FCP - FortiGate 7.4 Administrator Sample Questions

15問 • 1年前

問題一覧

An administrator needs to create a tunnel mode SSL-VPN to access an internal web server from the internet. The web server is connected to port1. The internet is connected to port2. Both interfaces belong to the VDOM named Corporation. What interface must the administrator use as the source for the firewall policy that will allow this traffic?

ssl.Corporation

Which three settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

SSH, Trusted Host, HTTPS

Which statement best describes the role of a DC agent in an FSSO DC agent mode solution?

It captures the login events and forwards them to the collector agent.

Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choose two.)

The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not., Six packets are usually exchanged during main mode, while only three packets are exchanged during aggressive mode.

Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

SMS text message, Email, FortiToken Mobile

Refer to the exhibit. A user at 192.168.32.15 is trying to access the web server at 172.16.32.254. Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF) checks on this traffic? (Choose two.)

Strict RPF check will allow the traffic., Loose RPF check will allow the traffic.

Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)

A zone can be chosen as the outgoing interface., Multiple interfaces can be selected as incoming and outgoing interfaces.

Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)

Port block allocation, Fixed port range

What is eXtended Authentication (XAuth)?

It is an IPsec extension that forces remote VPN users to authenticate using their credentials (username and password).

FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the most likely reason for this situation?

The user was authenticated using passive authentication.

Which statement about the HA override setting in FortiGate HA clusters is true?

You must configure override settings manually and separately for each cluster member.

Which type of traffic inspection requires FortiGate to act as a CA?

SSL traffic inspection when protecting multiple clients connecting to multiple servers.

Which two statements about advanced AD access mode for the FSSO collector agent are true? (Choose two.)

It supports monitoring of nested groups., FortiGate can act as an LDAP client to configure the group filters.

Which statement about firewall policy NAT is true?

You must configure SNAT for each firewall policy.

Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology? (Choose two.)

Fabric name, FortiAnalyzer IP address

第6章ネットワークとコンテンツ配信

Takanori Noda · 5問 · 1年前