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16:
B25B6C9384D8BDB24E3DA3DC90CF5E73
ike 0:RemoteSite:4: PSK authentication succeeded
ike 0:RemoteSite:4: authentication OK
ike 0:RemoteSite:4: add INITIAL-CONTACT
ike 0:RemoteSite:4: enc
BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12 ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140, id=baf47d0988e9237f/2 ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fda Which statements about this debug output are correct? (Choose two.)
A. The initiator has provided remote as its IPsec peer ID.
B. The negotiation is using AES128 encryption with CBC hash.
C. The remote gateway IP address is 10.0.0.1.
D. It shows a phase 1 negotiation.
正解:A,D
質問 6:
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)
A. A secondary unit is removed from the HA cluster.
B. One of the monitored interfaces in the primary unit is disconnected.
C. Primary unit stops sending HA heartbeat keepalives.
D. The FortiGuard license for the primary unit is updated.
正解:B,C
質問 7:
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)
A. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
C. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
D. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.
Why didn't the tunnel come up?
A. IKE mode configuration is not enabled in the remote IPsec gateway.
B. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.
C. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
正解:B
0 お客様のコメント