1205 お客様のコメント
質問 1:
Refer to the exhibit.
Examine the FortiGate RSSO configuration shown in the exhibit.
FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users. The incoming RADIUS accounting messages contain the username and group membership information in the User-Name and Class RADIUS attributes, respectively.
Which three settings must you configure onFortiGate to successfully authenticate RSSO users and matchthem to the existing RSSO user groups? (Choose three)
A. The RADIUS Attribute Value setting configured for an RSSO user group should match the Class RADIUS attribute value in the RADIUS accounting message.
B. The sso-attribute CLI setting in the RSSO agent configuration should be set to Class.
C. The rasc-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.
D. RSSO user groups should be assigned to all firewall policies.
E. Device detection and Security Fabric Connection should be enabled on port3.
正解:A,B,C
質問 2:
Refer to the exhibits.
Exhibit.
Examine the troubleshooting outputs shown in the exhibits
Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network The interface that is having issues is the 2 4 GHz interface that is currently configured on channel 6 The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate Which configuration would improve the wireless connection?
A. Change the AP 2.4 GHz channel to 9.
B. Change the AP 2.4 GHz channel to 13.
C. Change the AP 2.4 GHz channel to 11
D. Change the AP 2.4 GHz channel to 1.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibits.
An administrator has configured FortiGate with an SSID (Corp) with dynamic VLAN assignment, and also configured a RADIUS server to send IETF 64, IETF 65, and IETF 81 VSAs.
The administrator has verified that the RADIUS server is sending all the required information to FortiGate.
However, FortiGate is not assigning correct VLANs to the wireless clients.
What is causing the problem?
A. The administrator must define the corresponding VLANs that are sent by the RADIUS server.
B. The RADIUS server must send the framed-ip attribute to assign wireless clients an IP address.
C. The administrator must configure a firewall policy to allow wireless clients to communicate with the RADIUS server.
D. Wireless clients must be assigned an IP address from the 10.0.3.0/24 subnet.
正解:B
質問 4:
Refer to the exhibit.
Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget Which two scenarios are likely to cause this issue? (Choose two)
A. FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)
B. FortiAnalyzer does not have a valid threat detection services license
C. The web filtering rating service is not working
D. The device does not have FortiClient installed
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A wireless network in a school provides guest access using a captive portal to allow unregistered users to self- register and access the network The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) Which two changes must the administrator make to enforce HTTPS authentication"? (Choose two >
A. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator
B. Enable HTTP redirect in the user authentication settings
C. Create a new SSID with the HTTPS captive portal URL
D. Disable HTTP administrative access on the guest SSID to enforce HTTPS connection
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Which two statements about MAC address quarantine by redirect mode are true? (Choose two)
A. The quarantined device is moved to the quarantine VLAN
B. The device MAC address is added to the Quarantined Devices firewall address group
C. It is the default mode for MAC address quarantine
D. The quarantined device is kept in the current VLAN
正解:B,D
Refer to the exhibit.
Examine the FortiGate RSSO configuration shown in the exhibit.
FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users. The incoming RADIUS accounting messages contain the username and group membership information in the User-Name and Class RADIUS attributes, respectively.
Which three settings must you configure onFortiGate to successfully authenticate RSSO users and matchthem to the existing RSSO user groups? (Choose three)
A. The RADIUS Attribute Value setting configured for an RSSO user group should match the Class RADIUS attribute value in the RADIUS accounting message.
B. The sso-attribute CLI setting in the RSSO agent configuration should be set to Class.
C. The rasc-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.
D. RSSO user groups should be assigned to all firewall policies.
E. Device detection and Security Fabric Connection should be enabled on port3.
正解:A,B,C
質問 2:
Refer to the exhibits.
Exhibit.
Examine the troubleshooting outputs shown in the exhibits
Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network The interface that is having issues is the 2 4 GHz interface that is currently configured on channel 6 The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate Which configuration would improve the wireless connection?
A. Change the AP 2.4 GHz channel to 9.
B. Change the AP 2.4 GHz channel to 13.
C. Change the AP 2.4 GHz channel to 11
D. Change the AP 2.4 GHz channel to 1.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibits.
An administrator has configured FortiGate with an SSID (Corp) with dynamic VLAN assignment, and also configured a RADIUS server to send IETF 64, IETF 65, and IETF 81 VSAs.
The administrator has verified that the RADIUS server is sending all the required information to FortiGate.
However, FortiGate is not assigning correct VLANs to the wireless clients.
What is causing the problem?
A. The administrator must define the corresponding VLANs that are sent by the RADIUS server.
B. The RADIUS server must send the framed-ip attribute to assign wireless clients an IP address.
C. The administrator must configure a firewall policy to allow wireless clients to communicate with the RADIUS server.
D. Wireless clients must be assigned an IP address from the 10.0.3.0/24 subnet.
正解:B
質問 4:
Refer to the exhibit.
Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget Which two scenarios are likely to cause this issue? (Choose two)
A. FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)
B. FortiAnalyzer does not have a valid threat detection services license
C. The web filtering rating service is not working
D. The device does not have FortiClient installed
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A wireless network in a school provides guest access using a captive portal to allow unregistered users to self- register and access the network The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) Which two changes must the administrator make to enforce HTTPS authentication"? (Choose two >
A. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator
B. Enable HTTP redirect in the user authentication settings
C. Create a new SSID with the HTTPS captive portal URL
D. Disable HTTP administrative access on the guest SSID to enforce HTTPS connection
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Which two statements about MAC address quarantine by redirect mode are true? (Choose two)
A. The quarantined device is moved to the quarantine VLAN
B. The device MAC address is added to the Quarantined Devices firewall address group
C. It is the default mode for MAC address quarantine
D. The quarantined device is kept in the current VLAN
正解:B,D
安原** -
Pass4Testは様々な工夫がなされており、合格から逆算されている。合格者の思考力が身に付く。