最新的 Network Security NSE4 免費考試真題:

1. What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.)

A) FortiToken.
B) Email.
C) SMS phone message.
D) Browser pop-up window.
E) Code books.

2. An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

A) The IPsec firewall policies must be placed at the top of the list.
B) Routes are automatically created based on the quick mode selectors.
C) This VPN cannot be used as a part of a hub and spoke topology.
D) A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

3. Examine the static route configuration shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.1.0 255.255.255.0
set device port1
set gateway 172.11.12.1
set distance 10
set weight 5
next
edit 2
set dst 172.20.1.0 255.255.255.0
set blackhole enable
set distance 5
set weight 10
next
end
Which of the following statements correctly describes the static routing configuration provided? (Choose two.)

A) As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1.
if the interface port1 is down, the traffic is routed using the blackhole route.
B) The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
C) All traffic to 172.20.1.0/24 is dropped by the FortiGate.
D) The FortiGate unit creates a session entry in the session table when the traffic is being routed by the blackhole route.

4. Which statement regarding the firewall policy authentication timeout is true?

A) It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.
B) It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MA
C) It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
D) It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

5. Examine this log entry.
What does the log indicate? (Choose three.)
date=2013-12-04 time=09:30:18 logid=0100032001 type=event subtype=system level=information vd="root" user="admin" ui=http(192.168.1.112) action=login status=success reason=none profile="super_admin" msg="Administrator admin logged in successfully from http(192.168.1.112)"

A) In the GUI, the log entry was located under "Log & Report > Event Log > User".
B) In the GUI, the log entry was located under "Log & Report > Traffic Log > Local Traffic".
C) The connection was encrypted.
D) The IP of the FortiGate interface that "admin" connected to was 192.168.1.112.
E) The connection was unencrypted.
F) In the GUI, the log entry was located under "Log & Report > Event Log > System".
G) The IP of the computer that "admin" connected from was 192.168.1.112.

問題與答案：