Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.)
A. The device this command is executed on is likely to switch from master to slave status if master override is enabled.
B. The device this command is executed on is likely to switch from master to slave status if master override is disabled.
C. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.
D. This command has no impact on the HA algorithm.
正解:B,C
質問 2:
Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. There will be a DH exchange for each re-key.
B. The Phase 2 will re-key even if there is no traffic.
C. The sequence number of ESP packets received from the peer will not be checked.
D. Quick mode selectors will default to those used in the firewall policy.
正解:A,B
質問 3:
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.)
A. An FSSO Domain Controller Agent must be installed on every domain controller.
B. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
C. An FSSO Collector Agent must be installed on every domain controller.
D. For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client.
E. The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit.
正解:A,B
質問 4:
Review the output of the command config router ospf shown in the Exhibit below; then answer the
question following it.
Which one of the following statements is correct regarding this output?
A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2.
B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.
C. OSPF Hello packets are not sent on point-to-point networks.
D. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.
正解:D
質問 5:
Review the configuration for FortiClient IPsec shown in the Exhibit below.
Which of the following statements is correct regarding this configuration?
A. The connecting VPN client will connect in web portal mode and no route will be installed
B. The connecting VPN client will install a default route
C. The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object
D. The connecting VPN client will install a route to the 172.20.1.[1-5] address range
正解:C
質問 6:
If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)?
A. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings.
B. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors.
C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options.
D. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors.
E. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options.
正解:C
質問 7:
Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?
A. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols.
B. Antivirus scanning provides end-to-end virus protection for client workstations.
C. Antivirus scanning supports banned word checking.
D. Antivirus scanning supports grayware protection.
正解:D
質問 8:
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
user1 # get system interface == [ internal ] namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE. physical mtu-overridE. disable == [ vlan1 ] namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
S 10.0.0.0/8 [10/0] is a summary, Null C 10.0.1.0/25 is directly connected, vlan1 C 10.0.1.128/25 is directly connected, internal
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130
:47922->10.0.1.1:443) from internal."
id=20085 trace_id=277 msg="allocate a new session-00000b21"
id=20085 trace_id=277 msg="iprope_in_check() check failed, drop"
Based on the output from these commands, which of the following is a possible cause of the problem?
A. The PC has an IP address in the wrong subnet.
B. The PC is using an incorrect default gateway IP address.
C. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.
D. The FortiGate unit has no route back to the PC.
正解:C
Nagata -
FCNSP.v5問題集一つで万全の試験対策が出来て素敵な問題集になっている。受験直前までの仕上げ学習をガッチリサポート!