The diag sys session list command is executed in the CLI. The output of this command is shown in the exhibit.
Based on the output from this command, which of the following statements is correct?
A. This session matches a firewall policy with ID 5.
B. This is a UDP session.
C. This traffic has been authenticated.
D. Traffic shaping is being applied to this session.
E. This is an ICMP session.
正解:D
質問 2:
Which of the following describes the best custom signature for detecting the use of the word "Fortinet" in chat applications?
A. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --
within 20; )
B. F-SBID( --protocol tcp; --flow from_client; --pattern "fortinet"; --no_case; )
C. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --
within 20; --no_case; )
D. The sample packet trace illustrated in the exhibit provides details on the packet that requires
detection.
F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --
no_case; )
正解:D
質問 3:
Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met.
Considering this, which of the following statements is NOT correct?
A. Both the FortiGate and FortiAnalyzer devices can send alert notifications in the form of an email alert.
B. On a FortiGate device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.
C. Only a FortiAnalyzer device can send the alert notification in the form of a syslog message.
D. On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.
正解:D
質問 4:
The eicar test virus is put into a zip archive, which is given the password of "Fortinet" in order to open the archive. Review the configuration in the exhibits shown below; then answer the question that follows.
Exhibit A - Antivirus Profile:
Exhibit B - Non-default UTM Proxy Options Profile: Exhibit C - DLP Profile:
Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol?
A. Only Exhibit A
B. Only Exhibit C with default UTM Proxy settings.
C. Only Exhibit C with non-default UTM Proxy settings (Exhibit B).
D. All of the Exhibits (A, B and C)
E. Only Exhibit B
正解:B
質問 5:
An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings.
Which of the following statements are correct regarding the IPSec VPN configuration?
A. This VPN cannot be used as part of a hub and spoke topology.
B. To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network.
C. The virtual IPSec interface is automatically created after the phase1 configuration.
D. Routes were automatically created based on the address objects in the firewall policies.
E. The IPSec policies must be placed at the top of the list.
正解:C
質問 6:
An intermittent connectivity issue is noticed between two devices located behind the FortiGate dmz and internal interfaces. A continuous sniffer trace is run on the FortiGate unit that the administrator will convert into a .cap file for an off-line analysis with a sniffer application.
Given the high volume of global traffic on the network, which of the following CLI commands will best allow the administrator to perform this troubleshooting operation?
A. diagnose sniffer packet dmz "" 3
B. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 4
C. diagnose sniffer packet any
D. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 3
正解:D
質問 7:
Examine the Exhibits shown below, then answer the question that follows.
Review the following DLP Sensor (Exhibit 1):
Review the following File Filter list for rule #1 (Exhibit 2):
Review the following File Filter list for rule #2 (Exhibit 3):
Review the following File Filter list for rule #3 (Exhibit 4):
An MP3 file is renamed to 'workbook.exe' and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4.
Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?
A. The file will be detected by rule #2 as a "*.exe", a log entry will be created and the interface that received the traffic will be brought down.
B. Nothing, the file will go undetected.
C. The file will be detected by rule #1 as an 'Audio (mp3)', a log entry will be created and it will be allowed to pass through.
D. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.
正解:C
質問 8:
In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit.
A. Port3 is configured with an IP address for management access.
B. The Firewall rules are purged on the disconnected unit.
C. The HA mode changes to standalone.
D. All other interface IP settings are maintained.
正解:A,C
質問 9:
Examine the static route configuration shown below; then answer the question following it.
config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next
end
Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)
A. Traffic to 172.20.1.0/24 will be shared through both routes.
B. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
C. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.
D. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.
E. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.
正解:B,C
Igarashi -
すごい。
Pass4Testの問題集は助かりました。FCNSPの本場試験に合格致しました。