更多"[单选题]Which statement about the poli"的相关试题:
[单选题]
Which statement regarding the firewall policy authentication timeout is true?
A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.
D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.
[单选题]
Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.
B. AH does not support perfect forward secrecy.
C. AH provides data integrity bur no encryption.
D. AH provides strong data integrity but weak encryption.
[多选题]Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. The firmware image must be manually uploaded to each FortiGate.
B. Only secondary FortiGate devices are rebooted.
C. Uninterruptable upgrade is enabled by default.
D. Traffic load balancing is temporally disabled while upgrading the firmware.
[多选题]
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
A. For a stronger authentication you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.
[多选题]
Which two statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode files bigger than the buffer size are scanned.
B. In flow-based inspection mode. FortiGate buffers the file but also simultaneously transmits it to the client.
C. In proxy-based inspection mode antivirus scanning buffers the whole file for scanning before sending it to the client.
D. In flow-based inspection mode files bigger than the buffer size are scanned.
[多选题]
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
A. Phase 2 SAs are used for encrypting and decrypting the data exchanged through the tunnel.
B. An SA never expires.
C. A phase 1 SA is bidirectional while a phase 2 SA is directional.
D. Phase 2 SA expiration can be time-based volume-based or both.
E. Both the phase 1 SA and phase 2 SA are bidirectional.
[多选题]
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
A. IPS engine handles the process as a standalone.
B. FortiGate buffers the whole file but transmits to the client simultaneously.
C. If the virus is detected the last packet is delivered to the client.
D. Optimized performance compared to proxy-based inspection.
E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
[多选题]
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
A. Log downloads from the GUI are limited to the current filter view
B. Log backups from the CLI cannot be restored to another FortiGate.
C. Log backups from the CLI can be configured to upload to FTP as a scheduled time
D. Log downloads from the GUI are stored as LZ4 compressed files.
[多选题]
Which two statements are true about collector agent standard access mode? (Choose two.)
A. Standard mode uses Windows convention-NetBios: Domain\Username.
B. Standard mode security profiles apply to organizational units (OU).
C. Standard mode security profiles apply to user groups.
D. Standard access mode supports nested groups.
[多选题]
Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT using central NAT requires at least one central SNAT policy.
D. Destination NAT using central NAT requires a VIP object as the destination address in a firewall.
[多选题]
Which two statements are correct about SLA targets? (Choose two.)
A. You can configure only two SLA targets per one Performance SLA.
B. SLA targets are optional.
C. SLA targets are required for SD-WAN rules with a Best Quality strategy.
D. SLA targets are used only when referenced by an SD-WAN rule.
[多选题]
Which two statements are true about the FGCP protocol? (Choose two.)
A. Not used when FortiGate is in Transparent mode
B. Elects the primary FortiGate device
C. Runs only over the heartbeat links
D. Is used to discover FortiGate devices in different HA groups
[单选题]
Which of statement is true about SSL VPN web mode?
A. The tunnel is up while the client is connected.
B. It supports a limited number of protocols.
C. The external network application sends data through the VPN.
D. It assigns a virtual IP address to the client.
[多选题]
Which two statements ate true about the Security Fabric rating? (Choose two.)
A. It provides executive summaries of the four largest areas of security focus.
B. Many of the security issues can be fixed immediately by click ng Apply where available.
C. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
D. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
[多选题]
Which two statements are true about the RPF check? (Choose two.)
A. The RPF check is run on the first sent packet of any new session.
B. The RPF check is run on the first reply packet of any new session.
C. The RPF check is run on the first sent and reply packet of any new session.
D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.
[单选题]函数如下:
DefchanageInt(number2):
Number2=number2+1
Print("changeInt:number2=",number2)
#调用
Number1=2
ChanageInt(number1)
Print("number:",number1)
打印结果哪项是正确的()
A.changeInt:number2=3number:3
B.changeInt:number2=3number:2
C.number:2changeInt:number2=2
D.number:2changeInt:number2=3
[单选题]
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
A. Fabric Coverage
B. Automated Response
C. Security Posture
D. Optimization
[单选题]
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
A. Denial of Service
B. Application control
C. Antivirus
D. Web application firewall
[单选题]
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
A. The collector agent uses a Windows API to query DCs for user logins.
B. NetAPI polling can increase bandwidth usage in large networks.
C. The collector agent must search security event logs.
D. The NetSessionEnum function is user] to track user logouts.
