[2022年11月27日] NSE5_FMG-7.0テストエンジンお試しセット、NSE5_FMG-7.0問題集PDF
最新のFortinet NSE5_FMG-7.0のPDFと問題集で(2022)無料試験問題解答
Fortinet NSE5_FMG-7.0 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 36
An administrator run the reload failure command: diagnose test deploymanager reload config
<deviceid> on FortiManager. What does this command do?
- A. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate.
- B. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database.
- C. It installs the provisioning template configuration on the specified FortiGate.
- D. It installs the latest configuration on the specified FortiGate and update the revision history database.
正解: B
質問 37
What does a policy package status of Conflict indicate?
- A. The policy configuration has never been imported after a device was registered on FortiManager.
- B. The policy package does not have a FortiGate as the installation target.
- C. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
- D. The policy package configuration has been changed on both FortiManager and the managed device independently.
正解: D
質問 38
Which two statements regarding device management on FortiManager are true? (Choose two.)
- A. The maximum number of managed devices for each ADOM is 500.
- B. FortiGate devices in HA cluster devices are counted as a single device.
- C. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
- D. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
正解: B,D
質問 39
Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?
- A. Routing
- B. Security profiles
- C. SNMP
- D. NSX-T Service Template
正解: B
質問 40
View the following exhibit.
Which statement is true regarding this failed installation log?
- A. Policy ID 2 is installed without a source address
- B. Policy ID 2 is installed without a source device
- C. Policy ID 2 is installed in disabled state
- D. Policy ID 2 will not be installed
正解: B
質問 41
What will happen if FortiAnalyzer features are enabled on FortiManager?
- A. FortiManager will reboot
- B. FortiManager can be used only as a logging device.
- C. FortiManager will send the logging configuration to the managed devices so the managed devices will start sending logs to FortiManager
- D. FortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices
正解: A
質問 42
What is the purpose of the Policy Check feature on FortiManager?
- A. To find and delete disabled firewall policies in the policy package
- B. To find and provide recommendation for optimizing policies in a policy package
- C. To find and merge duplicate policies in the policy package
- D. To find and provide recommendation to combine multiple separate policy packages into one common
policy package
正解: B
質問 43
An administrator has enabled Service Access on FortiManager.
What is the purpose of Service Access on the FortiManager interface?
- A. Allows FortiManager to download IPS packages
- B. Allows FortiManager to automatically configure a default route
- C. Allows FortiManager to respond to request for FortiGuard services from FortiGate devices
- D. Allows FortiManager to run real-time debugs on the managed devices
正解: C
質問 44
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.
Which troubleshooting step should you take to resolve the issue?
- A. Make sure Offline Mode is disabled
- B. Make sure FortiManager Access is enabled in the administrator profile
- C. Make sure ADOMs are enabled and the administrator has access to the Global ADOM
- D. Make sure the administrator IP address is part of the trusted hosts.
正解: D
解説:
Even if a user entered the correct userid/password, the FMG denies access if a user is logging in from an untrusted source IP subnets.
Topic 1, Main Questions Pool B
質問 45
Refer to the exhibits.
Exhibit one.
Exhibit two.
An administrator created a new system template named Training with two new DNS addresses on FortiManager. During the installation preview stage, the administrator notices that many unset commands need to be pushed.
What can be the main reason for these unset commands?
- A. The ADOM is locked by another administrator
- B. The DNS addresses in the default system settings are the same as the Training system template
- C. The Training system template has other default settings
- D. The Training system template does not have assigned devices
正解: C
質問 46
Refer to the exhibit.
You are using the Quick Install option to install configuration changes on the managed FortiGate.
Which two statements correctly describe the result? (Choose two.)
- A. It provides the option to preview configuration changes prior to installing them
- B. It will not create a new revision in the revision history
- C. It installs device-level changes to FortiGate without launching the Install Wizard
- D. It cannot be canceled once initiated and changes will be installed on the managed device
正解: C,D
解説:
FortiManager_6.4_Study_Guide-Online - page 164
The Install Config option allows you to perform a quick installation of device-level settings without launching the Install Wizard. When you use this option, you cannot preview the changes prior to committing. Administrator should be certain of the changes before using this install option, because the install can't be cancelled after the process is initiated.
質問 47
Which of the following statements are true regarding VPN Gateway configuration in VPN Manager? (Choose two.)
- A. External gateways are third-party VPN gateway devices only
- B. Protected subnets are the subnets behind the device that you don't want to allow access to over the IPsec VPN
- C. Managed gateways are devices managed by FortiManager in the same ADOM
- D. Managed devices in other ADOMs must be treated as external gateways
正解: C,D
質問 48
In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?
- A. By default, the unregistered FortiGate will appear in the root ADOM.
- B. The FortiGate will be automatically added to the Training ADOM.
- C. The FortiGate will be added automatically to the default ADOM named FortiGate.
- D. The FortiManager administrator must add the unregistered device manually to the unregistered device
正解: A
解説:
manually to the Training ADOM using the Add Device wizard
質問 49
Refer to the exhibit.
Given the configuration shown in the exhibit, how did FortiManager handle the service category named General?
- A. FortiManager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database.
- B. FortiManager ignored the firewall service category general and deleted the duplicate value In Its database
- C. FortiManager ignored the firewall service category General but created a new service category in its database.
- D. FortiManager ignored the firewall service category General and did not update Its database with the value
正解: A
質問 50
An administrator run the reload failure command: diagnose test deploymanager reload config
<deviceid> on FortiManager. What does this command do?
- A. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database.
- B. It compares and provides differences in configuration on FortiManager with the current running
configuration of the specified FortiGate. - C. It installs the provisioning template configuration on the specified FortiGate.
- D. It installs the latest configuration on the specified FortiGate and update the revision history database.
正解: A
質問 51
An administrator would like to create an SD-WAN using central management in the Training ADOM.
To create an SD-WAN using central management, which two steps must be completed? (Choose two.)
- A. Enable SD-WAN central management in the Training ADOM
- B. Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces
- C. Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SD-WAN template settings
- D. Specify a gateway address when you create a default SD-WAN static route
正解: A,B
質問 52
Which two settings must be configured for SD-WAN Central Management? (Choose two.)
- A. You can create multiple SD-WAN interfaces per VDOM
- B. The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.
- C. When you configure an SD-WAN, you must specify at least two member interfaces.
- D. SD-WAN must be enabled on per-ADOM basis
正解: C,D
質問 53
View the following exhibit.
An administrator has created a firewall address object, Training, which is used in the Local-FortiGate policy package. When the install operation is performed, which IP Netmask will be installed on the Local-FortiGate, for the Training firewall address object?
- A. It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values
- B. Local-FortiGate will automatically choose an IP Network based on its network interface settings.
- C. 10.0.1.0/24
- D. 192.168.0.1/24
正解: C
質問 54
Which of the following statements are true regarding VPN Manager? (Choose three.)
- A. VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time.
- B. VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.
- C. VPN Manager automatically adds newly-registered devices to a VPN community.
- D. VPN Manager must be enabled on a per ADOM basis.
- E. Common IPsec settings need to be configured only once in a VPN Community for all managed gateways.
正解: A,D,E
質問 55
Refer to the exhibit.
Which two statements about the output are true? (Choose two.)
- A. The latest history for the managed FortiGate does not match with the device-level database
- B. Configuration changes directly made on the FortiGate have been automatically updated to device-level
- C. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
- D. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
正解: A,C
解説:
database
Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up - dev-db: modified - This is the device setting status which indicates that configuration changes were made on FortiManager. - conf: in sync - This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration. - cond: pending - This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion: - Revision DB does match FortiGate. - No changes were installed to FortiGate yet. - Device DB doesn't match Revision DB. - No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve: device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet): latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history: device database = reverted revision != FGT
質問 56
Refer to the exhibit.
An administrator has created a firewall address object, Training which is used in the Local-FortiGate policy package.
When the installation operation is performed, which IP/Netmask will be installed on the Local-FortiGate, for the Training firewall address object?
- A. 10.200.1.0/24
- B. It will create a firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values.
- C. Local-FortiGate will automatically choose an IP/Netmask based on its network interface settings.
- D. 192.168.0.1/24
正解: D
質問 57
Which two items are included in the FortiManager backup? (Choose two.)
- A. Logs
- B. FortiGuard database
- C. Global database
- D. All devices
正解: C,D
質問 58
Refer to the exhibit.
Which two statements about the output are true? (Choose two.)
- A. The latest history for the managed FortiGate does not match with the device-level database
- B. Configuration changes directly made on the FortiGate have been automatically updated to device-level
- C. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
- D. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
正解: A,C
解説:
database
Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up - dev-db: modified - This is the device setting status which indicates that configuration changes were made on FortiManager. - conf: in sync - This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration. - cond: pending - This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion: - Revision DB does match FortiGate. - No changes were installed to FortiGate yet. - Device DB doesn't match Revision DB. - No changes were done on FortiGate (auto-update) but configuration was retrieved instead After an Auto-Update or Retrieve: device database = latest revision = FGT Then after a manual change on FMG end (but no install yet): latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history: device database = reverted revision != FGT
質問 59
View the following exhibit:
An administrator used the value shown in the exhibit when importing a Local-FortiGate into FortiManager. What name will be used to display the firewall policy for port1?
- A. WAN zone on FortiGate and WAN zone on FortiManager
- B. port1 on both FortiGate and FortiManager
- C. port1 on FortiGate and WAN on FortiManager
- D. WAN zone on FortiGate and WAN interface on FortiManager
正解: C
質問 60
......
あなたを合格させるNSE 5 Network Security Analyst NSE5_FMG-7.0試験問題集で2022年11月27日には74問あります:https://www.goshiken.com/Fortinet/NSE5_FMG-7.0-mondaishu.html
NSE5_FMG-7.0無料試験学習ガイド!(更新された74問あります):https://drive.google.com/open?id=1yQ4DbHSaiVxse0_O6gfExNmsnXYPuxL6