更多"[单选题]Which security feature does Fo"的相关试题:
[单选题]
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
A. Denial of Service
B. Web application firewall
C. Antivirus
D. Application control
[多选题]
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
A. The subject field in the server certificate
B. The serial number in the server certificate
C. The server name indication (SNI) extension in the client hello message
D. The subject alternative name (SAN) field in the server certificate
E. The host field in the HTTP header
[单选题]
Examine this FortiGate configuration:How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires
Authorization?
A. It always authorizes the traffic without requiring authentication.
B. It drops the traffic.
C. It authenticates the traffic using the authentication scheme SCHEME2.
D. It authenticates the traffic using the authentication scheme SCHEME1.
[单选题]
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
A. Add the support of NTLM authentication.
B. Add user accounts to Active Directory (AD).
C. Add user accounts to the FortiGate group fitter.
D. Add user accounts to the Ignore User List.
[单选题]
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
A. Full Content inspection
B. Proxy-based inspection
C. Certificate inspection
D. Flow-based inspection
[单选题]
Why does FortiGate Keep TCP sessions in the session table for several seconds even after both sides (client and server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
B. To finish any inspection operations
C. To remove the NAT operation
D. To generate logs
[单选题]
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
A. To remove the NAT operation.
B. To generate logs
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
[单选题]
How does FortiGate act when using SSL VPN in web mode?
A. FortiGate acts as an FDS server.
B. FortiGate acts as an HTTP reverse proxy.
C. FortiGate acts as DNS server.
D. FortiGate acts as router.
[多选题]LTE广播业务技术(eMBMS)需要开启哪几个feature?( )
A.FAJ 121 302 - LTE Broadcast
B.FAJ 1214471 - Ericsson Lean Carrier
C.FAJ 121 3022 - eMBMS IP Multicast Support
D.FAJ 121 3059 - Internal MCE
E.E. FAJ 121 3070 - SIB16 Time Information Broadcast
F.以上皆是
[单选题]
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
A. The collector agent uses a Windows API to query DCs for user logins.
B. NetAPI polling can increase bandwidth usage in large networks.
C. The collector agent must search security event logs.
D. The NetSessionEnum function is user] to track user logouts.
[单选题] Which of the following statements is correct according to this passage?
A. Mr. Barge is not fond of the music.
B. Mr. Barge likes music, but he doesn’t like the noise.
C. Mr. Barge often goes out in the evenings to give music lessons.
D. Mr. Barge expects a reply from Mrs. Huggett.
[多选题]
Which two statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode files bigger than the buffer size are scanned.
B. In flow-based inspection mode. FortiGate buffers the file but also simultaneously transmits it to the client.
C. In proxy-based inspection mode antivirus scanning buffers the whole file for scanning before sending it to the client.
D. In flow-based inspection mode files bigger than the buffer size are scanned.
[多选题]
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
A. For a stronger authentication you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.
[单选题]
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
A. Subject Key Identifier value
B. SMMIE Capabilities value
C. Subject value
D. Subject Alternative Name value
[单选题]
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
A. diagnose wad session list
B. diagnose wad session list | grep hook-pre&&hook-out
C. diagnose wad session list | grep hook=pre&&hook=out
D. diagnose wad session list | grep "hook=pre"&"hook=out"
[多选题]
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
A. hard-timeout
B. auth-on-demand
C. soft-timeout
D. new-session
E. Idle-timeout
[单选题]
Which CLI command allows administrators to troubleshoot Layer 2 issues such as an IP address conflict?
A. get system status
B. get system performance status
C. diagnose sys top
D. get system arp
[单选题]
Examine the exhibit which contains a virtual IP and firewall policy configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
A. 10.200.1.10
B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
C. 10.200.1.1
D. 10.0.1.254
[单选题]
Which scanning technique on FortiGate can be enabled only on the CLI?
A. Heuristics scan
B. Trojan scan
C. Antivirus scan
D. Ransomware scan
