Marcos Avila
Quiz von , erstellt am more than 1 year ago

Fortigate Quiz am LAB 2 - Firewall Policies Quiz, erstellt von Marcos Avila am 20/10/2017.

326
1
0
Marcos Avila
Erstellt von Marcos Avila vor etwa 7 Jahre
Schließen

LAB 2 - Firewall Policies Quiz

Frage 1 von 10

1

What statement is true regarding the Policy Lookup feature?

Wähle eine der folgenden:

  • Searches matching policy based on input criteria

  • Allows traffic to pass through FortiGate based on input criteria, even when there is no firewall policy allowing it

  • Enables extended logging on the firewall policy based on input criteria

  • Creates packet capture in Wireshark format based on input criteria

Erklärung

Frage 2 von 10

1

Which FortiGate interface does source device type enable device detection on?

Wähle eine der folgenden:

  • Both source interface and destination interface of the firewall policy

  • All interfaces of FortiGate

  • Destination interface of the firewall policy only

  • Source interface of the firewall policy only

Erklärung

Frage 3 von 10

1

Which statements are true regarding device identification? (Choose two.)

Wähle eine oder mehr der folgenden:

  • Agent-based (FortiCIient) devices use the HTTP user-agent header to identify devices.

  • Agentless devices are indexed by their MAC address.

  • Agent-based (FortiCIient) devices are tracked by their FortiCIient unique ID

  • Only agent—based device identification techniques are supported.

Erklärung

Frage 4 von 10

1

Which statements correctly define Policy ID and policy Sequence number for firewall policies? (Choose two.)

Wähle eine oder mehr der folgenden:

  • A policy sequence number defines the order in which rules are processed.

  • A policy ID number is required to modify a firewall policy from the CLI.

  • A policy ID number changes when policies are re-ordered.

  • A policy sequence number reflects the number of objects used in the firewall policy.

Erklärung

Frage 5 von 10

1

Which statements are true regarding incoming and outgoing interfaces in firewall policies? (Choose two.)

Wähle eine oder mehr der folgenden:

  • Multiple interfaces can be selected as incoming and outgoing interfaces.

  • An incoming interface is mandatory in a firewall policy, but an outgoing interface is optional.

  • Only the any interface can be chosen as an incoming interface.

  • A zone can be chosen as the outgoing interface.

Erklärung

Frage 6 von 10

1

Examine the CLI configuration. What does this configuration do? (Choose two.)
config system setting
set ses—denied—traffic enable
end

Wähle eine oder mehr der folgenden:

  • It creates a session for traffic being denied.

  • It sends an alert notification to the administrator upon detecting denied traffic.

  • It reduces the amount of logs generated by denied traffic.

  • A log message will only generate if there is a security event.

Erklärung

Frage 7 von 10

1

What criteria does FortiGate use to match traffic to a firewall policy? (Choose two.)

Wähle eine oder mehr der folgenden:

  • Source and destination interfaces

  • Logging settings

  • Security profiles

  • Network services

Erklärung

Frage 8 von 10

1

Which statements are true regarding the By Sequence View for firewall policies? (Choose two.)

Wähle eine oder mehr der folgenden:

  • Does not show the source interface column

  • ls still available even when the any interface is being used in one or more firewall policies

  • Lists firewall policies primarily by their policy sequence number

  • ls disabled if any firewall policy has its status set to disable

Erklärung

Frage 9 von 10

1

What must be selected in the Source field of a firewall policy?

Wähle eine der folgenden:

  • At least one source user or user group object

  • At least one address object

  • At least one device object

  • At least one source user, one source device, and one source address object

Erklärung

Frage 10 von 10

1

What statement is true regarding the Service setting in a firewall policy?

Wähle eine der folgenden:

  • It is optional to add a service in a firewall policy.

  • It matches the traffic by port number.

  • Only one service object can be added to the firewall policy.

  • Administrators cannot create custom services objects.

Erklärung