オンライン問題で最適なNSE4_FGT-7.0試験練習問題(最新の174問題)
練習問題NSE4_FGT-7.0素晴らしい練習用のFortinet NSE 4 - FortiOS 7.0テスト問題
Fortinet NSE4_FGT-7.0 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 19
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
- A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
- B. Tunnels are negotiated dynamically between spokes.
- C. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
- D. ADVPN is only supported with IKEv2.
正解: A,B
質問 20
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
- A. Lookup is done on the trust reply packet from the responder
- B. Lookup is done on the last packet sent from the responder
- C. Lookup is done on the first packet from the session originator
- D. Lookup is done on every packet, regardless of direction
正解: A,C
質問 21
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
- A. get system performance status
- B. get system status
- C. get system arp
- D. diagnose sys top
正解: C
解説:
"If you suspect that there is an IP address conflict, or that an IP has been assigned to the wrong device, you may need to look at the ARP table."
質問 22
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- A. NetAPI polling can increase bandwidth usage in large networks.
- B. The collector agent must search security event logs.
- C. The collector agent uses a Windows API to query DCs for user logins.
- D. The NetSession Enum function is used to track user logouts.
正解: D
解説:
Reference:
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=210966035&stateId=1%200%20210968009%27)
質問 23
How does FortiGate act when using SSL VPN in web mode?
- A. FortiGate acts as DNS server.
- B. FortiGate acts as router.
- C. FortiGate acts as an HTTP reverse proxy.
- D. FortiGate acts as an FDS server.
正解: C
質問 24
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
- A. IP address
- B. FQDN address
- C. Once Internet Service is selected, no other object can be added
- D. User or User Group
正解: D
解説:
Reference:
https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy Service : This option is only available when Destination Internet Service is off. So if you are on source you should be able to add users and groups, I didn't test but as per theory that is what is looks like.
https://docs.fortinet.com/document/fortimanager/6.2.1/administration-guide/663598/create-new-firewall-policy
質問 25
Which scanning technique on FortiGate can be enabled only on the CLI?
- A. Trojan scan
- B. Heuristics scan
- C. Antivirus scan
- D. Ransomware scan
正解: B
質問 26
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
- A. Security Posture
- B. Optimization
- C. Fabric Coverage
- D. Automated Response
正解: A
質問 27
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
- A. The two VLAN sub interfaces must have different VLAN IDs.
- B. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.
- C. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
- D. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
正解: A
解説:
Explanation
FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf -
"Multiple VLANs can coexist in the same physical interface, provide they have different VLAN ID"
質問 28
Which two statements ate true about the Security Fabric rating? (Choose two.)
- A. It provides executive summaries of the four largest areas of security focus.
- B. Many of the security issues can be fixed immediately by clicking Apply where available.
- C. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
- D. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
正解: B,D
解説:
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/292634/security-rating
質問 29
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
- A. TWAMP
- B. ping
- C. udp-echo
- D. DNS
正解: A,C
質問 30
When configuring a firewall virtual wire pair policy, which following statement is true?
- A. Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.
- B. Exactly two virtual wire pairs need to be included in each policy.
- C. Only a single virtual wire pair can be included in each policy.
- D. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.
正解: D
解説:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48690
質問 31
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
- A. Flow engine
- B. Detection engine
- C. Intrusion prevention system engine
- D. Antivirus engine
正解: C
解説:
Reference: http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control
質問 32
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
- A. The firewall policy performs the full content inspection on the file.
- B. The flow-based inspection is used, which resets the last packet to the user.
- C. The volume of traffic being inspected is too high for this model of FortiGate.
- D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
正解: B
解説:
* "ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block replacement message immediately
* When a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a "SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.
In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.
質問 33
An administrator is running the following sniffer command:
Which three pieces of Information will be Included in me sniffer output? {Choose three.)
- A. IP header
- B. Ethernet header
- C. Interface name
- D. Packet payload
- E. Application header
正解: A,C,D
質問 34
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
- A. IPS engine handles the process as a standalone.
- B. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
- C. If the virus is detected, the last packet is delivered to the client.
- D. Optimized performance compared to proxy-based inspection.
- E. FortiGate buffers the whole file but transmits to the client simultaneously.
正解: B,D,E
解説:
Reference: https://forum.fortinet.com/tm.aspx?m=192309
質問 35
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?
- A. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
- B. FortiGate does not support full SSL inspection when web filtering is enabled.
- C. There are network connectivity issues.
- D. The browser requires a software update.
正解: A
質問 36
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
- A. The IPS engine will continue to run in a normal state.
- B. The IPS engine was inspecting high volume of traffic.
- C. The IPS engine was unable to prevent an intrusion attack.
- D. The IPS engine was blocking all traffic.
正解: B
解説:
Reference:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpu-usage
質問 37
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
- A. Log downloads from the GUI are limited to the current filter view
- B. Log backups from the CLI cannot be restored to another FortiGate.
- C. Log backups from the CLI can be configured to upload to FTP as a scheduled time
- D. Log downloads from the GUI are stored as LZ4 compressed files.
正解: A,B
質問 38
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?
- A. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
- B. FortiGate does not support full SSL inspection when web filtering is enabled.
- C. There are network connectivity issues.
- D. The browser requires a software update.
正解: A
解説:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD41394
質問 39
Which three statements are true regarding session-based authentication? (Choose three.)
- A. It can differentiate among multiple clients behind the same source IP address.
- B. HTTP sessions are treated as a single user.
- C. It is not recommended if multiple users are behind the source NAT
- D. IP sessions from the same source IP address are treated as a single user.
- E. It requires more resources.
正解: A,B,C
解説:
Explanation
FortiGate_Infrastructure_6.4 page 387
質問 40
Which three methods are used by the collector agent for AD polling? (Choose three.)
- A. FortiGate polling
- B. WinSecLog
- C. WMI
- D. NetAPI
- E. Novell API
正解: B,C,D
質問 41
Exhibit:
Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?
- A. Policy-based authentication is enabled
- B. Route-based authentication is enabled
- C. IP-based authentication is enabled
- D. Session-based authentication is enabled.
正解: D
質問 42
Refer to the exhibit.
According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?
- A. A bridge CA
- B. A user
- C. A subordinate
- D. A root CA
正解: B
質問 43
Refer to the exhibit to view the application control profile.
Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?
- A. The category of Apple FaceTime is being monitored.
- B. Apple FaceTime belongs to the custom monitored filter.
- C. The category of Apple FaceTime is being blocked.
- D. Apple FaceTime belongs to the custom blocked filter.
正解: D
解説:
Explanation
FaceTime categorized (filtered) under "Excessive-Bandwidth" and custom filter override set to block this.
Also we know that users can't use FaceTime
質問 44
......
リアルなNSE4_FGT-7.0試験別格な練習試験問題:https://jp.fast2test.com/NSE4_FGT-7.0-premium-file.html
100%合格率でリアルなNSE4_FGT-7.0試験成功ゲット:https://drive.google.com/open?id=1OlqcbhEwGYY3sTllh0Gyh8P1WCvzgJAA