考题篇(6.2) 01 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
Posted meigang2012
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了考题篇(6.2) 01 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5相关的知识,希望对你有一定的参考价值。
Which two statements are correct regarding synchronization between primary and secondary devices in a FortiManager HA cluster? (Choose two) 〖关于FortiManager HA 集群中主备设备之间的同步,哪两条语句是正确的?(选择两个)〗
A. All device configurations including global databases are synchrorized in the HA cluster. 〖所有设备配置(包括全局数据库)都在HA集群中同步。〗
B. FortiGuard databases are downloaded separately by each cluster device. 〖FortiGuard数据库由每个集群设备分别下载。〗
C. FortiGuard databases are downloaded by the primary FortManager device and then synchronized with all secondary devices. 〖FortiGuard数据库由主FortiManager设备下载,然后与所有从设备同步。〗
D. Local logs and log configuration settings are synchronized in the HA cluster. 〖本地日志和日志配置在HA集群中同步。〗
【分析】
有一些配置设置、FortiGuard数据库和日志没有在主设备和从设备之间同步。FortiGuard数据库和软件包是单独下载的,每个设备都可以为被管理的设备提供FortiGuard服务。
【答案】A B
What will be the result of reverting to a previous revision version in the revision history?〖在修订历史中恢复到以前的修订版本会有什么结果?〗
A. It will install configuration changes to managed device automatically 〖它将自动安装配置更改到被管理的设备〗
B. It will tag the device settings status as Auto-Update 〖它将标记设备设置状态为自动更新〗
C. It will generate a new version ID and remove all other revision history versions 〖它将生成一个新的版本ID,并删除所有其他修订历史版本〗
D. It will modify the device-level database 〖它将修改设备级数据库〗
【分析】
修订历史中的还原操作将把设备数据库配置更改为以前的配置状态。
【答案】D
Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate.〖参考图片,你正在使用快速安装选项在被管理的FortiGate上安装配置更改。〗
Which two statements correctly describe the result? (Choose two.) 〖哪两个陈述正确地描述了结果?(选择两个)〗
A. It will not create a new revision in the revision history 〖它不会在修订历史中创建新的修订〗
B. It installs device-level changes to FortiGate without launching the Install Wizard 〖它在不启动安装向导的情况下将设备级更改安装到FortiGate〗
C. It cannot be canceled once initiated and changes will be installed on the managed device 〖一旦启动,就不能取消,更改将安装在被管理的设备上〗
D. It provides the option to preview configuration changes prior to installing them 〖它提供了在安装配置更改之前预览配置更改的选项〗
【分析】
快速安装选项允许你在不启动安装向导的情况下快速安装设备级设置。使用此选项时,无法在提交之前预览更改。管理员应该在使用这个安装选项之前确定更改,因为安装不能在流程启动后取消。
【答案】B C
An administrator's PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. 〖管理员的PC在提交工作流会话审批前崩溃。重启PC后,管理员注意到ADOM在崩溃前已经被锁定。〗
How can the administrator unlock the ADOM? 〖管理员如何解锁ADOM?〗
A. Restore the configuration from a previous backup. 〖从以前的备份恢复配置。〗
B. Log in as Super_User in order to unlock the ADOM. 〖以Super_User身份登录以解锁ADOM。〗
C. Log in using the same administrator account to unlock the ADOM. 〖请使用同一管理员帐号登录解锁。〗
D. Delete the previous admin session manually through the FortiManager GUI or CLI. 〖通过FortiManager GUI或CLI手动删除以前的admin会话。〗
【分析】
当ADOM被锁定时,如果遇到FortiManager的连接意外关闭(PC崩溃或浏览器关闭),它将保持锁定状态,直到管理员会话超时或会话被删除。管理员可以通过GUl或CLI方式删除会话。删除前一个会话后,ADOM将立即解锁。
【答案】D
What does a policy package status of Conflict indicate? 〖策略包状态为冲突表示什么?〗
A. The policy package reports inconsistencies and conflicts during a Policy Consistency Check. 〖在进行策略一致性检查时,策略包会报告不一致和冲突。〗
B. The policy package does not have a FortiGate as the installation target. 〖策略包没有FortiGate作为安装目标。〗
C. The policy package configuration has been changed on both FortiManager and the managed device independently. 〖在FortiManager和被管理设备上已经分别更改了策略包配置。〗
D. The policy configuration has never been imported after a device was registered on FortiManager. 〖在FortiManager上注册设备后,未导入策略配置。〗
【分析】
冲突:如果你在FortiGate上进行了本地策略配置更改,但没有将更改导入到策略包中,并且你也在FortiManager上进行了更改,则状态将进入冲突状态。根据配置更改,你可以导入策略包或从FortiManager安装更改。
【答案】A
Which statement correctly identified the APIs supported by FortiManager? 〖哪个陈述正确地识别了FortiManager支持的API?〗
A. JSON and XML
B. JSON and YAML
C. YAML and REST
D. XML and YAML
【分析】
如果你想使用API来监视你的系统,或者使用第三方设备来设置或获取数据,你可以使用JSON和XML API。FortiManager API是一个非常强大的工具,它向客户提供管理web门户、自动部署和供应系统。
【答案】A
An administrator has added all the devices in a Security Fabric group to FortiManager. How does the administrator identify the root FortiGate? 〖管理员已将Security Fabric组中的所有设备添加到FortiManager中。管理员如何识别根FortiGate?〗
A. By a dollar symbol ($) at the end of the device name 〖通过设备名末尾的美元符号($)〗
B. By an at symbol (@) at the end of the device name 〖通过设备名末尾的at符号(@)〗
C. By a Question: mark(?) at the end of the device name 〖通过设备名末尾的问号(?)〗
D. By an Asterisk (*) at the end of the device name 〖通过设备名末尾的星号(*)〗
【分析】
末尾星号标识根FortiGate
【答案】D
Which two statements are correct for configuration changes made by FortiManager scripts? (Choose two) 〖对于FortiManager脚本所做的配置更改,哪两条语句是正确的?(选择两个)〗
A. When run on the device database, you can install changes to the managed FortiGate devices using the installation wizard. 〖在设备数据库上运行时,可以使用安装向导安装被管理FortiGate设备的更改。〗
B. When run on the device database, changes are automatically installed to the managed FortiGate devices. 〖当在设备数据库上运行时,被管理FortiGate设备将自动安装更改。〗
C. When run on managed devices directly, changes are automatically installed to the managed FortiGate devices. 〖当直接在被管理设备上运行时,更改会自动安装到被管理FortiGate设备上。〗
D. When run on managed devices directly, you can install changes to the managed FortiGate devices using the installation wizard. 〖当直接在被管理设备上运行时,你可以使用安装向导安装对被管理FortiGate设备的更改。〗
【分析】
脚本可以以三种不同的方式运行:
● 设备数据库:默认情况下,在设备数据库上执行脚本。建议你在设备数据库上运行更改(默认设置),因为这允许你检查将发送给被管理设备的配置更改。一旦脚本在设备数据库上运行,你就可以使用安装向导将更改安装到被管理设备上。
● 策略包,ADOM数据库:如果脚本包含与ADOM级对象和策略相关的更改,你可以更改默认选择,以在策略包、ADOM数据库上运行,然后可以使用安装向导进行安装。
● Remote FortiGate Directly(通过CLI):脚本可以直接在设备上执行,不需要使用安装向导安装更改。由于更改直接安装在被管理设备上,因此在执行配置更改之前,不提供通过FortiManager验证和检查配置更改的选项。
【答案】A C
Refer to the exhibit. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.) 〖参考图片,如果FortiManager和FortiGate都在NAT设备后面,这两个预期结果是什么?(选择两个)〗
A. During discovery, the FortiManager NATed IP address is not set by default on FortiGate. 〖发现过程中,FortiGate上没有默认设置FortiManager nat IP地址。〗
B. FortiGate can announce itself to FortiManager only if the FortiManager non-NATed IP address is configured on FortiGate under central management. 〖只有在中央管理下的FortiGate上配置了FortiManager非nat IP地址时,FortiGate才能向FortiManager宣布自己。〗
C. FortiGate is discovered by FortiManager through the FortiGate NATed IP address. 〖FortiGate是由FortiManager通过FortiGate nat IP地址发现的。〗
D. If the FGFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel. 〖如果FGFM隧道被拆除,FortiManager将尝试重建FGFM隧道。〗
【分析】
如果两个设备(FortiManager和FortiGate)都位于NAT设备后面,FortiManager通过FortiGate nat IP地址发现FortiGate设备。就像在NAT后的FortiManager场景中一样,这个场景中的FortiManager NAT IP地址不是在FortiGate中央管理配置下配置的。如果FGFM隧道中断,FortiManager将不会尝试重新建立到FortiGate nat地址的FGFM隧道。如果在中央管理配置下在FortiGate上配置了FortiManager nat IP地址,如果被拆除,FortiGate会尝试重新建立fgffm隧道。
【答案】A C
Which two statements are correct regarding synchronization between primary and secondary devices in a FortiManager HA cluster? (Choose two) 〖关于FortiManager HA集群中主备设备之间的同步,哪两条语句是正确的?(选择两个)〗
A. FortiGuard databases are downloaded separately by each cluster device. 〖FortiGuard数据库由每个集群设备分别下载。〗
B. FortiGuard databases are downloaded by the primary FortiManager device and then synchronized with all secondary devices. 〖FortiGuard数据库由主FortiManager设备下载,然后与所有从设备同步。〗
C. All device configurations including global databases are synchrorized in the HA cluster. 〖所有设备配置(包括全局数据库)都在HA集群中同步。〗
D. Local logs and log configuration settings are synchronized in the HA cluster. 〖本地日志和日志配置在HA集群中同步。〗
【分析】
有一些配置设置、FortiGuard数据库和日志没有在主设备和从设备之间同步。FortiGuard数据库和软件包是单独下载的,每个设备都可以为被管理的设备提供FortiGuard服务。
【答案】A C
以上是关于考题篇(6.2) 01 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5的主要内容,如果未能解决你的问题,请参考以下文章
考题篇(6.2) 01 ❀ 企业防火墙 ❀ Fortinet 网络安全架构师 NSE7
考题篇(6.2) 06 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 02 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 03 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5