検証済みのNSE4_FGT-6.4問題集と解答で合格保証もしくは全額返金 [2022年03月]
NSE4_FGT-6.4のPDF問題集で2022年03月29日最近更新された問題
Fortinet NSE4_FGT-6.4 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
質問 64
Which two statements about antivirus scanning mode are true? (Choose two.)
- A. In proxy-based inspection mode, files bigger than the buffer size are scanned.
- B. In flow-based inspection mode, files bigger than the buffer size are scanned.
- C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
- D. In flow-based inspection mode. FortiGate buffers the file, but also simultaneously transmits it to the client.
正解: B,C
質問 65
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
- A. Automated Response
- B. Optimization
- C. Security Posture
- D. Fabric Coverage
正解: D
解説:
Explanation/Reference: https://www.fortinet.com/content/dam/fortinet/assets/support/fortinet-recommended-security- best-practices.pdf
質問 66
https://www.fast2test.com/NSE4_FGT-6.4-practice-test.html 6
Valid Fast2test NSE4_FGT-6.4 Exam PDF Dumps - New NSE4_FGT-6.4 Real Exam Questions Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
- A. The subject field in the server certificate
- B. The subject alternative name (SAN) field in the server certificate
- C. The host field in the HTTP header
- D. The serial number in the server certificate
- E. The server name indication (SNI) extension in the client hello message
正解: B,C,D
解説:
Explanation/Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection
質問 67
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
- A. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
- B. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
- C. The two VLAN sub interfaces must have different VLAN IDs.
- D. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.
正解: C
解説:
Explanation
FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf -
"Multiple VLANs can coexist in the same physical interface, provide they have different VLAN ID"
質問 68
Refer to the exhibits.
Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)
- A. FortiGate has entered conserve mode.
- B. Administrators can access FortiGate only through the console port.
- C. Administrators cannot change the configuration.
- D. FortiGate will start sending all files to FortiSandbox for inspection.
正解: C,D
質問 69
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
- A. get system arp
- B. execute ping
- C. diagnose sniffer packet any
- D. execute traceroute
- E. diagnose sys top
正解: B,C,E
解説:
Explanation
Explanation/Reference:
質問 70
How does FortiGate act when using SSL VPN in web mode?
- A. FortiGate acts as router.
- B. FortiGate acts as DNS server.
- C. FortiGate acts as an FDS server.
- D. FortiGate acts as an HTTP reverse proxy.
正解: B
解説:
Explanation/Reference: https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/Fortigate_v4.0MR3/fortigate-sslvpn-
40-mr3.pdf
質問 71
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
- A. To generate logs
- B. To finish any inspection operations
- C. To allow for out-of-order packets that could arrive after the FIN/ACK packets
- D. To remove the NAT operation
正解: B
質問 72
Examine the following web filtering log.
Which statement about the log message is true?
- A. The web site miniclip.com matches a static URL filter whose action is set to Warning.
- B. The usage quota for the IP address 10.0.1.10 has expired
- C. The action for the category Games is set to block.
- D. The name of the applied web filter profile is default.
正解: D
質問 73
View the exhibit:
Which the FortiGate handle web proxy traffic rue? (Choose two.)
- A. port-VLAN1 is the native VLAN for the port1 physical interface.
- B. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
- C. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
- D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
正解: B,C
質問 74
Refer to the web filter raw logs.
Based on the raw logs shown in the exhibit, which statement is correct?
- A. The action on firewall policy ID 1 is set to warning.
- B. Access to the social networking web filter category was explicitly blocked to all users.
- C. Social networking web filter category is configured with the action set to authenticate.
- D. The name of the firewall policy is all_users_web.
正解: C
質問 75
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)
- A. Intrusion prevention
- B. DNS filter
- C. File filter
- D. Antivirus scanning
正解: B,D
質問 76
Examine the exhibit, which contains a virtual IP and firewall policy configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
- A. 10.200.1.1
- B. 10.0.1.254
- C. 10.200.1.10
- D. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
正解: C
解説:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Virtual%20IPs.htm
質問 77
Refer to the exhibit.
The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?
- A. port3
- B. port4
- C. port2
- D. port1
正解: B
質問 78
Refer to the exhibit.
The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?
- A. 10.200.1.100
- B. 10.200.1.1
- C. 10.200.3.1
- D. 10.200.1.10
正解: B
質問 79
Refer to the exhibit.
The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)
- A. Enable match vip in the Deny policy.
- B. Disable match-vip in the Deny policy.
- C. Set the Destination address as Web_server in the Deny policy.
- D. Set the Destination address as Deny_IP in the Allow-access policy.
正解: A,C
質問 80
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
- A. Local traffic logs
- B. Security logs
- C. Forward traffic logs
- D. System event logs
正解: A
質問 81
Exhibit:
Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?
- A. IP-based authentication is enabled
- B. Route-based authentication is enabled
- C. Session-based authentication is enabled.
- D. Policy-based authentication is enabled
正解: C
質問 82
Refer to the exhibit.
The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?
- A. Enable two-factor authentication
- B. Change password
- C. Enable restrict access to trusted hosts
- D. Change Administrator profile
正解: A
質問 83
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- A. NetAPI polling can increase bandwidth usage in large networks.
- B. The NetSession Enum function is used to track user logouts.
- C. The collector agent uses a Windows API to query DCs for user logins.
- D. The collector agent must search security event logs.
正解: B
質問 84
Refer to the exhibit to view the application control profile.
Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?
- A. The category of Apple FaceTime is being blocked.
- B. The category of Apple FaceTime is being monitored.
- C. Apple FaceTime belongs to the custom blocked filter.
- D. Apple FaceTime belongs to the custom monitored filter.
正解: C
質問 85
......
NSE4_FGT-6.4試験問題有効なNSE4_FGT-6.4問題集PDF:https://www.goshiken.com/Fortinet/NSE4_FGT-6.4-mondaishu.html