Fortinetは2023年最新のNSE4_FGT-7.0サンプル問題は信頼され続けるNSE4_FGT-7.0テストエンジン [Q61-Q86]

Share

Fortinetは2023年最新のNSE4_FGT-7.0サンプル問題は信頼され続けるNSE4_FGT-7.0テストエンジン

無料お試しFortinet NSE4_FGT-7.0問題集PDFは必ずベストの問題集オプションを使おう

質問 # 61
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

  • A. User or User Group
  • B. FQDN address
  • C. Once Internet Service is selected, no other object can be added
  • D. IP address

正解:C


質問 # 62
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

  • A. HTTPS
  • B. SSH
  • C. FortiTelemetry
  • D. FTM

正解:A、B


質問 # 63
Exhibit:

Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

  • A. Policy-based authentication is enabled
  • B. Session-based authentication is enabled.
  • C. IP-based authentication is enabled
  • D. Route-based authentication is enabled

正解:B


質問 # 64
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

  • A. A certificate is not required on the remote peer when you set the signature as the authentication method.
  • B. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
  • C. FortiGate supports pre-shared key and signature as authentication methods.
  • D. Enabling XAuth results in a faster authentication because fewer packets are exchanged.

正解:B、C


質問 # 65
Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

  • A. The session is a bidirectional UDP connection.
  • B. The session is a UDP unidirectional state.
  • C. The session is a bidirectional TCP connection.
  • D. The session is in TCP ESTABLISHED state.

正解:A


質問 # 66
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

  • A. FortiAnalyzer
  • B. FortiSandbox
  • C. FortiCloud
  • D. FortiCache
  • E. FortiSIEM

正解:A、C、E


質問 # 67
Which feature in the Security Fabric takes one or more actions based on event triggers?

  • A. Automation Stitches
  • B. Security Rating
  • C. Logical Topology
  • D. Fabric Connectors

正解:A

解説:
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/286973/fortinet-security-fabric


質問 # 68
Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

  • A. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration
  • B. Apple FaceTime will be allowed, based on the Categories configuration.
  • C. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn
  • D. Apple FaceTime will be allowed, based on the Apple filter configuration.

正解:A


質問 # 69
How do you format the FortiGate flash disk?

  • A. Load a debug FortiOS image.
  • B. Execute the CLI command execute formatlogdisk.
  • C. Select the format boot device option from the BIOS menu.
  • D. Load the hardware test (HQIP) image.

正解:C

解説:
Explanation
https://kb.fortinet.com/kb/viewContent.do?externalId=10338


質問 # 70
Which statement about video filtering on FortiGate is true?

  • A. Full SSL Inspection is not required.
  • B. Video filtering FortiGuard categories are based on web filter FortiGuard categories.
  • C. It inspects video files hosted on file sharing services.
  • D. It is available only on a proxy-based firewall policy.

正解:D

解説:
Reference: https://docs.fortinet.com/document/fortigate/7.0.0/new-features/190873/video-filtering


質問 # 71
Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

  • A. Capture the traffic using an external sniffer connected to port1.
  • B. Execute a debug flow.
  • C. Run a sniffer on the web server.
  • D. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10"

正解:B


質問 # 72
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

  • A. FQDN address
  • B. Once Internet Service is selected, no other object can be added
  • C. IP address
  • D. User or User Group

正解:D

解説:
Reference:
https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy Service : This option is only available when Destination Internet Service is off. So if you are on source you should be able to add users and groups, I didn't test but as per theory that is what is looks like.
https://docs.fortinet.com/document/fortimanager/6.2.1/administration-guide/663598/create-new-firewall-policy


質問 # 73
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

  • A. FG-Mgmt
  • B. Root
  • C. FG-traffic
  • D. Mgmt

正解:B、C

解説:
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/758820/split-task-vdom-mode


質問 # 74
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

  • A. FG-Mgmt
  • B. Root
  • C. FG-traffic
  • D. Mgmt

正解:B、C


質問 # 75
Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

  • A. Destination NAT is disabled in the firewall policy.
  • B. Overload NAT IP pool is used in the firewall policy.
  • C. One-to-one NAT IP pool is used in the firewall policy.
  • D. Port block allocation IP pool is used in the firewall policy.

正解:C

解説:
FortiGate_Security_6.4 page 155 . In one-to-one, PAT is not required.


質問 # 76
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

  • A. Captive portal is enabled in the interface.
  • B. The interface has been configured for one-arm sniffer.
  • C. The interface is a member of a zone.
  • D. The operation mode is transparent.
  • E. The interface is a member of a virtual wire pair.

正解:B、D、E

解説:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm


質問 # 77
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

  • A. Fabric Coverage
  • B. Automated Response
  • C. Security Posture
  • D. Optimization

正解:C


質問 # 78
Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

  • A. Interface name
  • B. Application header
  • C. IP header
  • D. Ethernet header
  • E. Packet payload

正解:A、C、E


質問 # 79
Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

  • A. Read/Write permission for Firewall
  • B. CLI diagnostics commands permission
  • C. Read/Write permission for Log & Report
  • D. Custom permission for Network

正解:B

解説:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD50220


質問 # 80
An administrator wants to configure timeouts for users. Regardless of the useres behavior, the timer should start as soon as the user authenticates and expire after the configured value.
Which timeout option should be configured on FortiGate?

  • A. auth-on-demand
  • B. idle-timeout
  • C. soft-timeout
  • D. hard-timeout
  • E. new-session

正解:D

解説:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221#:~:text=Hard%20timeout%3A%20User%20e


質問 # 81
Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

  • A. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
  • B. Browsers can be configured to retrieve this PAC file from the FortiGate.
  • C. Any web request fortinet.com is allowed to bypass the proxy.
  • D. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

正解:B、C


質問 # 82
Refer to the exhibit.

The exhibits show a network diagram and the explicit web proxy configuration.
In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?

  • A. 'host 192.168.0.2 and port 8080'
  • B. 'host 192.168.0.1 and port 80'
  • C. 'host 10.0.0.50 and port 8080'
  • D. 'host 10.0.0.50 and port 80'

正解:A


質問 # 83
Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

  • A. FortiGate SN FGVM010000065036 HA uptime has been reset.
  • B. FortiGate devices are not in sync because one device is down.
  • C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
  • D. FortiGate SN FGVM010000064692 has the higher HA priority.

正解:A、D

解説:
1. Override is disable by default - OK
2. "If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the primary" The question here is : HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study Guide.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disabled-default


質問 # 84
Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

  • A. Web filter should be enabled on the firewall policy to complement the antivirus profile.
  • B. The firewall policy does not apply deep content inspection.
  • C. The firewall policy must be configured in proxy-based inspection mode.
  • D. The action on the firewall policy must be set to deny.

正解:B

解説:
Explanation
Without deep inspection, you would never find a virus in HTTPS traffic. You will only catch a virus when it is send to you via HTTP or FTP with these settings.


質問 # 85
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

  • A. Security logs
  • B. System event logs
  • C. Local traffic logs
  • D. Forward traffic logs

正解:C

解説:
Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/476970


質問 # 86
......

有効な問題最新版を試そうNSE4_FGT-7.0テスト解釈NSE4_FGT-7.0有効な試験ガイド:https://jp.fast2test.com/NSE4_FGT-7.0-premium-file.html

NSE4_FGT-7.0試験資料Fortinet学習ガイド:https://drive.google.com/open?id=1OlqcbhEwGYY3sTllh0Gyh8P1WCvzgJAA


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어