没有合适的资源?快使用搜索试试~ 我知道了~
NSE4-7学习文档手册.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 20 浏览量
2022-10-19
14:42:01
上传
评论
收藏 5.46MB PDF 举报
温馨提示
试读
115页
NSE4_7学习文档手册.pdf
资源推荐
资源详情
资源评论
NSE4_7.0 new_formatted
Number: 000-000
Passing Score
: 800
Time Limit
: 120 min
File Version
: 1.0
Fortinet-NSE4_FGT-7.0
Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
Exam A
Sections
1. (none)
Exam A
QUESTION 1
50 - (Exam Topic 1)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
A. NGFW policy-based mode does not require the use of central source NAT policy
B. NGFW policy-based mode can only be applied globally and not on individual VDOMs
C. NGFW policy-based mode supports creating applications and web filtering categories directly in a
firewall policy
D. NGFW policy-based mode policies support only flow inspection
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
40 - (Exam Topic 1)
Refer to the exhibit.
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
A. The session is in SYN_SENT state.
B. The session is in FIN_ACK state.
C. The session is in FTN_WAIT state.
D. The session is in ESTABLISHED state.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation
Indicates TCP (proto=6) session in SYN_SENT state (proto=state=2) https://kb.fortinet.com/kb/
viewContent.do?externalId=FD30042
QUESTION 3
21 - (Exam Topic 1)
Which two statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode, files bigger than the buffer size are scanned.
B. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the
client.
C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it
to the client.
D. In flow-based inspection mode, files bigger than the buffer size are scanned.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation
An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That
is large enough for most files, except video files. If your FortiGate model has more RAM, you may be
able to increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this
threshold balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No.
Regardless of vendor or model, you must make a choice. This is because of the difference between
scans in theory, that have no limits, and scans on real-world devices, that have finite RAM. In order to
detect 100% of malware regardless of file size, a firewall would need infinitely large RAM--something
that no device has in the real world. Most viruses are very small. This table shows a typical tradeoff. You
can see that with the default 10 MB threshold, only 0.01% of viruses pass through.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation
An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That is
large enough for most files, except video files. If your FortiGate model has more RAM, you may be able to
increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this threshold
balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No. Regardless
of vendor or model, you must make a choice. This is because of the difference between scans in theory,
that have no limits, and scans on real-world devices, that have finite RAM. In order to detect 100% of
malware regardless of file size, a firewall would need infinitely large RAM--something that no device has in
the real world. Most viruses are very small. This table shows a typical tradeoff. You can see that with the
default 10 MB threshold, only 0.01% of viruses pass through.
QUESTION 4
22 - (Exam Topic 1)
Refer to the web filter raw logs.
Practice Test Fortinet - NSE4_FGT-7.0
Based on the raw logs shown in the exhibit, which statement is correct?
A. Social networking web filter category is configured with the action set to authenticate.
B. The action on firewall policy ID 1 is set to warning.
C. Access to the social networking web filter category was explicitly blocked to all users.
D. The name of the firewall policy is all_users_web.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
19 - (Exam Topic 1)
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA
cluster? (Choose two.)
A. FortiGuard web filter cache
B. FortiGate hostname
C. NTP
D. DNS
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
5 - (Exam Topic 1)
An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer
should start as soon as the user authenticates and expire after the configured value.
Which timeout option should be configured on FortiGate?
A. auth-on-demand
B. soft-timeout
C. idle-timeout
D. new-session
E. hard-timeout
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221#:~:text=Hard%20timeout%3A%20User%
20
QUESTION 7
16 - (Exam Topic 1)
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides
(client and server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
B. To finish any inspection operations
C. To remove the NAT operation
D. To generate logs
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation
TCP provides the ability for one end of a connection to terminate its output while still receiving data from
the other end. This is called a half-close. FortiGate unit implements a specific timer before removing an
entry in the firewall session table.
QUESTION 8
41 - (Exam Topic 1)
剩余114页未读,继续阅读
资源评论
资料库01
- 粉丝: 293
- 资源: 2359
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功