100%無料EMEA-Advanced-Support試験問題集で試験を簡単に合格させるFast2test
無料EMEA-Advanced-Support試験問題EMEA-Advanced-Support実際のリアル試験問題
質問 # 10
Which parts of the IKE protocol below are responsible for authenticating the User (username/password) of a dialup IPsec tunnel? (Check all correct answers)
- A. IKEv1 phase2
- B. IKEv2 SA_INIT
- C. IKEv2 EAP
- D. IKEv1 Xauth
- E. IKEv1 phase1
正解:C、D
解説:
For user authentication in dialup IPsec, IKEv1 uses XAuth (Extended Authentication) after Phase 1 for username/password. IKEv2 uses EAP (Extensible Authentication Protocol) for similar user auth. Phase 1 and SA_INIT are for peer auth, Phase 2 for child SA negotiation. Exact extract: XAuth increases security by requiring remote dialup client users to authenticate in a separate exchange at the end of phase 1. IPsec IKEv2 VPNs now support certificate authentication and EAP authentication at the same time from a dialup FortiClient. With the eap-cert-auth setting ... IPsec IKEv2 VPNs now support certificate authentication and EAP authentication at the same time from a dialup FortiClient. IPsec IKEv1 uses XAUTH for user authentication, and IPsec IKEv2 uses EAP for user authentication. Only EAP-TTLS is interoperable with LDAP. For LDAP based user ... In your scenario, the user cannot authenticate by providing both a PSK and their credentials (using one of multiple EAP methods).
質問 # 11
Which statement is true about IPsec VPNs and SSL VPNs?
- A. All of the above
- B. Both SSL VPNs and IPsec VPNs are standard protocols
- C. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device
- D. SSL VPN creates a HTTPS connection. IPsec does not
正解:A
解説:
Both SSL VPN and IPsec VPN are standard protocols supported by FortiGate devices for secure remote access. SSL VPN typically uses HTTPS (TCP port 443) for encrypted communication, while IPsec uses protocols like IKE and ESP. Both can be configured between an end-user workstation (e.g., via FortiClient) and a FortiGate device, supporting various authentication methods. All options are correct, making D the correct answer. Exact extract: "SSL VPN technology uses the standard SSL/TLS protocol to provide a secure connection to the FortiGate unit. The FortiGate SSL VPN can be configured to use HTTPS..." and "IPsec VPNs use standardized protocols like IKE and ESP to create secure tunnels... FortiClient supports both IPsec and SSL VPN connections to FortiGate devices for remote access."
質問 # 12
In a FortiGate high availability (HA) cluster, what happens if the primary unit fails?
- A. A secondary unit takes over as the primary unit
- B. The cluster switches to active-passive mode
- C. The cluster is disabled, and traffic stops
- D. Traffic is rerouted through an external gateway
正解:A
解説:
In a FortiGate HA cluster (active-active or active-passive), if the primary unit fails, a secondary unit automatically takes over as the primary, ensuring continuity of traffic with minimal disruption. Option A is incorrect as traffic continues, C is incorrect as the mode doesn't change post-failure, and D is unrelated. Exact extract: "In a FortiGate HA cluster, if the primary unit fails, a secondary unit is elected as the new primary, taking over all roles to maintain traffic flow and session continuity."
質問 # 13
Firewall is performing stateful inspection for TCP traffic between Client 10.0.0.21 and Server 172.16.1.200.
- A. Traffic should be allowed
- B. The ACK was not supposed to be sent to client 10.0.0.21
- C. Three way handshake was not completed
- D. Traffic is Asymmetric and not allowed by the Firewall
正解:C
解説:
Stateful inspection requires a complete TCP three-way handshake (SYN, SYN-ACK, ACK) to establish a session in the firewall's state table. If the handshake is incomplete (e.g., missing ACK), the session is not established, and traffic is dropped. The question implies a stateful firewall scenario where traffic is blocked, likely due to an incomplete handshake. Asymmetric traffic (B) or incorrect ACK (A) are not indicated without further context, and C is incorrect if the handshake fails. Exact extract: "Stateful inspection ensures that a TCP three-way handshake is completed before allowing traffic... If the handshake is not completed, FortiGate drops the packets as invalid."
質問 # 14
Which protocols are used by an email client to retrieve emails?
- A. IMAP4
- B. SMTP
- C. POP3
- D. SNMP
正解:A、C
解説:
Email clients use POP3 (Post Office Protocol) and IMAP4 (Internet Message Access Protocol) to retrieve emails from a server. POP3 downloads emails and typically removes them from the server, while IMAP4 allows synchronized access. SMTP is used for sending emails, and SNMP is for network monitoring, not email retrieval. Exact extract: "Email clients use POP3 or IMAP to retrieve email messages from a mail server... IMAP allows users to access and manage email directly on the server, while POP3 typically downloads messages to the client."
質問 # 15
Which FortiGate feature supports load balancing across multiple WAN links?
- A. SD-WAN
- B. Multi-Path Routing
- C. Virtual Routing
- D. Link Aggregation
正解:A
解説:
FortiGate's SD-WAN feature enables load balancing and intelligent traffic steering across multiple WAN links based on criteria like bandwidth, latency, or application. Link Aggregation (B) bonds interfaces, Virtual Routing (C) is VRF, and Multi-Path Routing (D) is not a standard term. Exact extract: "SD-WAN enables load balancing and traffic steering across multiple WAN links, optimizing performance and reliability based on configured rules and metrics."
質問 # 16
What tool would you use to verify a certificate?
- A. Certtester
- B. Nessus
- C. OpenSSL
- D. Hping
正解:C
解説:
OpenSSL is a widely used command-line tool for verifying certificates, checking validity, chains, and details like subject, issuer, and expiration. It is supported in Fortinet troubleshooting and certificate management.
Nessus is for vulnerability scanning, Hping for packet crafting, Certtester is not standard. Exact extract:
Description. This article describes how to verify by OpenSSL if the format of the certificate is correct when getting an error message like ... How to verifying the Certificate by CA Certificate on openssl command. You can verify the certificate's validity by CA certificate. Example 1: ... Navigate to System -> Certificate -> Create/Import. Select Import Certificate -> Select Type Certificate. Upload server.pem. Upload ca.key.
Description, This article describes how to sign and generate certificates using OpenSSL in Windows OS that can be used for SSL VPN and IPSec VPN ... This section discusses the following tasks you can perform on the System > Certificate > Manage Certificates page.
質問 # 17
A Company is running an outdated version of a Webserver software that is vulnerable to multiple code execution and injection attacks. Which Security feature can protect the Webserver until the security patches are applied?
- A. Anti rootkit Protection
- B. Intrusion Prevention System
- C. Intrusion Detection System
- D. Anti-virus Protection
正解:B
解説:
An Intrusion Prevention System (IPS) actively blocks malicious traffic, such as code execution or injection attacks, by matching against known signatures or anomalies, protecting the webserver until patches are applied. Intrusion Detection System (IDS) only detects and alerts, not blocks. Anti-virus and anti-rootkit are less effective for web-based attacks. The original document's answer B is incorrect, as IDS does not prevent attacks. Exact extract: "IPS provides active protection by blocking malicious traffic based on signatures or anomaly detection... Unlike IDS, which only detects and alerts, IPS can drop packets to prevent attacks like code execution or SQL injection."
質問 # 18
What is the purpose of FortiGate's 'FortiGuard' service in security profiles?
- A. Provides real-time threat intelligence updates
- B. Manages HA cluster synchronization
- C. Enables local storage of security logs
- D. Configures VPN tunnel encryption
正解:A
解説:
FortiGuard services provide real-time threat intelligence updates to FortiGate for signatures, URL databases, and anti-malware, enhancing security profiles like IPS and web filtering. It does not handle log storage (B), VPN encryption (C), or HA synchronization (D). Exact extract: "FortiGuard services deliver real-time threat intelligence, updating FortiGate with the latest signatures, URL databases, and anti-malware definitions for security profiles."
質問 # 19
Which FortiGate feature allows for policy-based routing?
- A. Static Routes
- B. Policy Routes
- C. SD-WAN Rules
- D. Dynamic Routes
正解:B
解説:
Policy Routes in FortiGate allow routing decisions based on criteria like source, destination, or service, overriding the default routing table. SD-WAN Rules (A) are for WAN optimization, Static Routes (C) are fixed, and Dynamic Routes (D) are protocol-based, not policy-based. Exact extract: "Policy Routes allow FortiGate to make routing decisions based on user-defined criteria, such as source/destination IPs or services, overriding standard routing."
質問 # 20
Which of the following is a network monitoring protocol?
- A. RDP
- B. SSH
- C. SNMP
- D. Telnet
正解:C
解説:
SNMP (Simple Network Management Protocol) is specifically designed for monitoring and managing network devices, allowing administrators to query device status, performance metrics, and configure alerts for issues. It operates by using agents on devices that report to a central manager. In contrast, RDP is for remote desktop access, Telnet for unsecure remote command-line access, and SSH for secure remote access. SNMP is the standard protocol for network monitoring in Fortinet products like FortiGate, FortiSwitch, etc. Exact extract: SNMP enables administrators to monitor how devices are performing and make changes to network devices so that data moves through the network more efficiently. Simple Network Management Protocol (SNMP) enables you to monitor hardware on your network. The FortiSwitch SNMP implementation is read- only. Monitoring FortiAP with SNMP. You can enable SNMP directly on FortiAP by implementing a SNMPD daemon/subagent on the FortiAP side. The Simple Network Management Protocol (SNMP) allows you to monitor hardware on your network. You can configure the hardware, such as the FortiProxy SNMP agent.
質問 # 21
What are the advantages of using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply below)
- A. Using a hub and spoke topology is required to achieve full redundancy.
- B. Using a hub and spoke topology provides stronger encryption.
- C. Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
- D. The routing table management is simpler because of fewer routes compared to a fully meshed node.
正解:C、D
解説:
Hub-and-spoke IPsec VPN reduces the number of tunnels needed (one per spoke to hub instead of n(n-1)/2 in full mesh), simplifying configuration and routing tables with summarized routes at the hub. It does not inherently provide stronger encryption or require for redundancy (though can be made redundant). Exact extract: I want to have a way to quickly (preferably automated) setup VPN's to my 2 hubs from each spoke.
However we do not want/need VPNs between spokes. Hub Configuration: Configure the FortiGate unit as the hub. Set up IPsec VPN tunnels for each spoke. Use preshared keys for authentication. The purpose of this document is to describe the requirements and general information for building a Hub & Spoke architecture using FortiGate-VM on Oracle Cloud ... The remote sites do not need to have connectivity to each other nor does the customer want them to have connectivity to each other. Given these ... This article gives a brief configuration example from one spoke to other spoke using IPsec, through the Hub firewall.
質問 # 22
What is the purpose of the FortiGate 'diagnose debug flow' command?
- A. To troubleshoot routing table issues
- B. To display real-time packet captures
- C. To show the packet flow through firewall policies
- D. To monitor system performance metrics
正解:C
解説:
The 'diagnose debug flow' command in FortiGate is used to troubleshoot how packets are processed through firewall policies, showing details like policy matching, NAT, and session handling. It helps identify why packets are allowed or dropped. Option A refers to packet sniffing, B to routing diagnostics, and D to performance monitoring, none of which are the primary function. Exact extract: "The diagnose debug flow command displays the packet flow through FortiGate, including policy matching, NAT, and session details, useful for troubleshooting traffic issues."
質問 # 23
In VMware vSphere, the term VMotion refers to
- A. The process used to describe the movement of hard drive platters on a virtual machine
- B. The patented technology available to migrate a server from Hyper-V to VMware
- C. A zero downtime live migration of workloads from one server to another
- D. The streaming of high definition video on a virtual machine
正解:C
解説:
VMotion in VMware vSphere enables live migration of running virtual machines from one physical server to another with zero downtime, ensuring continuous operation. Fortinet's FortiGate-VM supports such environments. Options A, C, and D are incorrect as they do not describe VMotion; C refers to a different migration scenario, and D is unrelated to virtualization. Exact extract: "VMotion allows the live migration of a running virtual machine from one physical server to another with no downtime... This ensures workloads continue running during server maintenance or load balancing."
質問 # 24
What are source and destination MAC addresses of an ARP request?
- A. The source MAC is that of the sending device and the destination MAC is a broadcast address
- B. The source MAC is that of the sending device and the destination of the targeted device
- C. The source MAC is that of the forwarding switch and destination of the targeted device
- D. The source MAC is that of the sending device and the destination is a multicast address
正解:A
解説:
An ARP (Address Resolution Protocol) request is broadcast to resolve an IP address to a MAC address. The source MAC is the sender's MAC address, and the destination MAC is the broadcast address (FF:FF:FF:FF:
FF:FF) to reach all devices on the local network. Fortinet devices handle ARP for Layer 2 communication.
Options B, C, and D are incorrect as switches don't originate ARP requests, the target's MAC is unknown, and ARP uses broadcast, not multicast. Exact extract: "In an ARP request, the source MAC address is that of the sending device, and the destination MAC address is the broadcast address (FF:FF:FF:FF:FF:FF), sent to all devices in the local network segment."
質問 # 25
Which of the following protocols operates at Layer 4
- A. BGP
- B. OSPF
- C. ARP
- D. IPSEC
正解:D
解説:
IPsec operates at Layer 4 (Transport Layer) in the OSI model, providing secure communication via protocols like ESP and AH, which work with TCP or UDP. BGP and OSPF are Layer 3 (Network Layer) routing protocols, and ARP operates at Layer 2 (Data Link Layer). Fortinet's FortiGate uses IPsec for VPNs at Layer
4. Exact extract: "IPsec operates at the Transport Layer (Layer 4) to secure communications, encapsulating TCP or UDP packets... BGP and OSPF function at the Network Layer, while ARP resolves IP to MAC addresses at the Data Link Layer."
質問 # 26
Which term refers to the OSPF router that connects area 0 to a nonbackbone area?
- A. area boundary router
- B. backbone router
- C. autonomous system boundary router
- D. area border router
正解:D
解説:
The standard term in OSPF for a router connecting the backbone area (Area 0) to a non-backbone area is "area border router" (ABR). It maintains separate LSDBs for each area and performs summarization. "Area boundary router" is similar but not the standard term; ASBR connects to external AS; backbone router is in Area 0. Exact extract: Go to Network > OSPF. Set Router ID to 10.11.101.1. In the Areas table, click Create New and set the following: Area ID. 0.0. Click OK. In the Networks ... A router connected to more than one area is an area border router (ABR). An autonomous system boundary router (ASBR) is located between an OSPF autonomous ... This article describes the basic steps to configure FortiGates in an OSPF scenario where the FortiGates will be ABR and ASBR OSPF routers across 3 areas. OSPF areas are groupings of OSPF routers or logical parts of a network. An area's routing information can be sent as a summary to other areas. This article describes that routes learned from the other OSPF areas will be removed on the ABR router when it has multiple areas and has no backbone ...
質問 # 27
Which of the following Authentication protocols uses clear text?
- A. PAP
- B. CHAP
- C. MSCHAP
- D. EAP
正解:A
解説:
PAP (Password Authentication Protocol) sends username and password in clear text over the network, making it insecure. CHAP uses challenge-response with hash, MSCHAP is Microsoft variant with hash, EAP is extensible and can use various methods but not inherently clear text. Exact extract: It's "impossible" to authenticate wireless users based on EAP-PEAP sessions agains OpenLdap, except, if the users using clear text authetication methods (PAP). Clear text HTTP authentication is not secure. All user names and data (and, depending on the authentication style, passwords) are sent in clear text. If you ... Fortinet ... Password Authentication Protocol (PAP). Used to authenticate PPP connections. Transmits passwords and other user information in clear text. The default token page contains a "Token Code:" text field. Recommended customization. It's recommended to delete the "Token Code:" text. FortiWeb will use ... If you follow the configuration guide for NPS you'll see (step 9) you need to enable "Unencrypted authentication (PAP, SPAP)" (link below).
質問 # 28
......
最新100%合格率保証付きの素晴らしいEMEA-Advanced-Support試験問題PDF:https://jp.fast2test.com/EMEA-Advanced-Support-premium-file.html
検証済みのEMEA-Advanced-Support問題集52格別な問題:https://drive.google.com/open?id=16MrfTql3sSRRRK8kYRrd-phzhw49wW-8