A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.〖FortiGate防火墙在NAT/路由模式下操作,配置两个虚拟局域网(VLAN)子接口添加到相同的物理接口〗
Which one of the following statements is correct regarding the VLAN IDs in this scenario? 〖在这种情况下对于VLAN ID下面哪些描述是正确的?〗
A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets. 〖只要它们的IP在不同的子网两个VLAN子接口可以有相同的VLAN ID〗
B. The two VLAN sub-interfaces must have different VLAN IDs. 〖两个VLAN子网必须有不同的VLAN ID〗
C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.〖只要它们属于不同的VDOM两个VLAN子接口可以有相同的VLAN ID〗
D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.〖只要它们连接到L2 IEEE 802.1Q 兼容交换两个VLAN子接口可以有相同的VLAN ID〗
【分析】
在同一物理接口,VLAN ID值不能相同。
【答案】B
A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM.〖FortiGate防火墙管理员使用super_admin配置文件给一个新的用户配置一个虚拟域(VDOM),创建VDOM之后,管理员不能再分配DMZ接口到新的VDOM中,在图形介面上接口选项是灰色。〗
What would be a possible cause for this problem?〖这个问题的一个可能的原因是什么?〗
A. The administrator does not have the proper permissions to reassign the dmz interface. 〖管理员没有适当的权限分配dmz接口〗
B. The dmz interface is referenced in the configuration of another VDOM. 〖DMZ接口被其它的VDOM配置引用〗
C. Non-management VDOMs cannot reference physical interfaces. 〖非管理VDOMs不能引用物理接口〗
D. The dmz interface is in PPPoE or DHCP mode. 〖DMZ接口是PPPoE或DHCP模式〗
【分析】
在防火墙上用命令行启动虚拟域,帐号会退出,但防火墙不会重启。
系统信息里会显示虚拟域已经启动,菜单有所改变。
选择【全局】-【系统管理】-【VDOM】,点击【新建】可以建立新的虚拟域。
输入新建虚拟域的名称。
新建多个虚拟域。
选择【全局】-【网络】-【接口】,选择DMZ接口,点击【编辑】。
点击接口属性里的虚拟域选项,将接口加入到指定虚拟域中,只能加入一个虚拟域。
选择VDOM-1虚拟域,在接口属性中看到了有DMZ接口。一个接口只能加入到一个虚拟域中。
【答案】B
Which statements are correct regarding virtual domains (VDOMs)? (Choose two)〖哪些关于虚拟域(VDOMs)的描述是正确的? (选择两个)〗
A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs.〖VDOMs把一个FortiGate设备划分为两个或多个虚拟设备,每个设备都有专门的内存和cpu〗
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.〖管理VDOM控制SNMP、日志、提醒邮件和FDN-based的更新〗
C. VDOMs share firmware versions, as well as antivirus and IPS databases.〖VDOMs分享固件版本以及防病毒和IPS数据库〗
D. Different time zones can be configured in each VDOM.〖在每个VDOM可以配置不同的时区〗
【分析】
管理VDOM控制FortiGuard所有的更新。
所有虚拟域共享固件版本和系统时间。
【答案】BC
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. 〖如下所示FortiGate设备配置了三个虚拟域(VDOMs)〗
Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three)〖如果网络管理员想所有VDOMs之间路由通信,下列哪些描述是正确的? (选择三个)〗
A. The administrator can configure inter-VDOM links to avoid using external interfaces and routers.〖管理员可以配置inter-VDOM链接避免使用外部接口和路由器〗
B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. 〖就所有FortiGate设备接口来说,防火墙政策必须允许流量可以通过任何接口,包括inter-VDOM链接〗
C. This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing. 〖这个配置需要在FortiGate设备和互联网本身路由之间定位一个路由〗
D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.〖如果所有的子网需要路由的是本地连接,自动提供Inter-VDOM路由〗
E. As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.〖每个VDOM都有一个独立的路由表,需要在每个VDOM设置路由规则(例如静态路由、OSPF)到VDOM之间路由通信〗
【分析】
Inter-VDOM links允许VDOMs相互通讯;通过VDOM的防火墙策略来允许访问;通过路由允许VDOM互相访问。
【答案】ABE
A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs? 〖FortiGate防火墙配置了三个虚拟域(VDOMs),下面哪些关于多个VDOMs的描述是正确的?〗
A. The FortiGate must be a model 1000 or above to support multiple VDOMs.〖FortiGate防火墙必须是1000型号以上才支持多个VDOMs〗
B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled.〖VDOM模式启用之前必须购买许可证应用于FortiGate防火墙〗
C. Changing the operational mode of a VDOM requires a reboot of the FortiGate.〖改变一个VDOM操作模式需要重新启动FortiGate防火墙〗
D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes.〖FortiGate防火墙支持NAT/路由模式和透明模式VDOMs任意组合〗
【分析】
Inter-VDOM links允许NAT和路由模式任意组合。
【答案】D
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. 〖一个FortiGate防火墙配置多个VDOMs,一个管理员账号在设备上被分配一个VDOM:root范围值〗
Which of the following settings will this administrator be able to configure? (Choose two)〖下面哪些设置管理员能够配置?(选择两个)〗
A. Firewall addresses. 〖防火墙地址〗
B. DHCP servers. 〖DHCP服务〗
C. FortiGuard Distribution Network configuration.〖FortiGuard分布网络配置〗
D. System hostname〖系统主机名称〗
【分析】
VDOM:root下可以修改防火墙的接口IP和DHCP服务。
VDOM:root菜单里没有仪表板和FortiGuard选项。
【答案】AB
扫一扫
1045
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
