Which of the following SD-WAN load –balancing method use interface weight value to distribute traffic? (Choose two.) 〖下面哪种SD-WAN负载均衡方法使用接口权重值来分配流量?(选择两个)〗
A. Source IP
B. Spillover
C. Volume
D. Session
【分析】教程篇(7.0) 02. FortiGate基础架构 & SD-WAN本地分汇 ❀ Fortinet 网络安全专家 NSE 4
【答案】C D
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel? 〖在IPsec隧道的第二阶段配置中启用自动协商功能会有什么影响?〗
A. FortiGate automatically negotiates different local and remote addresses with the remote peer. 〖FortiGate自动与远端对等体协商不同的本地地址和远端地址。〗
B. FortiGate automatically negotiates a new security association after the existing security association expires. 〖FortiGate在现有安全联盟过期后自动协商一个新的安全联盟。〗
C. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer. 〖FortiGate与远端对等体自动协商不同的加密和认证算法。〗
D. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel. 〖FortiGate自动启动并保持IPsec隧道,无论IPsec隧道上的活动如何。〗
【分析】教程篇(7.0) 05. FortiGate基础架构 & IPsec安全隧道 ❀ Fortinet 网络安全专家 NSE 4
启用自动协商的另一个好处是,即使在没有兴趣流时,隧道也会自动出现并保持不变。
【答案】D
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used? 〖如果在虚拟IP (VIP)中配置了Services字段,那么在使用中央NAT时,哪一条是正确的?〗
A. The Services field prevents SNAT and DNAT from being combined in the same policy. 〖Services字段用于防止SNAT和DNAT合并在同一策略中。〗
B. The Services field is used when you need to bundle several VIPs into VIP groups. 〖当需要将几个VIP捆绑成VIP组时,将使用Services字段。〗
C. The Services field removes the requirement to create multiple VIPs for different services. 〖Services字段消除了为不同服务创建多个VIP的需求。〗
D. The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer. 〖Services字段防止多个信息源使用多个服务连接到一台计算机。〗
【分析】教程篇(7.0) 04. FortiGate安全 & NAT ❀ Fortinet 网络安全专家 NSE 4
在FortiGate,你可以配置对于DNAT的DNAT和VIP。一旦配置了VIP,FortiGate就会在内核中自动创建一条规则,以允许发生DNAT。你不需要做任何额外的配置。
你是否失去了为特定VIP和服务定义防火墙策略的粒度?
不,你没有。如果有多个WAN-to-internal策略和多个VIP,并且希望允许特定的VIP使用特定的服务,可以使用VIP映射IP的目的地址来定义每个防火墙策略,并选择允许或拒绝相应的服务。
【答案】C
Which two ways can RPF checking be disabled? (Choose two ) 〖哪两种方式可以禁用RPF检查?(选择两个)〗
A. Enable anti-replay in firewall policy. 〖防火墙策略启用防重放功能。〗
B. Disable the RPF check at the FortiGate interface level for the source check. 〖关闭源检查的FortiGate接口级RPF检查。〗
C. Enable asymmetric routing. 〖启用非对称路由。〗
D. Disable strict-arc-check under system settings. 〖在系统设置下禁用stric-acr-check。〗
【分析】教程篇(7.0) 01. FortiGate基础架构 & 路由 ❀ Fortinet 网络安全专家 NSE 4
【答案】B C
Which feature in the Security Fabric takes one or more actions based on event triggers? 〖安全架构中的哪些功能基于事件触发器采取一个或多个操作?〗
A. Fabric Connectors 〖架构连接器〗
B. Automation Stitches 〖自动化针〗
C. Security Rating 〖安全等级〗
D. Logical Topology 〖逻辑拓扑〗
【分析】教程篇(7.0) 02. FortiGate安全 & 安全架构 ❀ Fortinet 网络安全专家 NSE 4
【答案】B
Consider the topology: 〖考虑拓扑〗
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout. 〖管理员正在调查这样一个问题:应用程序通过FortiGate通过SSL VPN建立到Linux服务器的Telnet会话,空闲会话在大约90分钟后超时。管理员想要增加或禁用此超时。〗
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN. 〖管理员确认该问题不是由应用程序或Linux服务器引起的。当应用程序直接在局域网上建立到Linux服务器的Telnet连接时,不会发生这个问题。〗
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.) 〖管理员可以做哪两个更改来解决该问题而不影响通过FortiGate运行的服务?(选择两个)〗
A. Set the maximum session TTL value for the TELNET service object. 〖配置TELNET服务对象的最大会话TTL值。〗
B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes. 〖将SSLVPN策略上的会话TTL设置为最大值,这样90分钟后不会出现空闲会话超时。〗
C. Create a new service object for TELNET and set the maximum session TTL. 〖创建一个新的TELNET服务对象,并设置最大会话TTL。〗
D. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy. 〖创建一个新的防火墙策略,并将其置于SSLVPN流量的现有SSLVPN策略之上,并在策略中设置新的TELNET服务对象。〗
【分析】教程篇(7.0) 04. FortiGate安全 & NAT ❀ Fortinet 网络安全专家 NSE 4
会话TTL,它反映了FortiGate在不接收会话的任何数据包的情况下,在从其表中删除该会话之前可以运行多长时间。
【答案】C D
Which statements best describe auto discovery VPN (ADVPN). (Choose two.) 〖哪些语句最能描述自动发现VPN (ADVPN)。(选择两个)〗
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes. 〖它需要使用动态路由协议,使spoke能够学习到其他spoke的路由。〗
B. ADVPN is only supported with IKEv2. 〖仅IKEv2支持ADVPN。〗
C. Tunnels are negotiated dynamically between spokes. 〖隧道是在辐条之间动态协商的。〗
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance. 〖每个辐条都需要配置一条静态隧道到其他辐条上,以便提前定义阶段1和阶段2提案。〗
【分析】
【答案】A C
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. 〖FortiGate作为下一代防火墙(NGFW),直接在安全策略上应用web过滤和应用控制。〗
Which two other security profiles can you apply to the security policy? (Choose two.) 〖你还可以将另外哪两个安全配置文件应用到安全策略中?(选择两个)〗
A. Antivirus scanning 〖反病毒扫描〗
B. File filter 〖文件过滤〗
C. DNS filter 〖DNS过滤〗
D. Intrusion prevention 〖入侵防御〗
【分析】
【答案】A D
Which three methods are used by the collector agent for AD polling? (Choose three.) 〖哪三种方法被收集器代理用于AD轮询?(选择三个)〗
A. FortiGate polling
B. NetAPI
C. Novell API
D. WMI
E. WinSecLog
【分析】教程篇(7.0) 06. FortiGate基础架构 & 单点登录(FSSO) ❀ Fortinet 网络安全专家 NSE 4
【答案】B D E
Refer to the exhibit. 〖参考提示〗
Based on the raw log, which two statements are correct? (Choose two.) 〖根据原始日志,哪两种说法是正确的?(选择两个)〗
A. Traffic is blocked because Action is set to DENY in the firewall policy. 〖防火墙策略的动作配置为禁止,导致流量被阻断。〗
B. Traffic belongs to the root VDOM. 〖流量属于根VDOM。〗
C. This is a security log. 〖这是安全日志。〗
D. Log severity is set to error on FortiGate. 〖FortiGate日志级别设置为error。〗
【分析】
type=“utm” 表示这是安全日志,action=“blocked” 表示被阻断了。
【答案】A C
513
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
