• ホーム
  • ブログ
  • NSE4_FGT-6.4別格な問題集をダウンロードして無料で最新の(NSE4_FGT-6.4テスト問題集をゲット) [Q81-Q106]

NSE4_FGT-6.4別格な問題集をダウンロードして無料で最新の(NSE4_FGT-6.4テスト問題集をゲット) [Q81-Q106]

Share

NSE4_FGT-6.4別格な問題集をダウンロードして無料で最新の(NSE4_FGT-6.4テスト問題集をゲット2022年02月25日)

NSE4_FGT-6.4問題集は合格保証します合格できるNSE4_FGT-6.4試験問題2022年更新


Fortinet NSE4_FGT-6.4 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Configure application control to monitor and control network applications
  • Identify and Configure how firewall policy NAT and central NAT works
トピック 2
  • Configure SD-WAN to load balance traffic between multiple WAN links effectively
  • Diagnose resource and connectivity problems
トピック 3
  • Identify and configure different operation modesfor an FGCPHA cluster
  • Implement a meshed or partially redundant IPsec VPN
トピック 4
  • Identify and configure different methods of firewall authentication
  • Explain FSSO deployment and configuration
トピック 5
  • Configure FortiGate to act as an implicit and explicit web proxy
  • Identify FortiGate inspection modes and configure web and DNS filtering
トピック 6
  • Configure and route packets using static and policy-based routes
  • Configure log settings and diagnose problems using the logs
トピック 7
  • Describe and configure VDOMs to split a FortiGate device into multiple virtual devices
  • Describe and inspect encrypted traffic using certificates
トピック 8
  • Configure and implement different SSL-VPN modes to provide secure access to the private network
  • Perform initial configuration

 

質問 81
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

  • A. Proxy-based inspection
  • B. Certificate inspection
  • C. Full Content inspection
  • D. Flow-based inspection

正解: A,D

 

質問 82
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

  • A. FG-Mgmt
  • B. FG-traffic
  • C. Root
  • D. Mgmt

正解: B,C

解説:
Explanation/Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/758820/split-task-vdom-mode

 

質問 83
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

  • A. SMMIE Capabilitiesvalue
  • B. Subject Alternative Namevalue
  • C. Subjectvalue
  • D. Subject Key Identifiervalue

正解: D

 

質問 84
Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How does FortiGate process the traffic sent to http://www.fortinet.com?

  • A. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.
  • B. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.
  • C. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.
  • D. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

正解: D

 

質問 85
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

  • A. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
  • B. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
  • C. FortiGate automatically negotiates different local and remote addresses with the remote peer.
  • D. FortiGate automatically negotiates a new security association after the existing security association expires.

正解: D

 

質問 86
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

  • A. Policy rule
  • B. SSL inspection and authentication policy
  • C. Firewall policy
  • D. Security policy

正解: A,C

 

質問 87
Refer to the exhibit.

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?

  • A. The first packet sent from Student failed the RPF check.
    This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
  • B. The first reply packet for Student failed the RPF check.
    This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
  • C. The first packet sent from Student failed the RPF check.
    This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
  • D. The first reply packet for Student failed the RPF check.
    This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

正解: B

 

質問 88
D18912E1457D5D1DDCBD40AB3BF70D5D
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

  • A. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
  • B. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
  • C. FortiGate automatically negotiates different local and remote addresses with the remote peer.
  • D. FortiGate automatically negotiates a new security association after the existing security association expires.

正解: D

 

質問 89
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken.
Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?

  • A. The administrator can use a third-party radius OTP server.
  • B. The administrator can register the same FortiToken on more than one FortiGate.
  • C. The administrator must use the user self-registration server.
  • D. The administrator must use a FortiAuthenticator device.

正解: A

 

質問 90
An administrator is configuring an IPsec VPN between site A and site B.
The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

  • A. 192.168.2.0/24
  • B. 192.168.0.0/24
  • C. 192.168.3.0/24
  • D. 192.168.1.0/24

正解: A

 

質問 91
Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

  • A. It is allowed and inspected as long as the inspection is flow based
  • B. It is allowed and inspected, as long as the only inspection required is antivirus.
  • C. It is allowed, but with no inspection
  • D. It is dropped.

正解: D

 

質問 92
Refer to the exhibit.



The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

  • A. Authentication is enforced at a policy level; all users will be prompted for authentication.
  • B. Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.
  • C. If there is a full-through policy in place, users will not be prompted for authentication.
  • D. Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.

正解: A

 

質問 93
Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

  • A. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
  • B. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.
  • C. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.
  • D. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

正解: B,C

 

質問 94
An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

  • A. Ethernet header
  • B. Interface name
  • C. Packet payload
  • D. Application header
  • E. IP header

正解: B,C,E

 

質問 95
Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

  • A. Traffic between port2 and port2-vlan1 is allowed by default.
  • B. port1 is a native VLAN.
  • C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
  • D. port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs

正解: A,C

 

質問 96
Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP
10.0.1.10to the destination http://www.fortinet.com? (Choose two.)

  • A. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
  • B. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.
  • C. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.
  • D. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

正解: B,C

 

質問 97
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

  • A. execute traceroute
  • B. get system arp
  • C. diagnose sys top
  • D. execute ping
  • E. diagnose sniffer packet any

正解: A,B,D

 

質問 98
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

  • A. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
  • B. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
  • C. The two VLAN sub interfaces must have different VLAN IDs.
  • D. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.

正解: C

解説:
FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf -> page 147
"Multiple VLANs can coexist in the same physical interface, provide they have different VLAN ID"

 

質問 99
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

  • A. Implement web filter authentication for the specified website.
  • B. Implement a DNS filter for the specified website.
  • C. Implement web filter quotas for the specified website
  • D. Implement a web filter category override for the specified website

正解: A

 

質問 100
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

  • A. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
  • B. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
  • C. Enable Dead Peer Detection.
  • D. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

正解: A,C

 

質問 101
View the exhibit.

Which of the following statements are correct? (Choose two.)

  • A. This setup requires at least two firewall policies with the action set to IPsec.
  • B. This is a redundant IPsec setup.
  • C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  • D. Dead peer detection must be disabled to support this type of IPsec setup.

正解: B,C

 

質問 102
Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

  • A. Enable two-factor authentication
  • B. Change password
  • C. Enable restrict access to trusted hosts
  • D. Change Administrator profile

正解: A

 

質問 103
Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?

  • A. The category of Apple FaceTime is being blocked.
  • B. The category of Apple FaceTime is being monitored.
  • C. Apple FaceTime belongs to the custom blocked filter.
  • D. Apple FaceTime belongs to the custom monitored filter.

正解: C

 

質問 104
Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

  • A. Custom permission for Network
  • B. Read/Write permission for Log & Report
  • C. Read/Write permission for Firewall
  • D. CLI diagnostics commands permission

正解: D

解説:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD50220

 

質問 105
An administrator is running the following sniffer command:

Which three pieces of Information will be Includedin me sniffer output? {Choose three.)

  • A. Interface name
  • B. Ethernet header
  • C. Packetpayload
  • D. IP header
  • E. Application header

正解: B,C,E

 

質問 106
......

検証済みのNSE4_FGT-6.4問題集で問題と解答で合格保証試験問題集テストエンジン:https://www.goshiken.com/Fortinet/NSE4_FGT-6.4-mondaishu.html

関するブログ

もっと
NSE4_FGT-6.4無料問題集