最新的Fortinet Certification認證 FCNSP.v5考試題庫

問題1

When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option.
What is a valid reason for using the Full Search option, instead?

A. The search items you are looking for are not contained in indexed log fields.

B. You want the search to include the FortiAnalyzer's local logs.

C. You want the search to include content archive data as well.

D. A quick search only searches data received within the last 24 hours.

正確答案: A

問題2

When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?

A. Organizational Unit

B. Validity

C. Common Name

D. Organization

E. Serial Number

正確答案: C

問題3

Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)

A. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.

B. VDOMs share firmware versions, as well as antivirus and IPS databases.

C. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.

D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.

正確答案: A,B,C

問題4

With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.
If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)

A. The Collector Agent performs the DNS lookup for the authenticated client's IP address.

B. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.

C. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.

D. The login event is sent to the Collector Agent.

正確答案: A,D

問題5

The following diagnostic output is displayed in the CLI:
diag firewall auth list
policy iD. 9, srC. 192.168.3.168, action: accept, timeout: 13427
user: forticlient_chk_only, group:
flag (80020): auth timeout_ext, flag2 (40): exact group iD. 0, av group: 0
----- 1 listed, 0 filtered -----
Based on this output, which of the following statements is correct?

A. Firewall policy 9 has endpoint compliance enabled but not firewall authentication.

B. The client check that is part of an SSL VPN connection attempt failed.

C. An auth-keepalive value has been enabled.

D. This user has been associated with a guest profile as evidenced by the group id of 0.

正確答案: A

問題6

A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office.
The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers.
What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?

A. Dynamic routing protocols cannot be used over IPSec VPN tunnels.

B. Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

C. Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.

D. Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

正確答案: B

問題7

Examine the Exhibit shown below; then answer the question following it.

The Vancouver FortiGate unit initially had the following information in its routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2 C 172.21.0.0/16 is directly connected, port2 C 172.11.11.0/24 is directly connected, port1
Afterwards, the following static route was added:
config router static edit 6 set dst 172.20.1.0 255.255.255.0 set pririoty 0 set device port1 set gateway 172.11.12.1
next end
Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

A. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.

B. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.

C. The static route configuration is missing the distance setting.

D. The priority is 0, which means that the route will remain inactive.

正確答案: A

問題8

You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route.
Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)

A. Create a phase 1 definition.

B. Create a phase 2 definition.

C. Add a route for incoming traffic.

D. Create two firewall policies.

E. Add a route for the remote subnet.

F. Create one firewall policy.

正確答案: A,B,D,E

問題9

How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

A. File TypE. Microsoft Office(msoffice)

B. File Nam "*.pptx", "*.docx", "*.xlsx"

C. File NamE. "*.ppt", "*.doc", "*.xls"

D. File TypE. Archive(zip)

E. File TypE. Unknown Filetype(unknown)

正確答案: B,D

問題10

An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121.
Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message.
Which of the following statements represents the best solution to this problem?

A. Create a new session helper for the FTP service monitoring port 2121.

B. Place the client and server interface in the same zone and enable intra-zone traffic.

C. Disable any protection profiles being applied to FTP traffic.

D. Enable the ANY service in the firewall policies for both incoming and outgoing traffic.

正確答案: A

最新的Fortinet Certified Network Security Professional (FCNSP.v5) - FCNSP.v5免費考試真題

最新更新

站內鏈接

聯系我們