質問 1:
Click the Exhibit button.
Central NAT was configured on a FortiGate firewall. A sniffer shows ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP(VIP) that was configured.
Referring to the exhibit, which configuration will ensure that ICMP traffic is also translated?
A. config firewall central-snat-map edit 1 set orig-addr "all" next end
B. config firewall central-snat-map edit 1 set protocol 1 next end
C. config firewall ippool edit "secondry_ip" set arp-intf 'port1' next end
D. config firewall central-snat-map edit 1 unset protocol next end
正解:D
質問 2:
Exhibit
You created a custom health-check for your FortiWeb deployment.
Referring to the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server.
B. The FortiWeb must receive an HTTP 200 response code from the server.
C. The FortiWeb must match the hash value of the page index html.
D. The FortiWeb must receive an ICMP Echo Request from the server.
正解:B
質問 3:
Exhibit
Click the Exhibit button.
You have deployed several perimeter FortiGates with internal segmentation FortiGates behind them. All FortiGate devices are logging to FortiAnalyzer. When you search the logs in FortiAnalyzer for denied traffic, you see numerous log messages, as shown in the exhibit, on your perimeter FortiGates only.
Which two actions would reduce the number of these log messages? (Choose two.)
A. Disable DNS events logging horn ForirGate In the config log fortianalyser filter section.
B. Configure the internal ForbGates to communicate to ForpGuard using port 8888.
C. Remove DNS signature* <rom the IPS protte appfced to the outbound firewall policy.
D. Apply an application control profile lo the perimeter FortiGates that does not inspect DNS traffic to the outbound firewall policy.
正解:C,D
質問 4:
You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud Web site, but all management functions are either missing or grayed out.
Which statement a correct in this scenario?
A. You must manually configure system control-management on the FortiGate CLI and set the management type to fortiguard.
B. The managed FortiGate requires that a FortiCloud management license be purchased and applied.
C. The management tunnel mode on the managed FortiGate must be changed to normal.
D. The managed FcrtGate a running a version of ForflOS that is either too new or too for FortCloud.
正解:A
質問 5:
Click the exhibit.
You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.
In this scenario, which command will solve this problem?
A. config system interface
edit Agg1
set Algorithm L4
end
B. config system interface
edit Agg1
set weight 2
end
C. config system interface
edit Agg1
set min-links 2
end
D. config system interface
edit Agg1
set lacp-mode active
end
正解:A
質問 6:
Click the Exhibit button.
The exhibit shows a full-mesh topology between FortiGates and FortiSwitches. To deploy this configuration, two requirements must be met:
-20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitches
-The FortiGate HA must be in AP mode.
Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)
A. Configure both FortiSwitches as peers ISL over cable on create one MCLAG on ports connected cables A and C, and ceate another MCLAG on ports connected to cables B and D.
B. Configure the master FortiGate with one and FortiLink split interface disable on ports connected to cables A and C and make sure the same ports are used for to cables B and D.
C. Configure the master FortiGate with one LAG and FortiLink split interface enables on ports connected to cable A and C make sure the ports are used for cables B and D on the slave.
D. Configure both FortiSwitch as pears with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.
正解:C,D
Click the Exhibit button.
Central NAT was configured on a FortiGate firewall. A sniffer shows ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP(VIP) that was configured.
Referring to the exhibit, which configuration will ensure that ICMP traffic is also translated?
A. config firewall central-snat-map edit 1 set orig-addr "all" next end
B. config firewall central-snat-map edit 1 set protocol 1 next end
C. config firewall ippool edit "secondry_ip" set arp-intf 'port1' next end
D. config firewall central-snat-map edit 1 unset protocol next end
正解:D
質問 2:
Exhibit
You created a custom health-check for your FortiWeb deployment.
Referring to the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server.
B. The FortiWeb must receive an HTTP 200 response code from the server.
C. The FortiWeb must match the hash value of the page index html.
D. The FortiWeb must receive an ICMP Echo Request from the server.
正解:B
質問 3:
Exhibit
Click the Exhibit button.
You have deployed several perimeter FortiGates with internal segmentation FortiGates behind them. All FortiGate devices are logging to FortiAnalyzer. When you search the logs in FortiAnalyzer for denied traffic, you see numerous log messages, as shown in the exhibit, on your perimeter FortiGates only.
Which two actions would reduce the number of these log messages? (Choose two.)
A. Disable DNS events logging horn ForirGate In the config log fortianalyser filter section.
B. Configure the internal ForbGates to communicate to ForpGuard using port 8888.
C. Remove DNS signature* <rom the IPS protte appfced to the outbound firewall policy.
D. Apply an application control profile lo the perimeter FortiGates that does not inspect DNS traffic to the outbound firewall policy.
正解:C,D
質問 4:
You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud Web site, but all management functions are either missing or grayed out.
Which statement a correct in this scenario?
A. You must manually configure system control-management on the FortiGate CLI and set the management type to fortiguard.
B. The managed FortiGate requires that a FortiCloud management license be purchased and applied.
C. The management tunnel mode on the managed FortiGate must be changed to normal.
D. The managed FcrtGate a running a version of ForflOS that is either too new or too for FortCloud.
正解:A
質問 5:
Click the exhibit.
You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.
In this scenario, which command will solve this problem?
A. config system interface
edit Agg1
set Algorithm L4
end
B. config system interface
edit Agg1
set weight 2
end
C. config system interface
edit Agg1
set min-links 2
end
D. config system interface
edit Agg1
set lacp-mode active
end
正解:A
質問 6:
Click the Exhibit button.
The exhibit shows a full-mesh topology between FortiGates and FortiSwitches. To deploy this configuration, two requirements must be met:
-20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitches
-The FortiGate HA must be in AP mode.
Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)
A. Configure both FortiSwitches as peers ISL over cable on create one MCLAG on ports connected cables A and C, and ceate another MCLAG on ports connected to cables B and D.
B. Configure the master FortiGate with one and FortiLink split interface disable on ports connected to cables A and C and make sure the same ports are used for to cables B and D.
C. Configure the master FortiGate with one LAG and FortiLink split interface enables on ports connected to cable A and C make sure the ports are used for cables B and D on the slave.
D. Configure both FortiSwitch as pears with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.
正解:C,D
0 お客様のコメント