[Q28-Q50] 認証トレーニングEMEA-Advanced-Support試験問題集テストエンジン [2026]

Share

認証トレーニングEMEA-Advanced-Support試験問題集テストエンジン [2026]

2026年03月04日ガイド準備でEMEA-Advanced-Support試験合格

質問 # 28
Which FortiGate feature allows for dynamic routing protocol updates to be propagated through an IPsec VPN tunnel?

  • A. Dynamic Routing Gateway
  • B. Auto Discovery VPN (ADVPN)
  • C. Route-based VPN
  • D. Virtual Routing and Forwarding (VRF)

正解:B

解説:
Auto Discovery VPN (ADVPN) in FortiGate enables dynamic routing protocols (e.g., OSPF, BGP) to propagate updates through IPsec VPN tunnels by automatically creating shortcut paths between spokes. This simplifies configuration and enhances scalability in hub-and-spoke topologies. Route-based VPN (D) supports routing but not dynamic discovery, VRF (C) is for segmentation, and Dynamic Routing Gateway (B) is not a standard Fortinet feature. Exact extract: "ADVPN allows dynamic routing protocols to be used over IPsec VPN tunnels, enabling spokes to discover and communicate directly via shortcuts, improving efficiency in hub-and-spoke setups."


質問 # 29
TCP protocol can be used for data delivery via multicast

  • A. Yes
  • B. No

正解:B

解説:
TCP is a unicast, connection-oriented protocol that ensures reliable data delivery between two endpoints using sequence numbers and acknowledgments. Multicast, which sends data to multiple recipients, is supported by UDP, not TCP, due to TCP's requirement for a direct connection. Fortinet devices handle multicast traffic via UDP-based protocols like IGMP or PIM. Exact extract: "TCP is a unicast protocol that establishes a reliable connection between two devices... Multicast traffic, such as streaming or group communications, relies on UDP, as TCP does not support multicast delivery."


質問 # 30
Which FortiGate log type records denied traffic events?

  • A. Event Log
  • B. Traffic Log
  • C. Security Log
  • D. System Log

正解:B

解説:
Traffic Logs in FortiGate record all traffic events, including denied packets, with details like source, destination, and policy ID. Security Logs (B) cover UTM events, Event Logs (C) system events, and System Logs (D) hardware or system status, not specifically denied traffic. Exact extract: "Traffic Logs record all packet activity, including allowed and denied traffic, with details such as source/destination IPs, ports, and the firewall policy applied."


質問 # 31
Which protocols are used by an email client to retrieve emails?

  • A. IMAP4
  • B. SMTP
  • C. SNMP
  • D. POP3

正解:A、D

解説:
Email clients use POP3 (Post Office Protocol) and IMAP4 (Internet Message Access Protocol) to retrieve emails from a server. POP3 downloads emails and typically removes them from the server, while IMAP4 allows synchronized access. SMTP is used for sending emails, and SNMP is for network monitoring, not email retrieval. Exact extract: "Email clients use POP3 or IMAP to retrieve email messages from a mail server... IMAP allows users to access and manage email directly on the server, while POP3 typically downloads messages to the client."


質問 # 32
Which FortiGate feature supports load balancing across multiple WAN links?

  • A. Virtual Routing
  • B. Link Aggregation
  • C. SD-WAN
  • D. Multi-Path Routing

正解:C

解説:
FortiGate's SD-WAN feature enables load balancing and intelligent traffic steering across multiple WAN links based on criteria like bandwidth, latency, or application. Link Aggregation (B) bonds interfaces, Virtual Routing (C) is VRF, and Multi-Path Routing (D) is not a standard term. Exact extract: "SD-WAN enables load balancing and traffic steering across multiple WAN links, optimizing performance and reliability based on configured rules and metrics."


質問 # 33
Which FortiGate feature mitigates DDoS attacks by limiting the rate of incoming connections?

  • A. Web Filtering
  • B. DoS Policy
  • C. IPS Signature
  • D. Application Control

正解:B

解説:
FortiGate's DoS (Denial of Service) Policy limits the rate of incoming connections or packets to mitigate DDoS attacks, such as SYN floods, by setting thresholds for specific traffic types. IPS Signatures (B) detect specific attack patterns, Application Control (C) manages app usage, and Web Filtering (D) blocks URLs, none of which focus on rate limiting. Exact extract: "DoS policies protect against DDoS attacks by limiting the rate of incoming connections or packets, such as SYN floods, based on configured thresholds."


質問 # 34
In VMware vSphere, the term VMotion refers to

  • A. The process used to describe the movement of hard drive platters on a virtual machine
  • B. The streaming of high definition video on a virtual machine
  • C. A zero downtime live migration of workloads from one server to another
  • D. The patented technology available to migrate a server from Hyper-V to VMware

正解:C

解説:
VMotion in VMware vSphere enables live migration of running virtual machines from one physical server to another with zero downtime, ensuring continuous operation. Fortinet's FortiGate-VM supports such environments. Options A, C, and D are incorrect as they do not describe VMotion; C refers to a different migration scenario, and D is unrelated to virtualization. Exact extract: "VMotion allows the live migration of a running virtual machine from one physical server to another with no downtime... This ensures workloads continue running during server maintenance or load balancing."


質問 # 35
What is the purpose of the FortiGate 'diagnose debug flow' command?

  • A. To monitor system performance metrics
  • B. To display real-time packet captures
  • C. To troubleshoot routing table issues
  • D. To show the packet flow through firewall policies

正解:D

解説:
The 'diagnose debug flow' command in FortiGate is used to troubleshoot how packets are processed through firewall policies, showing details like policy matching, NAT, and session handling. It helps identify why packets are allowed or dropped. Option A refers to packet sniffing, B to routing diagnostics, and D to performance monitoring, none of which are the primary function. Exact extract: "The diagnose debug flow command displays the packet flow through FortiGate, including policy matching, NAT, and session details, useful for troubleshooting traffic issues."


質問 # 36
Link aggregation allows network devices to________

  • A. Increase bandwidth of an interface
  • B. Increase bandwidth by binding physical interfaces into a single channel
  • C. Restrict the bandwidth
  • D. None of the above

正解:B

解説:
Link aggregation, also known as IEEE 802.3ad or 802.1ax, enables the binding of multiple physical interfaces to form a single logical interface, which increases the overall bandwidth and provides redundancy. This is achieved by combining the bandwidth of the individual links into one aggregated link. For example, if two
1Gbps interfaces are aggregated, the logical link can provide up to 2Gbps bandwidth. This configuration is commonly used in FortiGate devices to enhance network performance without replacing hardware. The option B correctly describes this by stating "Increase bandwidth by binding physical interfaces into a single channel," which aligns with the official description. Incorrect options include A, which is vague and does not specify the method of binding multiple interfaces; C, which is the opposite of the purpose; and D, which is invalid.
Exact extract: Link aggregation (IEEE 802.3ad/802.1ax) enables you to bind two or more physical interfaces together to form an aggregated (combined) link. This new link ... Link aggregation combines multiple physical interfaces into a single logical interface, increasing bandwidth and link redundancy. Traffic is distributed evenly.


質問 # 37
What happens when a router receives a packet for forwarding with a TTL value of 1?

  • A. It decreases the value to 0 and then forwards it
  • B. The packet is only forwarded through the router to a locally attached network
  • C. The TTL is decreased to 0, the packet is dropped and an ICMP message is sent to the transmitting IP
  • D. It increments it and passes it on to the next router

正解:C

解説:
When a router, such as a FortiGate, receives a packet with a TTL (Time to Live) of 1, it decrements the TTL to 0, drops the packet, and sends an ICMP Time Exceeded message to the source IP. This prevents infinite loops in routing. Option A is incorrect as TTL is decremented, not incremented; B and D are incorrect as the packet is not forwarded when TTL reaches 0. Exact extract: "When a packet's TTL reaches 1, the router decrements it to 0, drops the packet, and sends an ICMP Time Exceeded message to the source IP address to prevent routing loops."


質問 # 38
Which statement is true about IPsec VPNs and SSL VPNs?

  • A. SSL VPN creates a HTTPS connection. IPsec does not
  • B. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device
  • C. All of the above
  • D. Both SSL VPNs and IPsec VPNs are standard protocols

正解:C

解説:
Both SSL VPN and IPsec VPN are standard protocols supported by FortiGate devices for secure remote access. SSL VPN typically uses HTTPS (TCP port 443) for encrypted communication, while IPsec uses protocols like IKE and ESP. Both can be configured between an end-user workstation (e.g., via FortiClient) and a FortiGate device, supporting various authentication methods. All options are correct, making D the correct answer. Exact extract: "SSL VPN technology uses the standard SSL/TLS protocol to provide a secure connection to the FortiGate unit. The FortiGate SSL VPN can be configured to use HTTPS..." and "IPsec VPNs use standardized protocols like IKE and ESP to create secure tunnels... FortiClient supports both IPsec and SSL VPN connections to FortiGate devices for remote access."


質問 # 39
Which of the following Authentication protocols uses clear text?

  • A. PAP
  • B. EAP
  • C. CHAP
  • D. MSCHAP

正解:A

解説:
PAP (Password Authentication Protocol) sends username and password in clear text over the network, making it insecure. CHAP uses challenge-response with hash, MSCHAP is Microsoft variant with hash, EAP is extensible and can use various methods but not inherently clear text. Exact extract: It's "impossible" to authenticate wireless users based on EAP-PEAP sessions agains OpenLdap, except, if the users using clear text authetication methods (PAP). Clear text HTTP authentication is not secure. All user names and data (and, depending on the authentication style, passwords) are sent in clear text. If you ... Fortinet ... Password Authentication Protocol (PAP). Used to authenticate PPP connections. Transmits passwords and other user information in clear text. The default token page contains a "Token Code:" text field. Recommended customization. It's recommended to delete the "Token Code:" text. FortiWeb will use ... If you follow the configuration guide for NPS you'll see (step 9) you need to enable "Unencrypted authentication (PAP, SPAP)" (link below).


質問 # 40
What does the FortiGate 'set nat enable' command do in a firewall policy?

  • A. Enables NAT for outgoing traffic
  • B. Disables NAT for the policy
  • C. Forces NAT to use a specific IP pool
  • D. Enables NAT for incoming traffic only

正解:A

解説:
The 'set nat enable' command in a FortiGate firewall policy enables Source NAT (SNAT) for outgoing traffic, typically rewriting the source IP to the FortiGate's interface IP or an IP pool. It does not disable NAT (B), force a specific pool (C), or limit to incoming traffic (D). Exact extract: "The 'set nat enable' command in a firewall policy enables Source NAT, rewriting the source IP address of outgoing traffic to the egress interface IP or a configured NAT pool."


質問 # 41
In Active FTP who sends the PORT command?

  • A. There is no PORT command in Active FTP
  • B. The FTP Client
  • C. The FTP Server
  • D. Both

正解:B

解説:
In Active FTP, the client sends the PORT command to the server, specifying an ephemeral port for the server to initiate the data connection back to the client. This distinguishes Active FTP from Passive FTP, where the server provides the port. The server does not send PORT, and the command is a key part of Active FTP. Exact extract: "In Active FTP, the client sends a PORT command to the server, specifying the IP address and port number for the data connection... The server then initiates the data connection to the client's specified port."


質問 # 42
Which FortiGate command displays the current routing table?

  • A. show router status
  • B. get system route
  • C. diagnose netlink route list
  • D. get router info routing-table all

正解:D

解説:
The 'get router info routing-table all' command displays the FortiGate's current routing table, including all active routes and their details. Options B, C, and D are not valid or specific for this purpose. Exact extract:
"Use 'get router info routing-table all' to display the complete routing table, showing destination, gateway, interface, and metric for all routes."


質問 # 43
Link aggregation allows network devices to________

  • A. Increase bandwidth of an interface
  • B. Increase bandwidth by binding physical interfaces into a single channel
  • C. Restrict the bandwidth
  • D. None of the above

正解:B

解説:
Link aggregation, also known as IEEE 802.3ad or 802.1ax, enables the binding of multiple physical interfaces to form a single logical interface, which increases the overall bandwidth and provides redundancy. This is achieved by combining the bandwidth of the individual links into one aggregated link. For example, if two
1Gbps interfaces are aggregated, the logical link can provide up to 2Gbps bandwidth. This configuration is commonly used in FortiGate devices to enhance network performance without replacing hardware. The option B correctly describes this by stating "Increase bandwidth by binding physical interfaces into a single channel," which aligns with the official description. Incorrect options include A, which is vague and does not specify the method of binding multiple interfaces; C, which is the opposite of the purpose; and D, which is invalid.
Exact extract: Link aggregation (IEEE 802.3ad/802.1ax) enables you to bind two or more physical interfaces together to form an aggregated (combined) link. This new link ... Link aggregation combines multiple physical interfaces into a single logical interface, increasing bandwidth and link redundancy. Traffic is distributed evenly.


質問 # 44
Which FortiGate feature allows for policy-based routing?

  • A. Dynamic Routes
  • B. Policy Routes
  • C. SD-WAN Rules
  • D. Static Routes

正解:B

解説:
Policy Routes in FortiGate allow routing decisions based on criteria like source, destination, or service, overriding the default routing table. SD-WAN Rules (A) are for WAN optimization, Static Routes (C) are fixed, and Dynamic Routes (D) are protocol-based, not policy-based. Exact extract: "Policy Routes allow FortiGate to make routing decisions based on user-defined criteria, such as source/destination IPs or services, overriding standard routing."


質問 # 45
Which protocol is used by FortiGate to synchronize session tables in an HA cluster?

  • A. BGP
  • B. FGCP
  • C. OSPF
  • D. VRRP

正解:B

解説:
The FortiGate Cluster Protocol (FGCP) is used to synchronize session tables, configuration, and state information between HA cluster members to ensure seamless failover. VRRP (B) is for router redundancy, OSPF (C) and BGP (D) are routing protocols, not used for HA synchronization. Exact extract: "FGCP synchronizes session tables, configurations, and state information between FortiGate HA cluster members to ensure continuity during failover."


質問 # 46
How does a stateful firewall control a TCP session?

  • A. TCP source ports are used to control the session
  • B. TCP sequence numbers and TCP flags are used to control the session
  • C. TCP ack numbers are used to control the session
  • D. TCP destination ports are used to control the session

正解:B

解説:
A stateful firewall, like FortiGate, tracks TCP sessions by maintaining a state table that includes TCP sequence numbers and flags (e.g., SYN, ACK, FIN) to monitor the connection's lifecycle (establishment, data transfer, termination). This ensures proper session handling, detecting out-of-order packets or invalid states.
Source and destination ports identify the session but don't control its state, and ACK numbers alone are insufficient. Exact extract: "Stateful inspection tracks TCP sessions using sequence numbers and TCP flags (SYN, ACK, FIN, etc.) to ensure packets are valid and part of an established session... FortiGate maintains a state table to monitor the TCP connection states."


質問 # 47
Client is connected to firewall via link with MTU 1500 bytes, server is connected to firewall via link with MTU 1496 bytes. The firewall is rewriting both sender and receiver tcp-mss to 1450 bytes. What maximum size of IP packets are we going to see when client connects to server?

  • A. 1496 bits
  • B. 1500 bytes
  • C. 1450 bytes
  • D. 1500 bits
  • E. 1496 bytes
  • F. 1450 bits

正解:C

解説:
The TCP MSS (Maximum Segment Size) defines the maximum TCP payload size, excluding headers. When the firewall sets MSS to 1450 bytes, the TCP segment size is limited to this value. For IP packets, the total size includes the TCP header (20 bytes) and IP header (20 bytes), so 1450 (MSS) + 20 (TCP) + 20 (IP) = 1490 bytes, which fits within both link MTUs (1500 and 1496 bytes). Thus, the maximum IP packet size is not limited by the link MTUs but by the MSS, adjusted for headers. Options C and F (bits) are incorrect units; A and B exceed the MSS limit. Exact extract: "The TCP MSS is adjusted to prevent fragmentation... FortiGate can rewrite the MSS in TCP SYN packets to ensure the total IP packet size (including IP and TCP headers) does not exceed the configured value."


質問 # 48
Which of the following are classful addresses? (Select all that apply below)

  • A. 172.16.0.0/16
  • B. 172.16.0.0/24
  • C. 10.225.30.0/8
  • D. 10.225.30.0/16

正解:A、C

解説:
Classful addressing follows the original IP address classes: Class A (/8), Class B (/16), and Class C (/24).
Option A (10.225.30.0/8) is a Class A address, and C (172.16.0.0/16) is a Class B address. Option B (10.225.30.0/16) and D (172.16.0.0/24) use non-standard masks for their respective ranges, making them classless (CIDR). The original document incorrectly lists only A. Fortinet routing supports both classful and classless addressing. Exact extract: "Classful addressing uses fixed subnet masks: Class A (/8), Class B (/16), and Class C (/24)... Addresses like 10.0.0.0/8 and 172.16.0.0/16 are classful, while non-standard masks indicate classless addressing."


質問 # 49
......

究極のガイドEMEA-Advanced-Support認証試験準備Fortinet NSE:https://jp.fast2test.com/EMEA-Advanced-Support-premium-file.html

無料最新のFortinet NSE EMEA-Advanced-Supportリアル試験問題と解答:https://drive.google.com/open?id=16MrfTql3sSRRRK8kYRrd-phzhw49wW-8


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어