The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. 〖当web filter配置文件中同时启用了多个功能时,web过滤中的HTTP检测过程有一定的顺序。〗
What order must FortiGate use when the web filter profile has features enabled, such as safe search? 〖当web过滤配置文件启用了诸如安全搜索等功能时,FortiGate必须使用什么顺序?〗
A. DNS-based web filter and proxy-based web filter 〖基于dns的web过滤和基于代理的web过滤〗
B. Static URL filter, FortiGuard category filter, and advanced filters 〖静态URL过滤、FortiGuard类别过滤和高级过滤〗
C. Static domain filter, SSL inspection filter, and external connectors filters 〖静态域过滤、SSL检查过滤和外部连接器过滤〗
D. FortiGuard category filter and rating filter 〖FortiGuard类别过滤和评级过滤〗
【分析】教程篇(7.0) 08. FortiGate安全 & Web过滤 ❀ Fortinet 网络安全专家 NSE 4
【答案】B
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy? 〖如果防火墙策略中Source已选择Internet Service,那么防火墙策略的Source字段中还可以添加哪些配置对象?〗
A. IP address 〖IP地址〗
B. Once Internet Service is selected, no other object can be added 〖一旦Internet Service被选中,就不能添加其他对象〗
C. User or User Group 〖用户/用户组〗
D. FQDN address 〖FQDN地址〗
【分析】教程篇(7.0) 03. FortiGate安全 & 防火墙策略 ❀ Fortinet 网络安全专家 NSE 4
你还可以使用internet服务(ISDB)对象作为防火墙策略中的源。防火墙策略中的internet服务对象和源地址对象之间存在一种关系。这意味着你可以选择一个源地址或一个internet服务,但不能同时选择两个。
【答案】B
Which statement about the IP authentication header (AH) used by IPsec is true? 〖关于IPsec使用的IP认证头(AH)的哪句话是正确的?〗
A. AH does not provide any data integrity or encryption. 〖AH不提供任何数据完整性或加密。〗
B. AH does not support perfect forward secrecy. 〖AH不支持完全的前向保密。〗
C. AH provides data integrity bur no encryption. 〖AH提供数据完整性,但不加密。〗
D. AH provides strong data integrity but weak encryption. 〖AH提供了较强的数据完整性,但较弱的加密。〗
【分析】教程篇(7.0) 05. FortiGate基础架构 & IPsec安全隧道 ❀ Fortinet 网络安全专家 NSE 4
【答案】C
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices? 〖在创建防火墙策略时,添加哪个属性支持在FortiAnalyzer或FortiManager上记录日志,并在FortiGate与这些设备集成时提高功能?〗
A. Log ID 〖日志ID〗
B. Universally Unique Identifier 〖通用唯一识别码〗
C. Policy ID 〖策略ID〗
D. Sequence ID 〖序列ID〗
【分析】教程篇(7.0) 03. FortiGate安全 & 防火墙策略 ❀ Fortinet 网络安全专家 NSE 4
在创建防火墙对象或策略时,会添加一个统一唯一标识符(UUID)属性,当整合FortiManager和FortiAnalyzer时,以便日志可以记录这些UUID和改善功能。
【答案】B
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below. 〖检查提示中的IPS传感器和DoS策略配置,然后回答下面的问题。〗
When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first? 〖检测攻击时,FortiGate会先评估哪个异常、特征或过滤器?〗
A. SMTP.Login.Brute.Force
B. IMAP.Login.brute.Force
C. ip_src_session
D. Location: server Protocol: SMTP
【分析】
【答案】B
Refer to the exhibit. 〖参考提示〗
According to the certificate values shown in the exhibit, which type of entity was the certificate issued to? 〖根据提示中显示的证书值,该证书颁发给了哪种类型的实体?〗
A. A user
B. A root CA
C. A bridge CA
D. A subordinate
【分析】教程篇(7.0) 07. FortiGate安全 & 证书的操作 ❀ Fortinet 网络安全专家 NSE 4
【答案】A
Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.) 〖对于防火墙策略使用出接口IP地址进行NAT转换固定端口禁用,哪些说法是正确的?(选择两个)〗
A. This is known as many-to-one NAT. 〖这就是所谓的多对一NAT。〗
B. Source IP is translated to the outgoing interface IP. 〖源IP地址转换为出接口IP地址。〗
C. Connections are tracked using source port and source MAC address. 〖使用源端口和源MAC地址跟踪连接。〗
D. Port address translation is not used. 〖没有使用端口地址转换。〗
【分析】教程篇(7.0) 04. FortiGate安全 & NAT ❀ Fortinet 网络安全专家 NSE 4
当防火墙策略启用NAT功能时,源NAT选项使用出接口地址。这是一种多对一NAT。换句话说,使用PAT,使用原始源地址和源端口组合来跟踪连接 (选项C错),以及分配的源端口。这与重载IP池类型的行为相同,你也将了解重载IP池类型。
你可以选择一个固定端口,在这种情况下,源端口转换是禁用的。对于固定端口,如果有两个或多个连接对同一个IP地址使用同一个源端口,则只能建立一个连接。
【答案】A D
Refer to the exhibit, which contains a static route configuration. 〖参考提示,包含静态路由配置的内容。〗
An administrator created a static route for Amazon Web Services. 〖管理员为Amazon Web Services创建静态路由。〗
What CLI command must the administrator use to view the route? 〖管理员需要使用什么CLI命令查看路由?〗
A. get router info routing-table all
B. get internet service route list
C. get router info routing-table database
D. diagnose firewall proute list
【分析】教程篇(7.0) 01. FortiGate基础架构 & 路由 ❀ Fortinet 网络安全专家 NSE 4
尽管ISDB路由被配置为静态路由,但它们实际上是策略路由,在路由表中优先于任何其他路由。因此,ISDB路由被添加到策略路由表中。
【答案】D
Refer to the exhibit to view the firewall policy. 〖参考提示,查看防火墙策略。〗
Which statement is correct if well-known viruses are not being blocked? 〖如果知名病毒没有被阻止,那么哪种说法是正确的?〗
A. The firewall policy does not apply deep content inspection. 〖防火墙策略没有应用深度内容检查。〗
B. The firewall policy must be configured in proxy-based inspection mode. 〖防火墙策略必须采用代理方式配置。〗
C. The action on the firewall policy must be set to deny. 〖防火墙策略的动作必须设置为拒绝。〗
D. Web filter should be enabled on the firewall policy to complement the antivirus profile. 〖防火墙策略中应启用Web过滤器,以补充反病毒配置文件。〗
【分析】
【答案】A
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections? 〖FortiGate提供了哪些安全功能来保护位于内部网络中的服务器免受SQL注入等攻击?〗
A. Denial of Service 〖拒绝服务〗
B. Web application firewall 〖Web应用防火墙〗
C. Antivirus 〖反病毒〗
D. Application control 〖应用控制〗
【分析】教程篇(7.0) 11. FortiGate安全 & 入侵防御和拒绝服务 ❀ Fortinet 网络安全专家 NSE 4
FortiGate的一些特性旨在保护客户端,而不是服务器。例如,FortiGuard的web过滤功能是根据服务器的网页类别对请求进行屏蔽。反病毒可以防止客户端意外下载间谍软件和蠕虫。这两种方法都不能保护服务器(服务器不发送请求,而是接收请求)免受恶意脚本或SQL注入的伤害。保护web服务器需要一种不同的方法,因为它们会受到其他类型的攻击。这就是WAF应用的地方。
【答案】B
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
