Fortinet NSE4_FGT-7.0 問題集

質問 1：
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
A. Strict RPF allows packets back to sources with all active routes.
B. The strict RPF check is run on the first sent and reply packet of any new session.
C. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.
D. Strict RPF checks the best route back to the source using the incoming interface.
正解：D

質問 2：
Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?
A. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10"
B. Capture the traffic using an external sniffer connected to port1.
C. Run a sniffer on the web server.
D. Execute a debug flow.
正解：D

質問 3：
An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?
A. Disable the RPF check at the FortiGate interface level for the reply check.
B. Enable asymmetric routing at the interface level.
C. Disable the RPF check at the FortiGate interface level for the source check.
D. Enable asymmetric routing, so the RPF check will be bypassed.
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 4：
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?
A. The administrator must use the user self-registration server.
B. The administrator can use a third-party radius OTP server.
C. The administrator must use a FortiAuthenticator device.
D. The administrator can register the same FortiToken on more than one FortiGate.
正解：C

質問 5：
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
A. The public key of the web server certificate must be installed on the browser.
B. The web-server certificate must be installed on the browser.
C. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
D. The CA certificate that signed the web-server certificate must be installed on the browser.
正解：D

質問 6：
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
A. Operating mode
B. NGFW mode
C. FortiGuaid update servers
D. System time
正解：A,B
解説: (Topexam メンバーにのみ表示されます)

質問 7：
Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)
A. Source IP
B. Session
C. Volume
D. Spillover
正解：B,C
解説: (Topexam メンバーにのみ表示されます)

質問 8：
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. Uninterruptable upgrade is enabled by default.
B. Traffic load balancing is temporally disabled while upgrading the firmware.
C. Only secondary FortiGate devices are rebooted.
D. The firmware image must be manually uploaded to each FortiGate.
正解：A,B

質問 9：
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not.
Which two configuration changes are the most effective way to support this requirement? (Choose two.)
A. Implement web category authentication for the specified website using a web filter profile.
B. Implement a firewall policy with authentication for the specified users.
C. Implement a DNS filter for the specified website.
D. Implement web filter quotas for the specified website.
正解：A,B
解説: (Topexam メンバーにのみ表示されます)