初心者向けのNSE7_EFW-7.0試験 [2022] 問題集でFortinetのPDF問題 [Q47-Q67]

初心者向けのNSE7_EFW-7.0試験 [2022] 問題集でFortinetのPDF問題

NSE7_EFW-7.0プレミアム試験エンジンPDFをダウンロード

質問 47
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

A. The state of the remote BGP peer is OpenConfirm.
B. Local BGP peer received a prefix fora default route.
C. The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
D. BGP peers have successfully interchanged Open and Keepalive messages.

正解: B,D

質問 48
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the 'diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems .
What should the administrator check? (Choose two.)

A. The user student must not be listed in the CA's ignore user list.
B. The user student must belong to one or more of the monitored user groups.
C. The student workstation's IP subnet must be listed in the CA's trusted list.
D. At least one of the student's user groups must be allowed by a FortiGate firewall policy.

正解: A,B

質問 49
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

A. No sessions have been deleted because of memory pages exhaustion.
B. There are 0 ephemeral sessions.
C. All the sessions in the session table are TCP sessions.
D. There are 166 TCP sessions waiting to complete the three-way handshake.

正解: A,B

質問 50
In which two states is a given session categorized as ephemeral? (Choose two.)

A. A UDP session with only one packet received.
B. A TCP session waiting to complete the three-way handshake.
C. A TCP session waiting for FIN ACK.
D. A UDP session with packets sent and received.

正解: A,C

質問 51
Which two statements about an auxiliary session are true? (Choose two.)

A. With the auxiliary session disabled, only auxiliary sessions will be offloaded.
B. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.
D. With the auxiliary session setting enabled, two sessions will be created in case of routing change.

正解: B,D

質問 52
Which statement is true regarding File description (FD) conserve mode?

A. A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
B. IPS inspection is affected when FortiGate enters FD conserve mode.
C. FD conserve mode affects all daemons running on the device.
D. Restarting the WAD process is required to leave FD conserve mode.

正解: A

質問 53
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn't the tunnel come up?

A. The pre-shared keys do not match.
B. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.
C. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.
D. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.

正解: C

質問 54
View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

A. This session cannot be synced with the slave unit.
B. The inspection of this session has been offloaded to the slave unit.
C. This session is for HA heartbeat traffic.
D. This session is synced with the slave unit.

正解: D

質問 55
View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

A. port1
B. Both port1 and port2
C. port2
D. port3

正解: A

質問 56
Which two statements about OCVPN are true? (Choose two.)

A. OCVPN supports static and dynamic IPs in WAN interface.
B. OCVPN offers only Hub-Spoke VPNs.
C. FortiGate devices under different FortiCare accounts can be used to form OCVPN.
D. Only root vdom supports OCVPN.

正解: A,D

質問 57
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.
The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

A. Phase1; IKE mode configuration; XAuth; phase 2.
B. Phase1; IKE mode configuration; phase 2; XAuth.
C. Phase1; XAuth; IKE mode configuration; phase2.
D. Phase1; XAuth; phase 2; IKE mode configuration.

正解: C

質問 58
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx"
log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?

A. There is not enough available memory in the system to create a new entry in the NAT port table.
B. FortiGate does not have any available NAT port for a new connection.
C. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
D. The limit for the maximum number of entries in the NAT port table has been reached.

正解: C

質問 59
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.

Which statement are true regarding the output in the exhibit? (Choose two.)

A. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
B. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
C. A server's round trip delay (RTT) is not used to calculate its weight.
D. FortiGate will send the FortiGuard queries to the server with highest weight.

正解: B,D

質問 60
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

A. FortiManager does not support rating requests.
B. FortiManager supports only FortiGuard push to managed devices.
C. FortiManager will respond to update requests only if they originate from a managed device.
D. FortiManager can download and maintain local copies of FortiGuard databases.

正解: D

質問 61
View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

A. It is currently in FD conserve mode.
B. It is currently in system conserve mode because of high CPU usage.
C. It is currently in kernel conserve mode because of high memory usage.
D. It is currently in system conserve mode because of high memory usage.

正解: D

質問 62
The CLI command set intelligent-mode <enable | disable> controls the IPS engine's adaptive scanning behavior .
Which of the following statements describes IPS adaptive scanning?

A. Downloads signatures on demand from FDS based on scanning requirements.
B. Choose a matching algorithm based on available memory and the type of inspection being performed.
C. Determines when it is secure enough to stop scanning session traffic.
D. Determines the optimal number of IPS engines required based on system load.

正解: C

質問 63
A FortiGate has two default routes:

All Internet traffic is currently using port1.
The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

A. Session would remain in the session table and its traffic would keep using port1 as the outgoing interface.
B. Session would be deleted, so the client would need to start a new session.
C. Session would remain in the session table and its traffic would start using port2 as the outgoing interface.
D. Session would remain in the session table and its traffic would be shared between port1 and port2.

正解: A

質問 64
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions .
Which TCP session timer must be increased to fix this problem?

A. TCP time wait.
B. TCP session time to live.
C. TCP half close.
D. TCP half open.

正解: D

質問 65
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.
B. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.
C. The local BGP peer has received a total of three BGP prefixes.
D. For the peer 10.125.0.60, the BGP state of is Established.

正解: A,D

質問 66
Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)