975 お客様のコメント
質問 1:
Refer to the exhibit, which shows a Branch1 configuration and routing table.
In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.
In this scenario, which configuration change will meet this requirement?
A. Configure the priority in each overlay member to 10.
B. Change the load-balance-mode to source-ip-based.
C. Configure the cost in each overlay member to 10.
D. Create a new static route with the internet sdwan-zone only
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Refer to the exhibits.
A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.
The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.
Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)
A.
B.
C.
D.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibits.
The exhibits show a FortiGate network topology and the output of the status of high availability on the FortiGate.
Given this information, which statement is correct?
A. The cluster members are on the same network and the IP addresses were statically assigned.
B. The ethertype values of the HA packets are 0x8890, 0x8891, and 0x8892
C. The cluster mode can support a maximum of four (4) FortiGate VMs
D. FGVMEVLQOG33WM3D and FGVMEVGCJNHFYI4A share a virtual MAC address.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Refer to the exhibit.
You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:
FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?
A. Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.
B. Objects from the root FortiGate will not be synchronized to any downstream FortiGate.
C. Objects from the root FortiGate will only be synchronized to FGT__2.
D. Objects from the root FortiGate will only be synchronized to FGT_3.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic. Which statement about the VoIP configuration options is correct?
A. By default, VoIP traffic will be processed using the SIP Session Helper.
B. Restricting SIP requests is only possible when using the SIP Session Helper.
C. FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.
D. Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.
正解:C
質問 6:
Refer to the exhibit, which shows a multi-region SD-WAN architecture.
Given this scenario, which two statements are true? (Choose two.)
A. If eBGP is used, ADVPN can be established for branch-to-branch traffic across regions.
B. If iBGP is used, cross-regional spoke-to-hub shortcuts can be established.
C. If eBGP is used, ADVPN can be established only for branch-to-branch traffic within each region.
D. If iBGP is used, cross-regional spoke-to-hub shortcuts cannot be used.
正解:C
質問 7:
Refer to the exhibits.
The exhibits show a FortiMail network topology, Inbound configuration settings, and a Dictionary Profile.
You are required to integrate a third-party's host service (srv.thirdparty.com) into the e-mail processing path.
All inbound e-mails must be processed by FortiMail antispam and antivirus with FortiSandbox integration. If the email is clean, FortiMail must forward it to the third-party service, which will send the email back to FortiMail for final delivery, FortiMail must not scan the e-mail again.
Which three configuration tasks must be performed to meet these requirements? (Choose three.)
A. Change the scan order in FML-GW to antispam-sandbox-content.
B. Apply the Catch-AII profile to the ASinbound profile and configure an access delivery rule to deliver to the 100.64.0.72 host.
C. Create an IP policy with a Source value of 100. 64 .0.72/32, enable precedence, and place the policy at the top of the list.
D. Create an access receive rule with a Sender value of srv. thirdparcy.com, Recipient value of *@acme.
com, and action value of Safe
E. Apply the Catch-Ail profile to the CFInbound profile and configure a content action profile to deliver to the srv. thirdparty. com FQDN
正解:A,C,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit C
A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration.
Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C Referring to the exhibits, which configuration will restore VPN connectivity?
A.
B.
C.
D.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Refer to the exhibit.
A customer wants FortiClient EMS configured to deploy to 1500 endpoints. The deployment will be integrated with FortiOS and there is an Active Directory server.
Given the configuration shown in the exhibit, which two statements about the installation are correct?
(Choose two.)
A. The Windows clients only require "File and Printer Sharing0 allowed and the rest is handled by Active Directory group policy
B. You must use Standard or Enterprise SQL Server rather than the included SQL Server Express
C. You can only deploy initial installations to Windows clients.
D. If no client update time is specified on EMS, the user will be able to choose the time of installation if they wish to delay.
E. A client can be eligible for multiple enabled configurations on the EMS server, and one will be chosen based on first priority
正解:C,E
解説: (Pass4Test メンバーにのみ表示されます)
Refer to the exhibit, which shows a Branch1 configuration and routing table.
In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.
In this scenario, which configuration change will meet this requirement?
A. Configure the priority in each overlay member to 10.
B. Change the load-balance-mode to source-ip-based.
C. Configure the cost in each overlay member to 10.
D. Create a new static route with the internet sdwan-zone only
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Refer to the exhibits.
A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.
The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.
Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)
A.
B.
C.
D.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibits.
The exhibits show a FortiGate network topology and the output of the status of high availability on the FortiGate.
Given this information, which statement is correct?
A. The cluster members are on the same network and the IP addresses were statically assigned.
B. The ethertype values of the HA packets are 0x8890, 0x8891, and 0x8892
C. The cluster mode can support a maximum of four (4) FortiGate VMs
D. FGVMEVLQOG33WM3D and FGVMEVGCJNHFYI4A share a virtual MAC address.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Refer to the exhibit.
You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:
FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?
A. Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.
B. Objects from the root FortiGate will not be synchronized to any downstream FortiGate.
C. Objects from the root FortiGate will only be synchronized to FGT__2.
D. Objects from the root FortiGate will only be synchronized to FGT_3.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic. Which statement about the VoIP configuration options is correct?
A. By default, VoIP traffic will be processed using the SIP Session Helper.
B. Restricting SIP requests is only possible when using the SIP Session Helper.
C. FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.
D. Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.
正解:C
質問 6:
Refer to the exhibit, which shows a multi-region SD-WAN architecture.
Given this scenario, which two statements are true? (Choose two.)
A. If eBGP is used, ADVPN can be established for branch-to-branch traffic across regions.
B. If iBGP is used, cross-regional spoke-to-hub shortcuts can be established.
C. If eBGP is used, ADVPN can be established only for branch-to-branch traffic within each region.
D. If iBGP is used, cross-regional spoke-to-hub shortcuts cannot be used.
正解:C
質問 7:
Refer to the exhibits.
The exhibits show a FortiMail network topology, Inbound configuration settings, and a Dictionary Profile.
You are required to integrate a third-party's host service (srv.thirdparty.com) into the e-mail processing path.
All inbound e-mails must be processed by FortiMail antispam and antivirus with FortiSandbox integration. If the email is clean, FortiMail must forward it to the third-party service, which will send the email back to FortiMail for final delivery, FortiMail must not scan the e-mail again.
Which three configuration tasks must be performed to meet these requirements? (Choose three.)
A. Change the scan order in FML-GW to antispam-sandbox-content.
B. Apply the Catch-AII profile to the ASinbound profile and configure an access delivery rule to deliver to the 100.64.0.72 host.
C. Create an IP policy with a Source value of 100. 64 .0.72/32, enable precedence, and place the policy at the top of the list.
D. Create an access receive rule with a Sender value of srv. thirdparcy.com, Recipient value of *@acme.
com, and action value of Safe
E. Apply the Catch-Ail profile to the CFInbound profile and configure a content action profile to deliver to the srv. thirdparty. com FQDN
正解:A,C,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit C
A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration.
Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C Referring to the exhibits, which configuration will restore VPN connectivity?
A.
B.
C.
D.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Refer to the exhibit.
A customer wants FortiClient EMS configured to deploy to 1500 endpoints. The deployment will be integrated with FortiOS and there is an Active Directory server.
Given the configuration shown in the exhibit, which two statements about the installation are correct?
(Choose two.)
A. The Windows clients only require "File and Printer Sharing0 allowed and the rest is handled by Active Directory group policy
B. You must use Standard or Enterprise SQL Server rather than the included SQL Server Express
C. You can only deploy initial installations to Windows clients.
D. If no client update time is specified on EMS, the user will be able to choose the time of installation if they wish to delay.
E. A client can be eligible for multiple enabled configurations on the EMS server, and one will be chosen based on first priority
正解:C,E
解説: (Pass4Test メンバーにのみ表示されます)
Saegusa -
大判のテキストで問題も豊富。NSE8_812学習に良い