Which two statements are correct about NGFW Policy-based mode? (Choose two.) 〖关于NGFW基于策略模式,哪两种说法是正确的? (选择两个) 〗
A. NGFW policy-based mode does not require the use of central source NAT policy 〖NGFW基于策略模式不需要使用中央源NAT策略〗
B. NGFW policy-based mode can only be applied globally and not on individual VDOMs 〖NGFW基于策略模式只能应用于全局,不能应用于单个VDOM〗
C. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy 〖NGFW基于策略模式支持直接在防火墙策略中创建应用和web过滤分类〗
D. NGFW policy-based mode policies support only flow inspection 〖NGFW基于策略模式策略只支持流量检测〗
【分析】教程篇(7.0) 08. FortiGate安全 & Web过滤 ❀ Fortinet 网络安全专家 NSE 4
【答案】C D
Refer to the exhibit. 〖参考提示〗
Which contains a session diagnostic output. Which statement is true about the session diagnostic output? 〖其中包含会话诊断输出。关于会话诊断输出,下面哪个说法是正确的?〗
A. The session is in SYN_SENT state. 〖会话处于SYN_SENT状态〗
B. The session is in FIN_ACK state. 〖会话处于FIN_ACK状态〗
C. The session is in FTN_WAIT state. 〖会话处于FIN_WAIT状态〗
D. The session is in ESTABLISHED state. 〖会话处于ESTABLISHED状态〗
【分析】教程篇(7.0) 04. FortiGate安全 & NAT ❀ Fortinet 网络安全专家 NSE 4
因为图片中TCP协议状态 proto_state=02,因此会话处理SYN_SENT状态。
【答案】A
Which two statements about antivirus scanning mode are true? (Choose two.) 〖关于反病毒扫描模式,哪两个说法是正确的?(选择两个)〗
A. In proxy-based inspection mode, files bigger than the buffer size are scanned. 〖在基于代理的检测模式下,大于缓冲区大小的文件将被扫描。〗
B. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client. 〖在基于流的检测模式下,FortiGate对文件进行缓冲,同时将文件传输给客户端。〗
C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client. 〖在基于代理的检测模式下,反病毒扫描会将整个文件缓冲起来进行扫描,然后再发送给客户端。〗
D. In flow-based inspection mode, files bigger than the buffer size are scanned. 〖在基于流的检测模式下,大于缓冲区大小的文件被扫描。〗
【分析】教程篇(7.0) 10. FortiGate安全 & 反病毒 ❀ Fortinet 网络安全专家 NSE 4
【答案】B C
Refer to the web filter raw logs. 〖参考web过滤原始日志〗
Based on the raw logs shown in the exhibit, which statement is correct? 〖根据提示中显示的原始日志,哪一种说法是正确的?〗
A. Social networking web filter category is configured with the action set to authenticate. 〖social networking web过滤类别的配置动作为authenticate。〗
B. The action on firewall policy ID 1 is set to warning. 〖策略ID 1的处理方式为警告。〗
C. Access to the social networking web filter category was explicitly blocked to all users. 〖social networking web过滤类别的访问被明确禁止给所有用户。〗
D. The name of the firewall policy is all_users_web. 〖防火墙策略名称为all_users_web。〗
【分析】教程篇(7.0) 08. FortiGate安全 & Web过滤 ❀ Fortinet 网络安全专家 NSE 4
第一次的动作为阻止,当验证通过后,第二次的动作为通过。所以动作为authenticate。
【答案】A
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.) 〖FortiGate设备是主动-主动HA集群时,同步哪两个配置设置?(选择两个)〗
A. FortiGuard web filter cache 〖FortiGuard Web过滤缓存〗
B. FortiGate hostname 〖FortiGate 主机名称〗
C. NTP
D. DNS
【分析】教程篇(7.0) 07. FortiGate基础架构 & 高可用性(HA) ❀ Fortinet 网络安全专家 NSE 4
排除两个不同步的选项,其它就是同步的了。
【答案】C D
An administrator wants to configure timeouts for users. Regardless of the user's behavior, the timer should start as soon as the user authenticates and expire after the configured value. 〖管理员需要为用户配置超时时间。无论用户的行为如何,计时器应该在用户身份验证后立即启动,并在配置的值之后过期。〗
Which timeout option should be configured on FortiGate? 〖应该在FortiGate上配置哪个超时选项?〗
A. auth-on-demand
B. soft-timeout
C. idle-timeout
D. new-session
E. hard-timeout
【分析】教程篇(7.0) 05. FortiGate安全 & 防火墙认证 ❀ Fortinet 网络安全专家 NSE 4
【答案】E
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session? 〖为什么FortiGate的TCP会话在会话表中保持几秒钟,即使双方(客户端和服务器)已经终止了会话?〗
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets 〖允许在FIN/ACK报文到达后出现乱序报文〗
B. To finish any inspection operations 〖完成任何检查操作〗
C. To remove the NAT operation 〖取消NAT操作〗
D. To generate logs 〖生成日志〗
【分析】教程篇(7.0) 04. FortiGate安全 & NAT ❀ Fortinet 网络安全专家 NSE 4
当一个会话被双方关闭时,FortiGate将该会话在会话表中多保留几秒钟,以允许在FIN/ACK包之后可能到达的任何乱序包。这个状态值是5。
【答案】A
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.) 〖哪两个协议被用来允许管理员访问FortiGate设备?(选择两个)〗
A. SSH
B. HTTPS
C. FTM
D. FortiTelemetry
【分析】教程篇(7.0) 01. FortiGate安全 & 简介及初始配置 ❀ Fortinet 网络安全专家 NSE 4
【答案】A B
Refer to the exhibit.〖参考提示〗
Examine the intrusion prevention system (IPS) diagnostic command. 〖检查入侵防御系统诊断命令。〗
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage? 〖如果选项5与IPS诊断命令一起使用,并且结果是CPU使用减少,那么哪一种表述是正确的?〗
A. The IPS engine was inspecting high volume of traffic. 〖IPS引擎正在检查高流量的通信。〗
B. The IPS engine was unable to prevent an intrusion attack. 〖IPS引擎无法阻止入侵攻击。〗
C. The IPS engine was blocking all traffic. 〖IPS引擎阻塞所有流量。〗
D. The IPS engine will continue to run in a normal state. 〖IPS引擎将继续以正常状态运行。〗
【分析】教程篇(7.0) 11. FortiGate安全 & 入侵防御和拒绝服务 ❀ Fortinet 网络安全专家 NSE 4
【答案】B
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. 〖缺省情况下,在使用FortiGuard服务器进行实时web过滤时,FortiGate配置为HTTPS。〗
Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? 〖哪个CLI命令将导致FortiGate使用一个不可靠的协议与FortiGuard服务器通信进行实时web过滤?〗
A. set fortiguard-anycast disable
B. set webfilter-force-off disable
C. set webfilter-cache disable
D. set protocol tcp
【分析】教程篇(7.0) 08. FortiGate安全 & Web过滤 ❀ Fortinet 网络安全专家 NSE 4
默认情况下,FortiGate被配置为强制使用HTTPS端口443来使用FortiGuard或FortiManager执行实时过滤。在CLI中关闭FortiGuard的anycast设置,其他端口和协议也可以使用。这些端口和协议用于查询服务器(FortiGuard或FortiManager) HTTPS端口53和8888、UDP端口443、53和8888。如果你使用的是UDP端口53,任何类型的检查都显示此流量不是DNS,并阻止服务工作。在这种情况下,你可以切换到另一个UDP端口443或8888,或将协议更改为HTTPS,但这些端口不能保证在所有网络中开放,因此必须事先检查。
【答案】A
扫一扫
1009
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
