• ホーム
  • ブログ
  • [2022年01月28日] 合格率取得する秘訣はNSE4_FGT-6.4認定試験エンジンPDF [Q59-Q74]

[2022年01月28日] 合格率取得する秘訣はNSE4_FGT-6.4認定試験エンジンPDF [Q59-Q74]

Share

[2022年01月28日] 合格率取得する秘訣はNSE4_FGT-6.4認定試験エンジンPDF

NSE4_FGT-6.4試験問題集合格できるには更新された2022年01月テスト問題集


Fortinet NSE4_FGT-6.4 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Configure and route packets using static and policy-based routes
  • Configure log settings and diagnose problems using the logs
トピック 2
  • Identify and configure different methods of firewall authentication
  • Explain FSSO deployment and configuration
トピック 3
  • Identify and configure different operation modesfor an FGCPHA cluster
  • Implement a meshed or partially redundant IPsec VPN
トピック 4
  • Describe and configure VDOMs to split a FortiGate device into multiple virtual devices
  • Describe and inspect encrypted traffic using certificates
トピック 5
  • Configure application control to monitor and control network applications
  • Identify and Configure how firewall policy NAT and central NAT works
トピック 6
  • Configure and implement different SSL-VPN modes to provide secure access to the private network
  • Perform initial configuration

 

質問 59
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection?
(Choose two.)

  • A. The CA extension must be set to TRUE.
  • B. The common name on the subject field must use a wildcard name.
  • C. The issuer must be a public CA.
  • D. The keyUsage extension must be set to keyCertSign.

正解: A,B

 

質問 60
Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

  • A. The default route is required to receive a reply.
  • B. The debug flow is of ICMP traffic.
  • C. A firewall policy allowed the connection.
  • D. A new traffic session is created.

正解: B,D

 

質問 61
https://www.fast2test.com/NSE4_FGT-6.4-practice-test.html 6
Valid Fast2test NSE4_FGT-6.4 Exam PDF Dumps - New NSE4_FGT-6.4 Real Exam Questions Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

  • A. The subject field in the server certificate
  • B. The subject alternative name (SAN) field in the server certificate
  • C. The host field in the HTTP header
  • D. The serial number in the server certificate
  • E. The server name indication (SNI) extension in the client hello message

正解: B,C,D

解説:
Explanation/Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection

 

質問 62
Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

  • A. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
  • B. FortiGate devices are not in sync because one device is down.
  • C. FortiGate SN FGVM010000064692 has the higher HA priority.
  • D. FortiGate SN FGVM010000065036 HA uptime has been reset.

正解: A,D

 

質問 63
View the exhibit.

Which of the following statements are correct? (Choose two.)

  • A. This setup requires at least two firewall policies with the action set to IPsec.
  • B. This is a redundant IPsec setup.
  • C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  • D. Dead peer detection must be disabled to support this type of IPsec setup.

正解: B,C

 

質問 64
Refer to the exhibit, which contains a static route configuration.

An administrator created a static route for Amazon Web Services.
What CLI command must the administrator use to view the route?

  • A. get router info routing-table all
  • B. get internet service route list
  • C. get router info routing-table database
  • D. diagnose firewall proute list

正解: A

 

質問 65
Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

  • A. Custom permission for Network
  • B. CLI diagnostics commands permission
  • C. Read/Write permission for Log & Report
  • D. Read/Write permission for Firewall

正解: A

 

質問 66
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

  • A. IMAP.Login.brute.Force
  • B. SMTP.Login.Brute.Force
  • C. Location: server Protocol: SMTP
  • D. ip_src_session

正解: A

 

質問 67
Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

  • A. The IPS engine was unable to prevent an intrusion attack.
  • B. The IPS engine will continue to run in a normal state.
  • C. The IPS engine was blocking all traffic.
  • D. The IPS engine was inspecting high volume of traffic.

正解: C

 

質問 68
Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?

  • A. Run a sniffer on the web server.
  • B. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10"
  • C. Execute a debug flow.
  • D. Capture the traffic using an external sniffer connected to port1.

正解: C

 

質問 69
Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

  • A. The firewall policy does not apply deep content inspection.
  • B. Web filter should be enabled on the firewall policy to complement the antivirus profile.
  • C. The action on the firewall policy must be set to deny.
  • D. The firewall policy must be configured in proxy-based inspection mode.

正解: B

 

質問 70
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies.
Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

  • A. The IP version of the sources and destinations in a policy must match.
  • B. The IP version of the sources and destinations in a firewall policy must be different.
  • C. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
  • D. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
  • E. The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

正解: B,C,D

 

質問 71
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

  • A. Add the support of NTLM authentication.
  • B. Add user accounts to Active Directory (AD).
  • C. Add user accounts to the FortiGate group fitter.
  • D. Add user accounts to the Ignore User List.

正解: D

 

質問 72
View the exhibit.

Which of the following statements are correct? (Choose two.)

  • A. This setup requires at least two firewall policies with the action set to IPsec.
  • B. This is a redundant IPsec setup.
  • C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  • D. Dead peer detection must be disabled to support this type of IPsec setup.

正解: B,C

 

質問 73
If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?

  • A. IP address
  • B. FQDN address
  • C. User or User Group
  • D. No other object can be added

正解: A

 

質問 74
......

NSE4_FGT-6.4テスト問題練習は2022年最新のに更新された165問あります:https://www.goshiken.com/Fortinet/NSE4_FGT-6.4-mondaishu.html

関するブログ

もっと
NSE4_FGT-6.4無料問題集