EMEA-Advanced-Supportテスト問題練習試そう!2025年に更新された52問あります [Q28-Q51]

Share

EMEA-Advanced-Supportテスト問題練習試そう!2025年に更新された52問あります

更新された2025年12月プレミアムEMEA-Advanced-Support試験エンジンPDFで今すぐダウンロード!無料更新された52問あります

質問 # 28
A firewall receives an out-of-order packet in a TCP session after the FIN/ACK and the packet is dropped as expected. What parameter can be changed to prevent such drops?

  • A. TCP time-wait timer
  • B. TCPMSS
  • C. TCP close-wait timer
  • D. Enable TCP option

正解:A

解説:
Out-of-order packets after FIN/ACK indicate a packet arriving in the TIME_WAIT state, where the session is closing. The TCP time-wait timer controls how long the firewall keeps the session in the TIME_WAIT state to handle late packets. Increasing this timer allows the firewall to accept such packets instead of dropping them. Close-wait timer relates to a different state, TCPMSS affects packet size, and "Enable TCP option" is not a standard parameter. Exact extract: "The TCP time-wait timer determines how long a session remains in the TIME_WAIT state to handle out-of-order or retransmitted packets after FIN/ACK... Adjusting this timer can prevent drops of late-arriving packets."


質問 # 29
TCP protocol can be used for data delivery via multicast

  • A. No
  • B. Yes

正解:A

解説:
TCP is a unicast, connection-oriented protocol that ensures reliable data delivery between two endpoints using sequence numbers and acknowledgments. Multicast, which sends data to multiple recipients, is supported by UDP, not TCP, due to TCP's requirement for a direct connection. Fortinet devices handle multicast traffic via UDP-based protocols like IGMP or PIM. Exact extract: "TCP is a unicast protocol that establishes a reliable connection between two devices... Multicast traffic, such as streaming or group communications, relies on UDP, as TCP does not support multicast delivery."


質問 # 30
In Active FTP who sends the PORT command?

  • A. Both
  • B. The FTP Server
  • C. The FTP Client
  • D. There is no PORT command in Active FTP

正解:C

解説:
In Active FTP, the client sends the PORT command to the server, specifying an ephemeral port for the server to initiate the data connection back to the client. This distinguishes Active FTP from Passive FTP, where the server provides the port. The server does not send PORT, and the command is a key part of Active FTP. Exact extract: "In Active FTP, the client sends a PORT command to the server, specifying the IP address and port number for the data connection... The server then initiates the data connection to the client's specified port."


質問 # 31
Link aggregation allows network devices to________

  • A. None of the above
  • B. Increase bandwidth of an interface
  • C. Restrict the bandwidth
  • D. Increase bandwidth by binding physical interfaces into a single channel

正解:D

解説:
Link aggregation, also known as IEEE 802.3ad or 802.1ax, enables the binding of multiple physical interfaces to form a single logical interface, which increases the overall bandwidth and provides redundancy. This is achieved by combining the bandwidth of the individual links into one aggregated link. For example, if two
1Gbps interfaces are aggregated, the logical link can provide up to 2Gbps bandwidth. This configuration is commonly used in FortiGate devices to enhance network performance without replacing hardware. The option B correctly describes this by stating "Increase bandwidth by binding physical interfaces into a single channel," which aligns with the official description. Incorrect options include A, which is vague and does not specify the method of binding multiple interfaces; C, which is the opposite of the purpose; and D, which is invalid.
Exact extract: Link aggregation (IEEE 802.3ad/802.1ax) enables you to bind two or more physical interfaces together to form an aggregated (combined) link. This new link ... Link aggregation combines multiple physical interfaces into a single logical interface, increasing bandwidth and link redundancy. Traffic is distributed evenly.


質問 # 32
Which command would you use to verify the status of an IPsec VPN tunnel on a FortiGate?

  • A. get vpn ipsec status
  • B. diagnose vpn tunnel list
  • C. diagnose ipsec status
  • D. show crypto ipsec sa

正解:B

解説:
The 'diagnose vpn tunnel list' command on FortiGate displays detailed status information about IPsec VPN tunnels, including phase 1 and phase 2 states, uptime, and traffic statistics. Options B, C, and D are not valid FortiGate commands for this purpose. Exact extract: "Use diagnose vpn tunnel list to view the status of IPsec VPN tunnels, including phase 1 and phase 2 details, such as SA status, uptime, and traffic counters."


質問 # 33
In FortiGate, what is the purpose of a Virtual IP (VIP)?

  • A. To enable load balancing for VPN tunnels
  • B. To create a virtual interface for VLANs
  • C. To map an external IP to an internal IP for NAT
  • D. To assign a secondary IP to a physical interface

正解:C

解説:
A Virtual IP (VIP) in FortiGate maps an external IP address to an internal IP for Destination NAT (DNAT), commonly used for accessing internal servers from external networks. It is not for VLANs (B), secondary IPs (C), or VPN load balancing (D). Exact extract: "Virtual IPs (VIPs) are used for Destination NAT, mapping an external IP address to an internal IP to allow external access to internal resources, such as servers."


質問 # 34
Which of these BGP paths will be the preferred one ?

  • A. Prefer the path with the highest Local Preference value
  • B. Prefer External path (learned via EBGP) over Internal path (IBGP)
  • C. Prefer the path with the lowest Multi-Exit Discriminator (MED)
  • D. Prefer the path with the shortest AS Path

正解:A

解説:
BGP path selection follows a specific order of attributes to determine the best path. The process prefers the path with the highest local preference first, as it is one of the earliest steps in the decision process. Local preference is used within an AS to influence outbound traffic. Only if local preferences are equal does it move to the next criteria, such as shortest AS path. The AS path length is considered after local preference, MED after that, and eBGP over iBGP even later. Therefore, among the options, the highest local preference (D) is the most preferred criterion. The original document's answer B is incorrect based on standard BGP selection rules implemented in Fortinet. Exact extract: This article describes the BGP route selection process. Scope FortiGate. Solution Consider only routes with no AS loops and a valid next hop. BGP makes routing decisions based on path, network policies and rulesets ... select the route with the lowest router ID as the best path. Network. Type. To achieve this, multiple route selection techniques can be used. Some are protocol- agnostic (for example, weight) and others are protocol-specific (for example ...).


質問 # 35
Which FortiGate feature mitigates DDoS attacks by limiting the rate of incoming connections?

  • A. DoS Policy
  • B. Application Control
  • C. IPS Signature
  • D. Web Filtering

正解:A

解説:
FortiGate's DoS (Denial of Service) Policy limits the rate of incoming connections or packets to mitigate DDoS attacks, such as SYN floods, by setting thresholds for specific traffic types. IPS Signatures (B) detect specific attack patterns, Application Control (C) manages app usage, and Web Filtering (D) blocks URLs, none of which focus on rate limiting. Exact extract: "DoS policies protect against DDoS attacks by limiting the rate of incoming connections or packets, such as SYN floods, based on configured thresholds."


質問 # 36
How many layers does the OSI Model contain?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:B

解説:
The OSI (Open Systems Interconnection) model consists of seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. This framework is used in Fortinet documentation to explain protocol operations. Options A, C, and D are incorrect as they do not match the standard OSI model.
Exact extract: "The OSI model defines seven layers for network communication: 1. Physical, 2. Data Link, 3.
Network, 4. Transport, 5. Session, 6. Presentation, 7. Application."


質問 # 37
What happens when a FortiGate detects a SYN flood attack?

  • A. It enables proxy-based inspection
  • B. It redirects traffic to a backup gateway
  • C. It applies rate limiting to SYN packets
  • D. It drops all incoming packets

正解:C

解説:
When FortiGate detects a SYN flood attack, it applies rate limiting to SYN packets via a DoS policy, dropping excessive packets to mitigate the attack. It does not drop all packets (A), enable proxy inspection (B), or redirect traffic (D). Exact extract: "FortiGate mitigates SYN flood attacks using DoS policies, which apply rate limiting to SYN packets to prevent overwhelming the system."


質問 # 38
Which of the below technology(ies) could reduce CPU load and memory utilization used by an IPS engine?

  • A. IPS does not compare traffic to each signature individually. Instead it compiles them into a decision tree
  • B. Using multiple engines, aligned with load balancing technologies like Turbo that uses round robin algorithms to dispatch traffic up to specific IPS engine
  • C. All of the above
  • D. Using regular instead of extended database, to reduce memory footprint
  • E. Using IPS sensors and IPS filter to determine which traffic should be examined for which signatures, instead of examine network traffic for all signatures

正解:A、D、E

解説:
IPS efficiency is improved by: A) Compiling signatures into a decision tree to reduce comparison overhead; B) Using IPS sensors/filters to selectively apply signatures to relevant traffic, reducing unnecessary processing; D) Using a regular database instead of an extended one to lower memory usage. Option C's
"Turbo" and round-robin load balancing is not a standard Fortinet IPS feature. Option E is incorrect as C is not valid. Exact extract: "IPS efficiency is improved by compiling signatures into decision trees to minimize CPU usage... IPS sensors and filters allow selective signature application to reduce processing... Using the regular signature database instead of extended reduces memory footprint."


質問 # 39
Which of the following is a benefit of using FortiGate's Security Fabric?

  • A. It increases the speed of IPsec VPN tunnels
  • B. It automatically configures VLANs on FortiSwitches
  • C. It enables centralized management of multiple Fortinet devices
  • D. It reduces the need for firewall policies

正解:C

解説:
The Fortinet Security Fabric provides a centralized management platform for multiple Fortinet devices (e.g., FortiGate, FortiSwitch, FortiAP), enabling coordinated security policies, telemetry sharing, and simplified administration. It does not directly speed up VPNs (B), reduce firewall policies (C), or auto-configure VLANs (D). Exact extract: "The Fortinet Security Fabric enables centralized management and visibility across Fortinet devices, allowing coordinated security policies and telemetry sharing for enhanced protection."


質問 # 40
What tool would you use to verify a certificate?

  • A. Hping
  • B. Nessus
  • C. Certtester
  • D. OpenSSL

正解:D

解説:
OpenSSL is a widely used command-line tool for verifying certificates, checking validity, chains, and details like subject, issuer, and expiration. It is supported in Fortinet troubleshooting and certificate management.
Nessus is for vulnerability scanning, Hping for packet crafting, Certtester is not standard. Exact extract:
Description. This article describes how to verify by OpenSSL if the format of the certificate is correct when getting an error message like ... How to verifying the Certificate by CA Certificate on openssl command. You can verify the certificate's validity by CA certificate. Example 1: ... Navigate to System -> Certificate -> Create/Import. Select Import Certificate -> Select Type Certificate. Upload server.pem. Upload ca.key.
Description, This article describes how to sign and generate certificates using OpenSSL in Windows OS that can be used for SSL VPN and IPSec VPN ... This section discusses the following tasks you can perform on the System > Certificate > Manage Certificates page.


質問 # 41
What is the default FortiGate behavior when a packet matches no firewall policy?

  • A. The packet is sent to the IPS engine
  • B. The packet is forwarded to the default gateway
  • C. The packet is dropped
  • D. The packet is logged and allowed

正解:C

解説:
FortiGate operates on a default-deny principle; if a packet does not match any firewall policy, it is dropped to ensure security. No forwarding (A), IPS processing (C), or automatic allowing (D) occurs without a matching policy. Exact extract: "FortiGate uses a default-deny approach; packets that do not match any configured firewall policy are dropped to prevent unauthorized traffic."


質問 # 42
Hybrid cloud means that

  • A. One customer uses VMs with multiple different operating systems in the same cloud account
  • B. Some of the customer's systems are virtualized in the public cloud and some are in the local datacenter
  • C. The cloud provider uses AMD, Intel and possibly also other CPU vendors
  • D. Cloud provider provides both 32-bit and 64-bit virtual machines

正解:B

解説:
A hybrid cloud combines on-premises infrastructure (local datacenter) with public cloud resources, allowing workloads to operate across both environments for flexibility and scalability. Fortinet solutions like FortiGate- VM support hybrid cloud deployments. Option A refers to hardware diversity, C to OS variety, and D to architecture types, none of which define hybrid cloud. Exact extract: "Hybrid cloud is the combination of public cloud services with an on-premises private cloud or datacenter... This allows customers to run some systems in the public cloud and others in their local datacenter, managed seamlessly."


質問 # 43
Which protocol is used by FortiGate to synchronize session tables in an HA cluster?

  • A. VRRP
  • B. FGCP
  • C. BGP
  • D. OSPF

正解:B

解説:
The FortiGate Cluster Protocol (FGCP) is used to synchronize session tables, configuration, and state information between HA cluster members to ensure seamless failover. VRRP (B) is for router redundancy, OSPF (C) and BGP (D) are routing protocols, not used for HA synchronization. Exact extract: "FGCP synchronizes session tables, configurations, and state information between FortiGate HA cluster members to ensure continuity during failover."


質問 # 44
What are source and destination MAC addresses of an ARP request?

  • A. The source MAC is that of the sending device and the destination is a multicast address
  • B. The source MAC is that of the forwarding switch and destination of the targeted device
  • C. The source MAC is that of the sending device and the destination of the targeted device
  • D. The source MAC is that of the sending device and the destination MAC is a broadcast address

正解:D

解説:
An ARP (Address Resolution Protocol) request is broadcast to resolve an IP address to a MAC address. The source MAC is the sender's MAC address, and the destination MAC is the broadcast address (FF:FF:FF:FF:
FF:FF) to reach all devices on the local network. Fortinet devices handle ARP for Layer 2 communication.
Options B, C, and D are incorrect as switches don't originate ARP requests, the target's MAC is unknown, and ARP uses broadcast, not multicast. Exact extract: "In an ARP request, the source MAC address is that of the sending device, and the destination MAC address is the broadcast address (FF:FF:FF:FF:FF:FF), sent to all devices in the local network segment."


質問 # 45
What does the FortiGate 'set nat enable' command do in a firewall policy?

  • A. Forces NAT to use a specific IP pool
  • B. Enables NAT for outgoing traffic
  • C. Enables NAT for incoming traffic only
  • D. Disables NAT for the policy

正解:B

解説:
The 'set nat enable' command in a FortiGate firewall policy enables Source NAT (SNAT) for outgoing traffic, typically rewriting the source IP to the FortiGate's interface IP or an IP pool. It does not disable NAT (B), force a specific pool (C), or limit to incoming traffic (D). Exact extract: "The 'set nat enable' command in a firewall policy enables Source NAT, rewriting the source IP address of outgoing traffic to the egress interface IP or a configured NAT pool."


質問 # 46
Which FortiGate feature allows for policy-based routing?

  • A. Dynamic Routes
  • B. Static Routes
  • C. Policy Routes
  • D. SD-WAN Rules

正解:C

解説:
Policy Routes in FortiGate allow routing decisions based on criteria like source, destination, or service, overriding the default routing table. SD-WAN Rules (A) are for WAN optimization, Static Routes (C) are fixed, and Dynamic Routes (D) are protocol-based, not policy-based. Exact extract: "Policy Routes allow FortiGate to make routing decisions based on user-defined criteria, such as source/destination IPs or services, overriding standard routing."


質問 # 47
Which FortiGate feature supports load balancing across multiple WAN links?

  • A. SD-WAN
  • B. Link Aggregation
  • C. Multi-Path Routing
  • D. Virtual Routing

正解:A

解説:
FortiGate's SD-WAN feature enables load balancing and intelligent traffic steering across multiple WAN links based on criteria like bandwidth, latency, or application. Link Aggregation (B) bonds interfaces, Virtual Routing (C) is VRF, and Multi-Path Routing (D) is not a standard term. Exact extract: "SD-WAN enables load balancing and traffic steering across multiple WAN links, optimizing performance and reliability based on configured rules and metrics."


質問 # 48
Which parts of the IKE protocol below are responsible for authenticating the User (username/password) of a dialup IPsec tunnel? (Check all correct answers)

  • A. IKEv1 Xauth
  • B. IKEv1 phase1
  • C. IKEv2 EAP
  • D. IKEv1 phase2
  • E. IKEv2 SA_INIT

正解:A、C

解説:
For user authentication in dialup IPsec, IKEv1 uses XAuth (Extended Authentication) after Phase 1 for username/password. IKEv2 uses EAP (Extensible Authentication Protocol) for similar user auth. Phase 1 and SA_INIT are for peer auth, Phase 2 for child SA negotiation. Exact extract: XAuth increases security by requiring remote dialup client users to authenticate in a separate exchange at the end of phase 1. IPsec IKEv2 VPNs now support certificate authentication and EAP authentication at the same time from a dialup FortiClient. With the eap-cert-auth setting ... IPsec IKEv2 VPNs now support certificate authentication and EAP authentication at the same time from a dialup FortiClient. IPsec IKEv1 uses XAUTH for user authentication, and IPsec IKEv2 uses EAP for user authentication. Only EAP-TTLS is interoperable with LDAP. For LDAP based user ... In your scenario, the user cannot authenticate by providing both a PSK and their credentials (using one of multiple EAP methods).


質問 # 49
......

正真正銘のEMEA-Advanced-Support問題集には100%合格率練習テスト問題集:https://jp.fast2test.com/EMEA-Advanced-Support-premium-file.html

Fortinet EMEA-Advanced-Supportリアル試験問題保証付き更新された問題集にはFast2test:https://drive.google.com/open?id=16MrfTql3sSRRRK8kYRrd-phzhw49wW-8


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어