Which statement about NGFW policy-based application filtering is true?
A. The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.
B. After IPS identifies the application, it adds an entry to a dynamic ISDB table.
C. After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.
D. FortiGate will drop all packets until the application can be identified.
正解:D
質問 2:
Refer to the exhibit, which shows the output of a debug command.
Which two statements about the output are true? (Choose two.)
A. The local FortiGate OSPF router ID is 0.0.0.4.
B. In the network connected to port4, two OSPF routers are down.
C. The local FortiGate is the backup designated router.
D. Port4 is connected to the OSPF backbone area.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)
A. Router ID.
B. OSPF interface area.
C. OSPF interface cost.
D. OSPF interface MTU.
E. Interface subnet mask.
正解:B,D,E
質問 4:
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.
Which of the following statements about the exhibit are true? (Choose two.)
A. The local router has not established a TCP session with 100.64.3.1.
B. The local router's BGP state is Established with the 10.125.0.60 peer.
C. Since the counters were last reset; the 10.200.3.1 peer has never been down.
D. The local router has received a total of three BGP prefixes from all peers.
正解:A,B
質問 5:
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?
A. Change phase 1 encryption to AES128 and authentication to SHA512.
B. Change phase 1 encryption to AES256 and authentication to SHA256.
C. Change phase 1 encryption to AESCBC and authentication to SHA2.
D. Change phase 1 encryption to 3DES and authentication to SHA128.
正解:B
質問 6:
Which statement about NGFW policy-based application filtering is true?
A. The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.
B. After IPS identifies the application, it adds an entry to a dynamic ISDB table.
C. After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.
D. FortiGate will drop all packets until the application can be identified.
正解:D
質問 7:
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)
A. IPS failopen
B. mem failopen
C. AV failopen
D. UTM failopen
正解:A,C
Horie -
Fortinetは試験出題見直に対応しているNSE7_EFW-6.4問題集が素晴らしい