本文主要是介绍考题篇(7.0) 05 ❀ FortiGate防火墙 ❀ Fortinet 网络安全专家 NSE 4,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
A. It is required to modify a firewall policy using the CLI. 〖需要通过命令行修改防火墙策略。〗
B. It represents the number of objects used in the firewall policy. 〖它表示防火墙策略中使用的对象的数量。〗
C. It changes when firewall policies are reordered. 〖当防火墙策略重新排序时,它会发生变化。〗
D. It defines the order in which rules are processed. 〖它定义了处理规则的顺序。〗
当你在GUI上创建一个新的防火墙策略时,FortiGate会自动分配一个策略ID。策略ID永远不会改变,即使你将规则在序列中移动得更高或更低。
The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN? 〖现象描述SSL VPN连接失败。用户需要做什么才能成功连接SSL VPN?〗
A. Change the SSL VPN port on the client. 〖修改客户端SSL VPN端口〗
B. Change the Server IP address. 〖修改服务器IP地址〗
C. Change the idle-timeout. 〖修改空闲超时〗
D. Change the SSL VPN portal to the tunnel. 〖修改SSL VPN门户为隧道〗
配置的端口号是10443,访问的时候输入的是1443。
A. The strict RPF check is run on the first sent and reply packet of any new session. 〖严格的RPF检查将在任何新会话的第一个发送和回复数据包上运行。〗
B. Strict RPF checks the best route back to the source using the incoming interface. 〖严格RPF通过入接口检查回源的最佳路由。〗
C. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface. 〖严格的RPF只检查是否存在at cast,使用入接口返回源的活动路由。〗
D. Strict RPF allows packets back to sources with all active routes. 〖严格RPF允许报文返回到所有激活路由的源。〗
The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook. 〖提示显示了SSL和身份验证策略(提示A)和Facebook的安全策略(提示)。〗
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts. 〖用户可以访问Facebook的web应用程序。他们可以播放Facebook上的视频内容,但不能在视频或其他类型的帖子上留言。〗
Which part of the policy configuration must you change to resolve the issue? 〖要解决这个问题,必须更改策略配置的哪一部分?〗
A. The SSL inspection needs to be a deep content inspection. 〖SSL检查需要是深入的内容检查。〗
B. Force access to Facebook using the HTTP service. 〖使用HTTP服务强制访问Facebook。〗
C. Additional application signatures are required to add to the security policy. 〖附加的应用程序签名需要添加到安全策略中。〗
D. Add Facebook in the URL category in the security policy. 〖在安全策略的URL分类中添加Facebook。〗
Facebook_like后面的锁logo。表示需要SSL深度检测。
A. FortiGate uses the AD server as the collector agent. 〖FortiGate使用AD服务器作为采集器代理。〗
B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs. 〖FortiGate使用SMB协议从数据中心读取事件查看器日志。〗
C. FortiGate does not support workstation check. 〖FortiGate不支持工作站检查。〗
D. FortiGate directs the collector agent to use a remote LDAP server. 〖FortiGate指示收集器代理使用远程LDAP服务器。〗
The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check. 〖提示包含SD-WAN性能SLA的配置,以及 diagnose sys virtual-wan-link health-check的输出。〗
Which interface will be selected as an outgoing interface? 〖哪个接口将被选为出接口?〗
A. port2
B. port4
C. port3
D. port1
将选择一条最佳宽带,而port1的延迟最低。
Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile? 〖检查入侵防御系统(IPS)配置文件签名配置。在IPS传感器配置文件中添加FTP.Login.Failed签名时,哪一种描述是正确的?〗
A. The signature setting uses a custom rating threshold. 〖签名设置使用自定义的评级阈值。〗
B. The signature setting includes a group of other signatures. 〖签名设置包括一组其他签名。〗
C. Traffic matching the signature will be allowed and logged. 〖命中该签名的流量将被允许并记录日志。〗
D. Traffic matching the signature will be silently dropped and logged. 〖匹配该签名的流量将被无声地删除并记录。〗
选择阻断以静默地删除匹配该表项中包含的任何签名的流量。
The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. 〖提示包含网络图、虚拟IP、IP池和防火墙策略配置。〗
The WAN (port1) interface has the IP address 10.200.1.1/24. 〖WAN (port1)接口的IP地址为10.200.1.1/24。〗
The LAN (port3) interface has the IP address 10 .0.1.254/24. 〖LAN (port3)接口的IP地址为10.0.1.254/24。〗
The first firewall policy has NAT enabled using IP Pool. 〖第一条防火墙策略有启用NAT使用IP池。〗
The second firewall policy is configured with a VIP as the destination address. 〖第二条防火墙策略的目的地址为VIP。〗
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10? 〖来自IP地址为10.0.1.10的工作站的internet流量将使用哪个IP地址来进行NAT源转换?〗
A. 10.200.1.1
B. 10.200.3.1
C. 10.200.1.100
D. 10.200.1.10
An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. 〖管理员在FortiGate上配置了性能SLA,没有产生任何流量。〗
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.) 〖为什么FortiGate不向4.2.2.2和4.2.2.1服务器发送探测?(选择两个)〗
A. The Detection Mode setting is not set to Passive. 〖检测模式设置未设置为被动。〗
B. Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid. 〖管理员没有为SD-WAN成员配置网关,或配置的网关无效。〗
C. The configured participants are not SD-WAN members. 〖配置的参与者不是SD-WAN成员。〗
D. The Enable probe packets setting is not enabled. 〖启动探测报文设置没有启动。〗
Which contains a session list output. Based on the information shown in the exhibit, which statement is true? 〖包含会话列表输出。根据提示显示的信息,哪个描述是正确的?〗
A. Destination NAT is disabled in the firewall policy. 〖防火墙策略中未启用目的NAT。〗
B. One-to-one NAT IP pool is used in the firewall policy. 〖防火墙策略中使用一对一NAT IP池。〗
C. Overload NAT IP pool is used in the firewall policy. 〖防火墙策略使用过载NAT IP池。〗
D. Port block allocation IP pool is used in the firewall policy. 〖防火墙策略使用端口块分配IP池。〗
这篇关于考题篇(7.0) 05 ❀ FortiGate防火墙 ❀ Fortinet 网络安全专家 NSE 4的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
