How does FortiGate act when using SSL VPN in web mode? 〖在web模式下使用SSL VPN时FortiGate是如何操作的?〗
A. FortiGate acts as an FDS server. 〖FortiGate充当FDS服务器。〗
B. FortiGate acts as an HTTP reverse proxy. 〖FortiGate充当HTTP反向代理。〗
C. FortiGate acts as DNS server. 〖FortiGate充当DNS服务器。〗
D. FortiGate acts as router. 〖FortiGate充当路由器。〗
【分析】教程篇(7.0) 12. FortiGate安全 & SSL安全隧道 ❀ Fortinet 网络安全专家 NSE 4
与其他任何HTTPS网站一样,你只需登录到FortiGate上的SSL VPN门户网站页面。它的作用类似于服务器端反向代理,或简单的安全HTTP/HTTPS网关,将你与专用网络上的应用程序连接起来。
【答案】B
Which three statements about a flow-based antivirus profile are correct? (Choose three.) 〖哪三条关于基于流的反病毒配置文件的陈述是正确的? (选择三个)〗
A. IPS engine handles the process as a standalone. 〖IPS引擎独立处理该进程。〗
B. FortiGate buffers the whole file but transmits to the client simultaneously. 〖FortiGate缓冲整个文件,但同时传输给客户端。〗
C. If the virus is detected, the last packet is delivered to the client. 〖如果检测到病毒,则将最后一个数据包发送到客户端。〗
D. Optimized performance compared to proxy-based inspection. 〖与基于代理的检测相比,性能得到了优化。〗
E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection. 〖基于流的检测使用了基于代理的检测中可用的扫描模式的混合。〗
【分析】教程篇(7.0) 10. FortiGate安全 & 反病毒 ❀ Fortinet 网络安全专家 NSE 4
【答案】B D E
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). 〖参考提示查看防火墙策略(提示A)和反病毒配置文件(提示B)〗
Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time? 〖如果用户在第一次下载受感染的文件时无法收到阻断替换消息,那么哪一种说法是正确的?〗
A. The firewall policy performs the full content inspection on the file. 〖防火墙策略对文件进行全内容检查。〗
B. The flow-based inspection is used, which resets the last packet to the user. 〖采用基于流的检测,将最后一个报文重置给用户。〗
C. The volume of traffic being inspected is too high for this model of FortiGate. 〖对于这个型号的FortiGate来说,被检查的流量太高了。〗
D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode. 〖当采用基于流的检测方式时,需要开启入侵防御安全配置文件。〗
【分析】教程篇(7.0) 10. FortiGate安全 & 反病毒 ❀ Fortinet 网络安全专家 NSE 4
在流模式下,FortiGate丢弃最后一个数据包,终止文件。但因此,无法显示块替换消息。如果再次尝试下载该文件,则会显示阻塞消息。
【答案】B
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. 〖某网络管理员希望在FortiGate上使用两条IPsec VPN隧道和静态路由建立冗余IPsec VPN隧道。〗
* All traffic must be routed through the primary tunnel when both tunnels are up 〖当两条隧道都处于up状态时,所有流量必须通过主隧道进行路由〗
* The secondary tunnel must be used only if the primary tunnel goes down 〖只有当主隧道发生故障时,才能使用备用隧道〗
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover 〖此外,FortiGate应该能够检测死亡隧道,以加速隧道的故障转移〗
Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.) 〖为了满足设计要求,需要对FortiGate进行哪两个关键配置更改?(选择两个)〗
A. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel. 〖主隧道静态路由配置高距离,备用隧道静态路由配置低距离。〗
B. Enable Dead Peer Detection. 〖启用Dead Peer Detection功能。〗
C. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel. 〖主隧道的静态路由配置距离较低,备用隧道的静态路由配置距离较高。〗
D. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels. 〖在两条隧道的第二阶段配置中启动Auto-negotiate和Autokey Keep Alive。〗
【分析】教程篇(7.0) 05. FortiGate基础架构 & IPsec安全隧道 ❀ Fortinet 网络安全专家 NSE 4
【答案】B C
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate? 〖在下一代防火墙(NGFW) FortiGate上,哪个引擎处理应用程序控制流量?〗
A. Antivirus engine 〖反病毒引擎〗
B. Intrusion prevention system engine 〖入侵防御系统引擎〗
C. Flow engine 〖流引擎〗
D. Detection engine 〖检测引擎〗
【分析】教程篇(7.0) 09. FortiGate安全 & 应用控制 ❀ Fortinet 网络安全专家 NSE 4
【答案】B
Refer to the exhibit. 〖参考提示〗
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.) 〖给定提示中显示的接口。哪两个表述是正确的?(选择两个)〗
A. Traffic between port2 and port2-vlan1 is allowed by default. 〖缺省情况下,port2和port2-vlan1之间的流量是允许的。〗
B. port1-vlan10 and port2-vlan10 are part of the same broadcast domain. 〖port1-vlan10和port2-vlan10属于同一个广播域。〗
C. port1 is a native VLAN. 〖port1为本地VLAN。〗
D. port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs. 〖port1-vlan1和port2-vlan1可以在同一个VDOM中分配,也可以在不同的VDOM中分配。〗
【分析】教程篇(7.0) 04. FortiGate基础架构 & 二层交换 ❀ Fortinet 网络安全专家 NSE 4
通过图形化方式创建VLAN时,单击“新建”,选择“接口”,然后在“类型”下拉列表框中选择“VLAN”。必须指定VLAN ID和要绑定的物理接口。属于该类型接口的帧总是被标记。另一方面,物理接口段发送或接收的帧不会被打上标签。它们属于所谓的本地VLAN (VLAN ID0)。
【答案】C D
Which statement about video filtering on FortiGate is true? 〖关于FortiGate上的视频过滤,哪个说法是正确的?〗
A. Full SSL Inspection is not required. 〖不需要进行SSL完全检查。〗
B. It is available only on a proxy-based firewall policy. 〖它仅在基于代理的防火墙策略中可用。〗
C. It inspects video files hosted on file sharing services. 〖它检查托管在文件共享服务的视频文件。〗
D. Video filtering FortiGuard categories are based on web filter FortiGuard categories. 〖视频过滤的FortiGuard分类是基于web过滤的FortiGuard分类。〗
【分析】教程篇(7.0) 08. FortiGate安全 & Web过滤 ❀ Fortinet 网络安全专家 NSE 4
【答案】B
Refer to the exhibit. 〖参考提示〗
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.) 〖根据图中显示的安全结构拓扑,哪两种说法是正确的?(选择两个)〗
A. There are five devices that are part of the security fabric. 〖有五个设备是安全架构的一部分。〗
B. Device detection is disabled on all FortiGate devices. 〖在所有FortiGate设备上禁用设备检测。〗
C. This security fabric topology is a logical topology view. 〖这种安全架构拓扑是一种逻辑拓扑视图。〗
D. There are 19 security recommendations for the security fabric. 〖对于安全架构,有19条安全建议。〗
【分析】教程篇(7.0) 02. FortiGate安全 & 安全架构 ❀ Fortinet 网络安全专家 NSE 4
安全等级提供关于FortiGate设置的建议。这些建议以通知的形式显示在设置页面上,
【答案】C D
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. 〖网络管理员已在FortiGate上开启SSL证书检测和反病毒功能。当通过HTTP方式下载EICAR测试文件时,FortiGate会检测并阻止该文件。通过HTTPS下载同一文件时,FortiGate不会检测到病毒,可以下载该文件。〗
What is the reason for the failed virus detection by FortiGate? 〖FortiGate检测病毒失败的原因是什么?〗
A. Application control is not enabled 〖应用程序控制未启用〗
B. SSL/SSH Inspection profile is incorrect 〖SSL/SSH检测配置文件不正确〗
C. Antivirus profile configuration is incorrect 〖反病毒配置文件配置错误〗
D. Antivirus definitions are not up to date 〖反病毒定义不是最新的〗
【分析】教程篇(7.0) 10. FortiGate安全 & 反病毒 ❀ Fortinet 网络安全专家 NSE 4
HTTPS是加密协议。
【答案】B
Refer to the exhibits. 〖参考提示〗
Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.) 〖附录A显示了系统性能输出。附录B显示了FortiGate配置的高内存使用率阈值的默认配置。根据系统性能输出,哪两条语句是正确的?(选择两个)〗
A. Administrators can access FortiGate only through the console port. 〖管理员只能通过console口访问FortiGate。〗
B. FortiGate has entered conserve mode. 〖FortiGate已进入保护模式。〗
C. FortiGate will start sending all files to FortiSandbox for inspection. 〖FortiGate将开始发送所有文件到FortiSandbox进行检查。〗
D. Administrators cannot change the configuration. 〖管理员不能修改配置。〗
【分析】
内存占用达到90%,进入保护模式。
【答案】B D
377
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
