A. By default, all interfaces are part of the same broadcast domain. 〖缺省情况下,所有接口都属于同一个广播域。〗
B. The existing network IP schema must be changed when installing a transparent mode. 〖安装透明模式时,需要修改现有网络IP模式。〗
C. Static routes are required to allow traffic to the next hop. 〖需要配置静态路由,允许流量到达下一跳。〗
默认情况下,在透明操作模式下,每个VDOM形成一个单独的转发域;在修改初始的VDOM配置之前,所有接口,无论其VLAN ID如何,都属于同一个广播域。
A. diagnose sys top
B. execute ping
C. execute traceroute
D. diagnose sniffer packet any
E. get system arp
【分析】
【答案】B C D
Examine this PAC file configuration. 〖检查这个PAC文件配置。〗
Which of the following statements are true? (Choose two.) 〖下列哪个说法是正确的?(选择两个)〗
A. Browsers can be configured to retrieve this PAC file from the FortiGate. 〖浏览器可以配置为从FortiGate检索这个PAC文件。〗
B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy. 〖任何对172.25.120.0/24子网的web请求都可以绕过代理。〗
C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060. 〖所有没有发送到Fortinet.com或172.25.120.0/24子网的请求都必须通过
altproxy.corp.com: 8060。〗
D. Any web request fortinet.com is allowed to bypass the proxy. 〖任何web请求fortinet.com都允许绕过代理。〗
【分析】
【答案】A D
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to? 〖如果数字证书中的颁发者和主题值相同,证书颁发给的实体类型是什么?〗
A. A CRL
B. A person
C. A subordinate CA
D. A root CA
【分析】
【答案】D
Which three statements are true regarding session-based authentication? (Choose three.) 〖关于基于会话的身份验证,哪三个表述是正确的?(选择三个)〗
A. HTTP sessions are treated as a single user. 〖HTTP会话被视为单个用户。〗
D. It requires more resources. 〖它需要更多的资源。〗
E. It is not recommended if multiple users are behind the source NAT. 〖如果源NAT后面有多个用户,不建议使用此方法。〗
【分析】
【答案】A C D
Which statement regarding the firewall policy authentication timeout is true? 〖关于防火墙策略认证超时的哪一条是正确的?〗
A. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP. 〖这是一个空闲超时。如果FortiGate没有看到来自该用户源IP的任何数据包,它就认为该用户是“空闲的”。〗
C. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC. 〖这是一个空闲超时。FortiGate如果没有看到来自该用户源MAC的任何数据包,就认为该用户是“空闲”的。〗
【分析】教程篇(7.0) 05. FortiGate安全 & 防火墙认证 ❀ Fortinet 网络安全专家 NSE 4
【答案】A
Which of statement is true about SSL VPN web mode? 〖关于SSL VPN web模式,哪一种说法是正确的?〗
A. The tunnel is up while the client is connected. 〖在连接客户端时隧道是正常的。〗
B. It supports a limited number of protocols. 〖它支持有限数量的协议。〗
C. The external network application sends data through the VPN. 〖外部网络应用通过VPN发送数据。〗
【分析】教程篇(7.0) 12. FortiGate安全 & SSL安全隧道 ❀ Fortinet 网络安全专家 NSE 4
【答案】B
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)? 〖如果将FortiGate配置为基于策略的下一代策略防火墙(NGFW),采用哪种检测方式?〗
A. Full Content inspection 〖完整的内容检查〗
B. Proxy-based inspection 〖基于代理的检查〗
C. Certificate inspection 〖证书检查〗
D. Flow-based inspection 〖基于流的检查〗
【分析】教程篇(7.0) 08. FortiGate安全 & Web过滤 ❀ Fortinet 网络安全专家 NSE 4
【答案】D
Refer to the exhibit. 〖参考提示〗
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit. 〖在图中所示的网络中,web客户端不能连接到HTTP web服务器。管理员运行FortiGate内置的嗅探器并获得如图所示的输出。〗
What should the administrator do next to troubleshoot the problem? 〖管理员下一步应该做什么来排除问题?〗
A. Run a sniffer on the web server. 〖在web服务器上运行嗅探器。〗
B. Capture the traffic using an external sniffer connected to port1. 〖使用连接到端口1的外部嗅探器捕获流量。〗
C. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”. 〖在FortiGate中执行另一个嗅探器,这次使用过滤器“host 10.0.1”。〗
D. Execute a debug flow. 〖执行一个调试流。〗
【分析】教程篇(7.0) 08. FortiGate基础架构 & 诊断 ❀ Fortinet 网络安全专家 NSE 4
【答案】D
If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy? 〖如果防火墙策略中“Internet服务”已选择为“目的”,防火墙策略的“目的”字段还可以选择哪些配置对象?〗
A. User or User Group 〖用户和用户组〗
C. No other object can be added 〖不能添加其他对象〗
【分析】教程篇(7.0) 03. FortiGate安全 & 防火墙策略 ❀ Fortinet 网络安全专家 NSE 4
【答案】C
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two) 〖以下哪一项描述了FortiGates在寻找合适的网关时的路由查找行为?(选择两个)〗
A. Lookup is done on the first packet from the session originator 〖对来自会话发起者的第一个数据包进行查找〗
B. Lookup is done on the last packet sent from the responder 〖对从响应器发送的最后一个包进行查找〗
C. Lookup is done on every packet, regardless of direction 〖对每个包进行查找,无论方向如何〗
D. Lookup is done on the trust reply packet from the responder 〖对来自响应方的信任应答包进行查找〗
【分析】教程篇(7.0) 01. FortiGate基础架构 & 路由 ❀ Fortinet 网络安全专家 NSE 4
【答案】A D
Refer to the exhibit. 〖参考提示〗
The exhibits show a network diagram and the explicit web proxy configuration. 〖展示了网络示意图和web代理的显式配置。〗
In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy? 〖在命令diagnose sniffer packet中,你可以使用什么过滤器来捕获客户端和web显式代理之间的流量?〗
A. ‘host 192.168.0.2 and port 8080’
B. ‘host 10.0.0.50 and port 80’
C. ‘host 192.168.0.1 and port 80’
D. ‘host 10.0.0.50 and port 8080’
【分析】
【答案】A
