Which subnet must the administrator configure for the local quick mode selector for site B? 〖管理员必须为站点B的本地快速模式选择器配置哪个子网?〗
A. 192.168.1.0/24
B. 192.168.0.0/24
C. 192.168.2.0/24
D. 192.168.3.0/24
A. Not used when FortiGate is in Transparent mode 〖当FortiGate处于透明模式时不使用〗
B. Elects the primary FortiGate device 〖选择主FortiGate设备〗
C. Runs only over the heartbeat links 〖仅在心跳链路上运行〗
D. Is used to discover FortiGate devices in different HA groups 〖用于发现不同HA组中的FortiGate设备〗
A. The keyUsage extension must be set to keyCertSign. 〖keyUsage扩展名必须设置为keyCertSign。〗
B. The common name on the subject field must use a wildcard name. 〖主题字段上的通用名称必须使用通配符名称。〗
C. The issuer must be a public CA. 〖发行人必须是一个公共CA。〗
D. The CA extension must be set to TRUE. 〖CA扩展必须设置为TRUE。〗
虽然看起来用户浏览器连接到web服务器,但浏览器连接到FortiGate。FortiGate是一个代理web服务器。为了让FortiGate扮演这些角色,它的CA证书必须将基本约束扩展设置为cA=True,并将keyUsage扩展的值设置为keyCertSign。
A. Proxy-based inspection 〖基于代理检查〗
B. Certificate inspection 〖证书检查〗
C. Flow-based inspection 〖基于流检查〗
D. Full Content inspection 〖完整内容检查〗
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. 〖Root和To_Internet VDOM采用NAT方式配置。DMZ和Local VDOM采用透明方式配置。〗
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem. 〖Root VDOM是管理VDOM。To_Internet VDOM用于局域网用户访问internet。To_Internet VDOM是唯一一个可以上网的VDOM,并且直接连接ISP调制解调器。〗
With this configuration, which statement is true? 〖对于这个配置,哪个描述是正确的?〗
A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs. 〖为了保证Local和Root VDOM之间的流量,需要配置Inter-VDOM链路。〗
B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet. 〖需要在To_Internet VDOM上配置静态路由,允许局域网用户访问internet。〗
C. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs. 〖为了允许Local和DMZ VDOM之间的流量,需要使用Inter-VDOM链路〗
D. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM. 〖Root VDOM和To_Internet VDOM之间不需要Inter-VDOM链路,因为Root VDOM仅用作管理VDOM。〗
Local和DMZ都是透明模式,Inter-VDOM无法连接两个透明模式,因此答案C错误。
The exhibit shows the IPS sensor configuration. 〖提示显示IPS传感器配置。〗
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.) 〖如果流量匹配此IPS传感器,该传感器将采取哪两个动作?(选择两个)〗
A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature. 〖该传感器将允许攻击者匹配NTP.Spoofed.Kod.Dos签名。〗
B. The sensor will block all attacks aimed at Windows servers. 〖该传感器将阻止所有针对Windows服务器的攻击。〗
C. The sensor will reset all connections that match these signatures. 〖传感器将重置所有匹配这些签名的连接。〗
D. The sensor will gather a packet log for all matched traffic. 〖传感器将收集所有匹配流量的包日志。〗
当IPS引擎将流量与每个过滤器中的签名进行比较时,顺序很重要。这些规则类似于防火墙策略匹配;引擎首先评估列表顶部的过滤器和签名,并应用第一个匹配项。引擎跳过后续的过滤器。
A. get system status
B. get system performance status
C. diagnose sys top
D. get system arp
如果你怀疑IP地址冲突,或者IP地址被分配给了错误的设备,你可能需要查看ARP表。为此,可以使用get system arp命令。
Which two statements about the debug flow output are correct? (Choose two.) 〖关于调试流输出的哪两个描述是正确的?(选择两个)〗
A. The debug flow is of ICMP traffic. 〖调试流为ICMP流量〗
B. A firewall policy allowed the connection. 〖防火墙策略允许此连接。〗
C. A new traffic session is created. 〖一个新的流量会话被创建。〗
D. The default route is required to receive a reply. 〖默认路由需要接收回复。〗
A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate. 〖客户端FortiGate需要CA在服务器FortiGate上签名的客户端证书。〗
B. The client FortiGate requires a manually added route to remote subnets. 〖客户端FortiGate需要手动添加到远端子网的路由。〗
C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN. 〖客户端FortiGate使用SSL VPN隧道接口类型连接SSL VPN。〗
D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate. 〖服务器FortiGate需要CA证书来验证客户端FortiGate证书。〗
A. System event logs 〖系统事件日志〗
B. Forward traffic logs 〖转发流量日志〗
C. Local traffic logs 〖本地流量日志〗
D. Security logs 〖安全日志〗
本地流量日志包含直接进出FortiGate管理IP地址的流量信息。它们还包括到GUl和FortiGuard查询的连接。
2768
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
