質問 # 23 What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
A. It limits the scanning of application traffic to the application category only.
B. It limits the scanning of application traffic to the browser-based technology category only.
C. It limits the scanning of application traffic to use parent signatures only.
D. It limits the scanning of application traffic to the DNS protocol only.
正解:B
解説: https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/38324/ngfw-policy-based-mode 質問 # 24 Refer to the exhibit. The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.
Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)
A. FortiGate allocates port blocks on a first-come, first-served basis.
B. FortiGate generates a system event log for every port block allocation made per user.
C. FortiGate allocates port blocks per user, based on the configured range of internal IP addresses.
D. FortiGate allocates 128 port blocks per user.
正解:C、D 質問 # 25 View the exhibit.
Which of the following statements are correct? (Choose two.)
A. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
B. This setup requires at least two firewall policies with the action set to IPsec.
C. Dead peer detection must be disabled to support this type of IPsec setup.
D. This is a redundant IPsec setup.
正解:A、D
解説: https://docs.fortinet.com/document/fortigate/6.2.4/cookbook/632796/ospf-with-ipsec-vpn-for-network-redundancy 質問 # 26 Which of the following statements about central NAT are true? (Choose two.)
A. Central NAT can be enabled or disabled from the CLI only.
B. IP tool references must be removed from existing firewall policies before enabling central NAT .
C. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
D. Source NAT, using central NAT, requires at least one central SNAT policy.
正解:A、B 質問 # 27 An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?