考题篇(6.2) 08 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
Posted meigang2012
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了考题篇(6.2) 08 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5相关的知识,希望对你有一定的参考价值。
An administrator configures a new firewall policy on FortiManager and has not yet pushed the changes to the managed FortiGate. 〖管理员在FortiManager上配置了新的防火墙策略,但尚未将更改推送到被管理的FortiGate。〗
In which database will the configuration be saved? 〖配置将保存在哪个数据库中?〗
A. Device-level database 〖设备级数据库〗
B. Revision history database 〖修订历史数据库〗
C. ADOM-level database 〖ADOM级数据库〗
D. Configuration-level database 〖配置级数据库〗
【分析】
ADOM是可读写的,它允许你对存储在ADOM数据库中的托管设备进行配置更改,然后将这些更改安装到托管设备上。
【答案】C
View the following exhibit. Which of the following statements are true based on this configuration setting? (Choose two.) 〖查看下列图片,根据这个配置设置,下列哪个陈述是正确的?(选择两个)〗
A. This setting will enable the ADOMs feature on FortiManager 〖此设置将启用FortiManager上的ADOM特性〗
B. This setting is applied globally to all ADOMs. 〖此设置全局应用于所有ADOM。〗
C. This setting will allow assigning different VDOMs from the same FortiGate to different ADOMs. 〖此设置将允许将来自相同FortiGate的不同VDOM分配给不同的ADOM。〗
D. This setting will allow automatic updates to the policy package configuration for a managed device.〖此设置将允许自动更新被管理设备的策略包配置。〗
【分析】
在高级模式下,可以将来自同一FortiGate设备的不同VDOM分配给不同的ADOM。该设置将全局应用于所有ADOM。这将导致更复杂的管理场景。建议仅适用于高级用户。
【答案】B C
Refer to the exhibit. Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.) 〖查看下列图片,关于在FortiManager上Normal模式下的ADOM设置的哪两条语句是正确的?(选择两个)〗
A. It supports the FortiManager script feature 〖它支持FortiManager脚本特性〗
B. It allows making configuration changes for managed devices on FortiManager panes 〖它允许在FortiManager窗格上更改被管理设备的配置〗
C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate 〖FortiManager会自动在被管理FortiGate上安装修订版本中的配置差异〗
D. You cannot assign the same ADOM to multiple administrators 〖不能将同一个ADOM分配给多个管理员〗
【分析】
你还可以通过FortiGate CLI或GUI直接对每个被管理设备进行配置更改。这将触发被管理设备在FortiManager上自动更新FortiGate修订历史。但是,自动更新有一个限制,它只更新设备管理器的更改,而不更新策略和对象的更改。
【答案】B C
View the following exhibit, which shows the Download Import Report: 〖查看下列图片,其中显示了下载导入报告:〗
Why it is failing to import firewall policy ID 2? 〖为什么导入防火墙2号策略失败?〗
A. The address object used in policy ID 2 already exist in ADOM database with any as interface association and conflicts with address object interface association locally on the FortiGate 〖2号策略中使用的地址对象已经存在于ADOM数据库中,并且与FortiGate上本地的地址对象接口关联存在冲突〗
B. Policy ID 2 is configured from interface any to port6 FortiManager rejects to import this policy because any interface does not exist on FortiManager 〖2号策略从接口any配置到端口6,FortiManager拒绝导入该策略,因为FortiManager上没有任何接口〗
C. Policy ID 2 does not have ADOM Interface mapping configured on FortiManager 〖2号策略没有在FortiManager上配置ADOM接口映射〗
D. Policy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate. 〖这个被管理FortiGate的2号策略已经存在于FortiManager上名为Remote-FortiGate的策略包中。〗
【分析】
如果地址对象名称相同,但本地包含不同的值,那么FortiManager可以为地址对象创建动态映射。但是,有一个限制——关联的接口不能不同。这是因为,在ADOM级别上,这个地址对象可能被其他策略包使用,它们可能没有相同的接口。”本例中的地址对象名称为“REMOTE_SUBNET”。接口绑定有两个不同的接口'ANY'和“Port6”。它们不可能不同。
【答案】A
What statement correct compares FortiManager physical and virtual appliances? 〖比较FortiManager物理设备和虚拟设备的正确语句是什么?〗
A. Physical and virtual FortiManager appliances may manage unlimited devices and have unrestricted storage. 〖物理和虚拟FortiManager设备可以管理无限的设备,并具有无限制的存储空间。〗
B. Physical and virtual FortiManager appliances use licenses to increase managed device and storage capacity limits. 〖物理和虚拟FortiManager设备使用许可证来增加管理的设备和存储容量限制。〗
C. Physical and virtual FortiManager appliances have an unrestricted daily logging rate. 〖物理和虚拟FortiManager设备具有不受限制的每日日志记录速率。〗
D. Physical and virtual FortiManager appliances use model types and licenses respectively, to differentiate managed device and storage capacity limits. 〖物理和虚拟FortiManager设备分别使用模型类型和许可证,以区分被管理的设备和存储容量限制。〗
【分析】
FortiManager物理设备或虚拟机许可证支持的设备数量有限,具体数量取决于设备大小或许可证类型。
【答案】D
A FortiGate device is imported to FortiManager using the settings given in the exhibit. 〖使用下列图片中给出的设置将FortiGate设备导入到FortiManager。〗
An administrator subsequently modifies and installs the policy package. Which two statements are correct regarding the scenario? (Choose two)〖管理员随后修改并安装策略包。关于这个情景,哪两种说法是正确的?(选择两个)〗
A. The orphan (unused) objects that are not tied to policies locally on the FortiGate will be deleted on install. 〖没有绑定到FortiGate本地策略的孤立(未使用)对象将在安装时删除。〗
B. The orphan (unused) objects that are not tied to policies locally on the FortiGate will not be deleted on install. 〖没有绑定到FortiGate本地策略的孤(未使用)对象不会在安装时被删除。〗
C. The FortiManager imported all unused objects to the ADOM object database. These objects can be used by referencing in the policies on FortiManager and installing to the managed devices. 〖FortiManager将所有未使用的对象导入到ADOM对象数据库。这些对象可以通过在FortiManager上引用策略并安装到被管理的设备中来使用。〗
D. The FortiManager did not import unused objects to the ADOM object database. These objects cannot be used by referencing in the policies on FortiManager and installing to the managed devices.〖FortiManager没有将未使用的对象导入到ADOM对象数据库。不能通过在FortiManager上的策略中引用和安装到被管理设备来使用这些对象〗
【分析】
可以选择是导入所有已配置的对象,还是只导入当前防火墙策略引用的对象。无论你选择只导入依赖于策略的对象还是导入所有对象,系统都将在下一次安装中删除未绑定到FortiGate本地策略的孤立(未使用)对象。
【答案】A D
When configuring FortiGuard on FortiManger. Which two statements are correct regarding Allow Push Update settings configured in the FortiGuard. Antivirus and IPS Settings? (Choose two) 〖在FortiManger上配置FortiGuard时。关于在FortiGuard中配置的允许Push Update设置,哪两个语句是正确的。防病毒和IPS设置?(选择两个)〗
A. If an urgent or critical FortiGuard Antivirus and/or IPS update becomes available, the FortiManger bult-in FDS will send push update notifications to each managed device. 〖如果一个紧急或关键的FortiGuard防病毒和/或IPS更新可用,FortiManger内置FDS将发送推送更新通知给每个被管理的设备〗
B. If an urgent or critical FortiGuard Antivirus and/or IPS update becomes available, the FortiManger bult-in FDS will send push update notifications. 〖如果紧急或关键的FortiGuard防病毒和/或IPS更新可用,FortiManger内置FDS将发送推送更新通知。〗
C. FortiManager's built-in FDS service may not correctly receive push updates if the external facing IP address of any intermediary NAT device is dynamic. 〖如果中间NAT设备的外部IP地址是动态的,那么FortiManager的内置FDS服务可能无法正确接收推送更新。〗
D. FortiManager's built-in FDS service does not allow an administrator to override the default FortiManger IP address and port used by the FDN to send update messages.〖FortiManager的内置FDS服务不允许管理员覆盖FDN用于发送更新消息的默认FortiManager IP地址和端口。〗
【分析】
如果你启用了允许Push Update, FDN可以在FortiGuard公开发布新的签名更新时,将更新通知推送到FortiManager内置的FDS。然后FortiManager立即下载更新。
如果中间NAT设备的外部IP地址是动态的(如PPPoE或DHCP的IP地址),则内置FDS可能无法接收到推送更新。当NAT设备的外部IP地址发生变化时,FortiManager推送IP地址的配置就会过期。
【答案】B C
Which of the following items does an FGFM keepalive message include? (Choose two.) 〖FGFM保持活动消息包括下列哪项?(选择两个)〗
A. FortiGate uptime 〖FortiGate正常运行时间〗
B. FortiGate license information 〖FortiGate许可证信息〗
C. FortiGate IPS version 〖FortiGate IPS版本〗
D. FortiGate configuration checksum 〖FortiGate配置校验和〗
【分析】
从FortiGate设备发送keep-alive消息。keep-alive消息包括FortiGate配置的校验和、校验和计算同步状态。
【答案】B D
An administrator has enabled Service Access on FortiManager. 〖管理员已在FortiManager上开启了服务访问功能。〗
What is the purpose of Service Access on the FortiManager interface? 〖FortiManager接口上的服务访问的目的是什么?〗
A. Allows FortiManager to download IPS packages 〖允许FortiManager下载IPS包〗
B. Allows FortiManager to respond to request for FortiGuard services from FortiGate devices 〖允许FortiManager响应来自FortiGate设备的FortiGuard服务请求〗
C. Allows FortiManager to run real-time debugs on the managed devices 〖允许FortiManager在被管理设备上运行实时调试〗
D. Allows FortiManager to automatically configure a default route 〖允许FortiManager自动配置默认路由〗
【分析】
通过服务访问功能,可以在此界面上启用FortiManager响应被管理设备对FortiGuard服务的请求。这包括FortiGate更新和网络过滤。
【答案】B
An administrator run the reload failure command: diagnose test deploymanager reload config <deviceid> on FortiManager. What does this command do? 〖管理员在FortiManager执行重新加载失败命令:diagnose test deploymanager reload config <deviceid>。这个命令是做什么的?〗
A. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database. 〖它从指定的FortiGate下载最新的配置,并在设备数据库上执行重新加载操作。〗
B. It installs the latest configuration on the specified FortiGate and update the revision history database.〖它将在指定的FortiGate上安装最新配置,并更新修订历史数据库。〗
C. It compares and provides differences in configuration on FortiManager with the current running configuration of the fied FortiGate. 〖它比较并提供了FortiManager上的配置与当前运行的配置的差异。〗
D. It installs the provisioning template configuration on the specified FortiGate. 〖它将配置模板安装到指定的FortiGate上。〗
【分析】
从FortiGate重新加载配置。
【答案】A
以上是关于考题篇(6.2) 08 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5的主要内容,如果未能解决你的问题,请参考以下文章
考题篇(6.2) 02 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 03 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 01 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5
考题篇(6.2) 07 ❀ FortiManager ❀ Fortinet 网络安全专家 NSE 5