FCP_FGT_AD-7.4試験問題集を使って一日でFCP in Network Security試験合格目指す(最新の90解答) [Q40-Q62]

Share

FCP_FGT_AD-7.4試験問題集を使って一日でFCP in Network Security試験合格目指す(最新の90解答)

FCP_FGT_AD-7.4試験正確な問題集、学習ノートと理論

質問 # 40
What is eXtended Authentication (XAuth)?

  • A. It is an IPsec extension that forces remote VPN users to authenticate using their local ID.
  • B. It is an IPsec extension that authenticates remote VPN peers using a pre-shared key.
  • C. It is an IPsec extension that forces remote VPN users to authenticate using their credentials (username and password).
  • D. It is an IPsec extension that authenticates remote VPN peers using digital certificates.

正解:C

解説:
The correct answer is:
B. It is an IPsec extension that forces remote VPN users to authenticate using their credentials (username and password).
Explanation:
eXtended Authentication (XAuth) is an IPsec extension that adds additional authentication for remote VPN users after the initial IPsec phase 1 and phase 2 negotiations. XAuth requires users to provide their credentials (username and password) in addition to the standard IPsec authentication, enhancing the security of the VPN connection.


質問 # 41
Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

  • A. FortiGate will use the port1 route as the primary candidate.
  • B. FortiGate will only actuate the port1 route in the routing table
  • C. FortiGate will route twice as much traffic to the port2 route
  • D. FortiGate will load balance all traffic across both routes.

正解:A

解説:
B. FortiGate will use the port1 route as the primary candidate.
FortiGate will use the port1 route as the primary candidate. It has better priority.


質問 # 42
Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?

  • A. Apple FaceTime belongs to the custom blocked filter.
  • B. The category of Apple FaceTime is being blocked.
  • C. Apple FaceTime belongs to the custom monitored filter.
  • D. The category of Apple FaceTime is being monitored.

正解:A

解説:
Apple FaceTime belongs to the custom blocked filter.
FaceTime categorized (filtered) under "Excessive-Bandwidth" and custom filter override set to block this.
Also we know that users can't use FaceTime.
Apple FaceTime falls under (VoIP Catagory), (Excessive-Bandwidth Behavior) and (Vendor as Apple).
A. Correct, but that comes 2nd.
B. Correct, but that comes 2nd, as custom Filter Overrides the precedence of Category.
C. Correct, and that comes 1st.
D. Wrong, VoIP Category is monitored
So correct answer is (C).


質問 # 43
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
Which order must FortiGate use when the web filter profile has features such as safe search enabled?

  • A. DNS-based web filter and proxy-based web filter
  • B. Static URL filter, FortiGuard category filter, and advanced filters
  • C. Static domain filter, SSL inspection filter, and external connectors filters
  • D. FortiGuard category filter and rating filter

正解:B

解説:
FortiGate applies web filters in the following order: Static URL filter, FortiGuard category filter, Web content filter, Web script filter, and Antivirus scanning.


質問 # 44
FortiGate is integrated with FortiAnalyzer and FortiManager.
When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager?

  • A. (Sequence ID
  • B. Universally Unique Identifier
  • C. Policy ID
  • D. Log ID

正解:B

解説:
When a firewall policy is created in FortiGate integrated with FortiAnalyzer and FortiManager, a Universally Unique Identifier (UUID) is added to the policy to support logging and management.


質問 # 45
Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

  • A. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10"
  • B. Capture the traffic using an external sniffer connected to port1.
  • C. Run a sniffer on the web server.
  • D. Execute a debug flow.

正解:D

解説:
Execute a debug flow.
Because sniffer shows the ingressing and egressing packets, but we cannot see dropped packets by fortigate in a sniffer. Debugging can show the packets are not entering for any reasons caused by fortigate. So, if a packed is reached to fortigate and dropped , debug will show us.


質問 # 46
Refer to the exhibit showing a FortiGuard connection debug output.

Based on the output, which two facts does the administrator know about the FortiGuard connection? (Choose two.)

  • A. FortiGate is usingdefaultFortiGuard communication settings.
  • B. There is at least one server that lost packets consecutively.
  • C. A local FortiManaqer is one of the servers FortiGate communicates with.
  • D. One server was contacted to retrieve the contract information.

正解:A、D


質問 # 47
Refer to the exhibit showing a debug flow output.

What two conclusions can you make from the debug flow output? (Choose two.)

  • A. The debug flow is for ICMP traffic.
  • B. A new traffic session was created.
  • C. The default route is required to receive a reply.
  • D. A firewall policy allowed the connection.

正解:A、B

解説:
A - The debug flow is for ICMP traffic.
B . A firewall policy allowed the connection.
C . A new traffic session was created.
D . The default route is required to receive a reply.
The debug flow is for ICMP traffic.
The output shows "proto=1," which indicates that the protocol is ICMP (Internet Control Message Protocol).
A new traffic session was created.
The message "allocate a new session-00003dd5" confirms that a new session was created for this traffic.


質問 # 48
Refer to the exhibit to view the authentication rule configuration.

In this scenario, which statement is true?

  • A. Policy-based authentication is enabled
  • B. Session-based authentication is enabled
  • C. IP-based authentication is enabled
  • D. Route-based authentication is enabled

正解:B

解説:
The correct statement is:
A. Session-based authentication is enabled
The configuration specifies the use of web authentication cookies (set web-auth-cookie enable), which is a form of session-based authentication. NTLM authentication = session-based


質問 # 49
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

  • A. By default, the SSL VPN portal requires the installation of a client's certificate.
  • B. By default, FortiGate uses WINS servers to resolve names.
  • C. By default, the admin GUI and SSL VPN portal use the same HTTPS port.
  • D. By default, split tunneling is enabled.

正解:D

解説:
There is a Trap here... C and D have something right but the trick is the question...
Under SSL VPN settings you can see that port is 443 (same of https admin port) BUT the question is about a SSL VPN Setting FOR A VPN PORTAL... so if you go to SSL VPN Portals and hit "Create new" you will see Tunnel Mode and Split Tunnel enabled by default... so, the correct answer is C.
Split tunneling is a feature that allows a remote VPN user to tunnel only specific, protected traffic back to the corporate network, while other traffic (e.g., internet traffic) is sent directly to its destination. This can help optimize bandwidth usage and reduce the load on the corporate network.
In the context of SSL VPN settings for an SSL VPN portal on FortiGate, if split tunneling is enabled by default, it means that the remote user's internet-bound traffic will not be forced through the corporate network but will be sent directly to the internet. This can improve performance and reduce latency for non-corporate internet traffic.
Extra explanation:
https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-
sslvpn/SSLVPN_Examples/Split_Tunnel.htm#:~:text=Split%20Tunnel,SSL%20VPN%20on%20FortiGate
%20units.


質問 # 50
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

  • A. Forward traffic logs
  • B. System event logs
  • C. Local traffic logs
  • D. Security logs

正解:C

解説:
The type of logs on FortiGate that record information about traffic directly to and from the FortiGate management IP addresses is: A. Local traffic logs
A). Local traffic logs: These logs record information about traffic that is processed by the FortiGate unit itself, including traffic directed to and from the FortiGate management IP addresses.
The other options are not specifically focused on the management IP addresses:
B). Forward traffic logs: These logs generally pertain to traffic that is forwarded through the FortiGate unit.
C). System event logs: These logs capture system-level events, but they may not specifically address traffic to and from management IP addresses.
D). Security logs: While security logs can provide information about security-related events, they may not be specific to the management IP addresses.


質問 # 51
Refer to the exhibits.



FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit.
What would be the expected outcome in the HA cluster?

  • A. The HA cluster will become out of sync because the override setting must match on all HA members.
  • B. FGT-1 will synchronize the override disable setting with FGT-2.
  • C. FGT-1 will remain the primary because FGT-2 has lower priority.
  • D. FGT-2 will take over as the primary because it has the override enable setting and higher priority than FGT-1.

正解:D


質問 # 52
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

  • A. NetAPI polling can increase bandwidth usage in large networks.
  • B. The collector agent uses a Windows API to query DCs for user logins.
  • C. The collector agent must search Windows application event logs.
  • D. The NetSessionEnum function is used to track user logouts.

正解:D


質問 # 53
Which two statements about advanced AD access mode for the FSSO collector, agent are true?
(Choose two.)

  • A. FortiGate can act as an LDAP client to configure the group filters.
  • B. It is only supported if DC agents are deployed.
  • C. It uses the Windows convention for naming; that is, Domain\Username.
  • D. It supports monitoring of nested groups.

正解:A、D

解説:
The correct statements about the advanced AD access mode for the FSSO collector agent are:
A. FortiGate can act as an LDAP client to configure the group filters.
In advanced AD access mode, FortiGate can use LDAP (Lightweight Directory Access Protocol) to query and retrieve user and group information from Active Directory for configuring group filters.
C. It supports monitoring of nested groups.
Advanced AD access mode does support monitoring of nested groups, allowing for a more comprehensive view of user group memberships.


質問 # 54
Refer to the exhibit to view the firewall policy.

Why would the firewall policy not block a well-known virus, for example eicar?

  • A. The action on the firewall policy is not set to deny.
  • B. The firewall policy does not apply deep content inspection.
  • C. Web filter is not enabled on the firewall policy to complement the antivirus profile.
  • D. The firewall policy is not configured in proxy-based inspection mode.

正解:D

解説:
The firewall policy shown in the exhibit is configured in flow-based inspection mode. In flow-based inspection, certain security features, such as deep content inspection, might not be as effective as in proxy- based mode. Proxy-based inspection is necessary for thorough content inspection, which includes identifying and blocking well-known viruses like EICAR.
References:
* FortiOS 7.4.1 Administration Guide: Inspection Modes


質問 # 55
Which are two benefits of using SD-WAN? (Choose two.)

  • A. WAN is used effectively.
  • B. FortiGate performs per-packet distribution across multiple SD-WAN members.
  • C. Application steering is available.
  • D. Firewall policies are not required.

正解:A、C

解説:
The two benefits of using SD-WAN are:
B. WAN is used effectively.
SD-WAN optimizes the utilization of Wide Area Network (WAN) resources, improving efficiency and performance in the network.
C. Application steering is available.
SD-WAN provides the capability to steer and prioritize traffic based on the specific applications, ensuring better application performance and user experience.
The other options are not accurate:
A is incorrect because FortiGate typically performs per-session, not per-packet, distribution across multiple SD-WAN members.
D is incorrect because firewall policies may still be required, especially for security and traffic control purposes.
So, the correct choices are B and C.


質問 # 56
Refer to the exhibit:

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

  • A. There will be eight routes active in the routing table.
  • B. The port1 and port2 default routes are active in the routing table.
  • C. The port3 default route has the highest distance.
  • D. The port3 default route has the lowest metric.

正解:B、C

解説:
*> mean active routes
first square bracked mean administrative distance
second bracket square mean priority (valid only on static routes) metric applies only in multiroutes with same administrative distance.


質問 # 57
Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

  • A. FortiGate SN FGVM010000065036 HA uptime has been reset.
  • B. FortiGate devices are not in sync because one device is down.
  • C. FortiGate SN FGVM010000064692 has the higher HA priority.
  • D. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

正解:A、C

解説:
1. Override is disable by default - OK
2. "If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the primary" The question here is HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) HA age of fortinet SNxxx64682 is only 198seconds, HA by age need more than 300 seconds as estated in the reference "If HA age difference is less than 5 minutes (300 seconds), the device priority and FortiGate serial number selects the cluster unit to become the primary unit.
B. FortiGate devices are not in sync because one device is down. (not in exhibit)
C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime. (no greater than 300 sec)


質問 # 58
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode?
(Choose two.)

  • A. Root
  • B. FG-traffic
  • C. FG-Mgmt
  • D. Mgmt

正解:A、B

解説:
Root VDOM is created by default when VDOMs are enabled.
configure on Fortigate:
- captive portal authentication required
- Authentication failed message for Sales users
- Authentication success for HR users
- second policy used by HR users
In FortiOS, when setting up a FortiGate in split VDOM mode, the default VDOMs created are FG-traffic and Root.
So, in this case, the correct answers would be A. FG-traffic and D. Root.


質問 # 59
Refer to the exhibit to view the authentication rule configuration.

In this scenario, which statement is true?

  • A. Policy-based authentication is enabled
  • B. Session-based authentication is enabled
  • C. IP-based authentication is enabled
  • D. Route-based authentication is enabled

正解:B

解説:
The correct statement is:
A. Session-based authentication is enabled
The configuration specifies the use of web authentication cookies (set web-auth-cookie enable), which is a form of session-based authentication. NTLM authentication = session-based


質問 # 60
Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate.


Based on the system performance output, what can be the two possible outcomes? (Choose two.)

  • A. FortiGate will start sendingall files to FortiSandbox for inspection.
  • B. Administrators cannot change the configuration.
  • C. Administrators can access FortiGate onlythrough the console port.
  • D. FortiGate has entered conserve mode.

正解:C、D


質問 # 61
Refer to the exhibits.



The exhibits show a diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device.
Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet.
Based on the information shown in the exhibit, which two configuration options can the administrator use to fix the connectivity issue for PC3? (Choose two.)

  • A. In the IP pool configuration, set cype to overload.
  • B. In the IP pool configuration, set endig to 192.2.0.12.
  • C. In the firewall policy configuration, add 10. o. l. 3 as an address object in the source field.
  • D. Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list.

正解:A、B


質問 # 62
......


Fortinet FCP_FGT_AD-7.4 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 展開とシステム構成: このセクションでは、初期構成の設定方法、Fortinet Security Fabric の実装方法、FGCP HA クラスターの構成方法、リソースと接続の診断方法について説明します。
トピック 2
  • VPN: このセクションでは、安全なネットワーク アクセスのために SSL VPN を構成する方法と、メッシュ型または冗長型の IPsec VPN を実装する方法に焦点を当てます。
トピック 3
  • ルーティング: このセクションでは、静的ルートを使用してパケット ルーティングを設定し、効率的なトラフィック負荷分散のために SD-WAN を構成する方法について説明します。
トピック 4
  • ファイアウォール ポリシーと認証: このトピックでは、ファイアウォール ポリシーの設定方法、SNAT
  • DNAT の構成方法、認証方法の実装方法、FSSO の展開方法について説明します。
トピック 5
  • コンテンツ検査: このセクションでは、暗号化されたトラフィックの検査、検査モードの構成、Web フィルタリングの適用、アプリケーションの管理、ウイルス対策モードの設定、セキュリティのための IPS の実装方法について説明します。

 

FCP_FGT_AD-7.4問題集PDFで最速合格希望FCP_FGT_AD-7.4:https://jp.fast2test.com/FCP_FGT_AD-7.4-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어