質問 1:
Click the Exhibit button.
Central NAT was configured on a FortiGate firewall. A sniffer shows ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP(VIP) that was configured.
Referring to the exhibit, which configuration will ensure that ICMP traffic is also translated?
A. config firewall central-snat-map edit 1 set orig-addr "all" next end
B. config firewall central-snat-map edit 1 set protocol 1 next end
C. config firewall ippool edit "secondry_ip" set arp-intf 'port1' next end
D. config firewall central-snat-map edit 1 unset protocol next end
正解:D
質問 2:
Exhibit
When deploying a new FortiGate-VMX Security node, an administrator received the error message shown in the exhibit In this scenario, which statement is correct?
A. The NSX Manager was not able to connect on the FortiGate Service Manager's RestAPI service.
B. The FortiGate Service Manager did not have the proper permission to register the FortiGate-VMX Service.
C. The vCenter was not able locate the FortiGate-VMX's OVF file.
D. The vCenter could not connect to the FortiGate Service Manager
正解:B
質問 3:
Click the exhibit.
You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.
In this scenario, which command will solve this problem?
A. config system interface
edit Agg1
set Algorithm L4
end
B. config system interface
edit Agg1
set weight 2
end
C. config system interface
edit Agg1
set min-links 2
end
D. config system interface
edit Agg1
set lacp-mode active
end
正解:A
質問 4:
Exhibit
Your organization has a FortrGate cluster that is connected to two independent ISPs. You must configure the FortiGate failover for a single ISP failure to occur without disruption.
Referring to the exhibit, which two FortiGate BGP features would be used to accomplish this task' (Choose two.)
A. Enable BFD
B. Enable EBGP multipath
C. Enable graceful restart
D. Enable synchronization
正解:A,C
質問 5:
Exhibit
The exhibit shows a topology where a FortiGate is two VDOMS, root and vd-vlasn. The root VDCM provides SSL-VPN access, where the users authenticated by a FortiAuthenticatator. The vd-lan VDOM provids internal access to a Web server. For the remote users to access the internal web server, there are a few requirements, which are shown below.
--At traffic must come from the SSI-VPN
--The vd-lan VDOM only allows authenticated traffic to the Web server.
-- Users must only authenticate once, using the SSL-VPN portal.
-- SSL-VPN uses RADIUS-based authentication.
referring to the exhibit, and the requirement describe above, which two statements are true?
(Choose two.)
A. root is configured for FSSO while vd-lan is configuration for RSSO.
B. root sends "RADIUS Accounting Messages" to FortiAuthenticator.
C. vd-lan authentication messages from root using FSSO.
D. vd-lan connects to Fort authenticator as a regular FSSO client.
正解:B,D
質問 6:
Exhibit
You created a custom health-check for your FortiWeb deployment.
Referring to the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server.
B. The FortiWeb must receive an HTTP 200 response code from the server.
C. The FortiWeb must match the hash value of the page index html.
D. The FortiWeb must receive an ICMP Echo Request from the server.
正解:B
Click the Exhibit button.
Central NAT was configured on a FortiGate firewall. A sniffer shows ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP(VIP) that was configured.
Referring to the exhibit, which configuration will ensure that ICMP traffic is also translated?
A. config firewall central-snat-map edit 1 set orig-addr "all" next end
B. config firewall central-snat-map edit 1 set protocol 1 next end
C. config firewall ippool edit "secondry_ip" set arp-intf 'port1' next end
D. config firewall central-snat-map edit 1 unset protocol next end
正解:D
質問 2:
Exhibit
When deploying a new FortiGate-VMX Security node, an administrator received the error message shown in the exhibit In this scenario, which statement is correct?
A. The NSX Manager was not able to connect on the FortiGate Service Manager's RestAPI service.
B. The FortiGate Service Manager did not have the proper permission to register the FortiGate-VMX Service.
C. The vCenter was not able locate the FortiGate-VMX's OVF file.
D. The vCenter could not connect to the FortiGate Service Manager
正解:B
質問 3:
Click the exhibit.
You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.
In this scenario, which command will solve this problem?
A. config system interface
edit Agg1
set Algorithm L4
end
B. config system interface
edit Agg1
set weight 2
end
C. config system interface
edit Agg1
set min-links 2
end
D. config system interface
edit Agg1
set lacp-mode active
end
正解:A
質問 4:
Exhibit
Your organization has a FortrGate cluster that is connected to two independent ISPs. You must configure the FortiGate failover for a single ISP failure to occur without disruption.
Referring to the exhibit, which two FortiGate BGP features would be used to accomplish this task' (Choose two.)
A. Enable BFD
B. Enable EBGP multipath
C. Enable graceful restart
D. Enable synchronization
正解:A,C
質問 5:
Exhibit
The exhibit shows a topology where a FortiGate is two VDOMS, root and vd-vlasn. The root VDCM provides SSL-VPN access, where the users authenticated by a FortiAuthenticatator. The vd-lan VDOM provids internal access to a Web server. For the remote users to access the internal web server, there are a few requirements, which are shown below.
--At traffic must come from the SSI-VPN
--The vd-lan VDOM only allows authenticated traffic to the Web server.
-- Users must only authenticate once, using the SSL-VPN portal.
-- SSL-VPN uses RADIUS-based authentication.
referring to the exhibit, and the requirement describe above, which two statements are true?
(Choose two.)
A. root is configured for FSSO while vd-lan is configuration for RSSO.
B. root sends "RADIUS Accounting Messages" to FortiAuthenticator.
C. vd-lan authentication messages from root using FSSO.
D. vd-lan connects to Fort authenticator as a regular FSSO client.
正解:B,D
質問 6:
Exhibit
You created a custom health-check for your FortiWeb deployment.
Referring to the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server.
B. The FortiWeb must receive an HTTP 200 response code from the server.
C. The FortiWeb must match the hash value of the page index html.
D. The FortiWeb must receive an ICMP Echo Request from the server.
正解:B
0 お客様のコメント