最新のFortinet NSE7_EFW-7.0のPDFと問題集で（2023）無料試験問題解答 [Q61-Q84]

最新のFortinet NSE7_EFW-7.0のPDFと問題集で（2023）無料試験問題解答

あなたを合格させるNSE 7 Network Security Architect NSE7_EFW-7.0試験問題集で2023年04月29日には165問あります

Fortinet NSE7_EFW-7.0試験は、ITプロフェッショナルや雇用主によって世界的に認められているベンダー固有の認定資格です。この認定資格は、候補者がFortinet製品に基づいた企業用ファイアウォールソリューションを実装および管理する知識とスキルを持っていることを示しています。これは、ネットワークセキュリティのキャリアを進めたいITプロフェッショナルが、最新の技術を使用して組織のネットワークを高度な脅威から保護するための優れた資格です。

Fortinet NSE7_EFW-7.0は、ネットワークセキュリティソリューションの主要プロバイダーであるFortinetが提供する認定試験です。この試験は、Fortinetのエンタープライズファイアウォール製品を使用するネットワークセキュリティプロフェッショナルの知識とスキルを試験するよう設計されています。この試験は、Fortinetのセキュリティ技術、機能、機能性、およびFortinetエンタープライズファイアウォールの管理と保守のベストプラクティスを含む、広範なトピックをカバーしています。

 

質問 # 61
Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

• A. The remote gateway IP is 10.200.5.1.
• B. The remote gateway has quick mode selectors containing a destination subnet of 10.1.2.0/24.
• C. Anti-replay is enabled.
• D. DPD is disabled.

正解：B、C

解説：
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 427, 444
Since the local subnet is 10.1.2.0/24, the remote gateway has the destination subnet as 10.1.2.0. The remote gateway IP is 10.200.4.1. DPD is enabled (dpd-link=on)

質問 # 62
Refer to the exhibit, which contains the output of get system ha status.

Which two statements about the output are true? (Choose two.)

• A. The slave configuration is synchronized with the master.
• B. Master is selected based on the priority configured under config system ha.
• C. The HA management IP is 169.254.0.2.
• D. port7 is used as the HA heartbeat on all devices in the cluster.

正解：B、D

質問 # 63
Examine the output of the 'get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
• B. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
• C. The local BGP peer has received a total of 3 BGP prefixes.
• D. BGP state of the peer 10.125.0.60 is Established.

正解：B、D

質問 # 64
View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

• A. It is currently in kernel conserve mode because of high memory usage.
• B. It is currently in system conserve mode because of high memory usage.
• C. It is currently in FD conserve mode.
• D. It is currently in system conserve mode because of high CPU usage.

正解：B

質問 # 65
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

Based on the output, which of the following statements is correct?

• A. Quick mode selectors are disabled.
• B. Remote gateway IP is 10.200.5.1.
• C. DPD is disabled.
• D. Anti-reply is enabled.

正解：D

質問 # 66
Examine the output of the 'get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
• B. The local BGP peer has received a total of 3 BGP prefixes.
• C. Local BGP peer has not received an Open Confirm from 10.200.3.1.
• D. BGP state of the peer 10.125.0.60 is Established.

正解：C、D

質問 # 67
An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP.
The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

• A. Redirection of HTTP to HTTPS administrative access is disabled.
• B. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.
• C. The packet is denied because of reverse path forwarding check.
• D. HTTP administrative access is configured with a port number different than 80.

正解：B、D

質問 # 68
A FortiGate device has the following LDAP configuration:

The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?

• A. dn.
• B. cnid.
• C. password.
• D. username.

正解：D

解説：
https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516

質問 # 69
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. The local FortiGate has been elected as the OSPF backup designated router.
• B. The local FortiGate's OSPF router ID is 0.0.0.4
• C. In the network on port4, two OSPF routers are down.
• D. Port4 is connected to the OSPF backbone area.

正解：B、D

質問 # 70
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

• A. It is currently in system conserve mode because of high CPU usage.
• B. It is currently in proxy conserve mode because of high memory usage.
• C. It is currently in memory conserve mode because of high memory usage.
• D. It is currently in extreme conserve mode because of high memory usage.

正解：C

質問 # 71
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.

Which statement are true regarding the output in the exhibit? (Choose two.)

• A. A server's round trip delay (RTT) is not used to calculate its weight.
• B. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
• C. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
• D. FortiGate will send the FortiGuard queries to the server with highest weight.

正解：C、D

質問 # 72
Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)

• A. Importing static and dynamic route configurations from managed devices
• B. Importing firewall address objects from managed devices
• C. Importing interface mappings from managed devices
• D. Importing devices to FortiManager

正解：B、C

解説：
https://docs.fortinet.com/document/fortimanager/7.0.5/administration-guide/337348

質問 # 73
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?

• A. FortiGate uses the CN information from the Subject field in the server certificate.
• B. FortiGate switches to the full SSL inspection method to decrypt the data.
• C. FortiGate uses the requested URL from the user's web browser.
• D. FortiGate blocks the request without any further inspection.

正解：A

質問 # 74
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
• B. Local BGP peer received a prefix fora default route.
• C. The state of the remote BGP peer is OpenConfirm.
• D. BGP peers have successfully interchanged Open and Keepalive messages.

正解：B、D

質問 # 75
View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

• A. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.
• B. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
• C. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
• D. It is an ICMP session from 10.1.10.10 to 10.200.5.1.

正解：D

質問 # 76
A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

• A. dn.
• B. cnid.
• C. password.
• D. username.

正解：C、D

解説：
https://kb.fortinet.com/kb/viewContent.do?externalId=13141

質問 # 77
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn't the tunnel come up?

• A. The pre-shared keys do not match.
• B. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.
• C. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.
• D. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

正解：D

質問 # 78
Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

• A. If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.
• B. If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.
• C. If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.
• D. If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

正解：A、B

解説：
1. If FGVM...649 is rebooted, FGVM...650 will become the primary that is normal since it will be the only active firewall and retain that role since override is disabled. Even after FGVM...649 rejoins the cluster, 650 will not fail over as slave. C. If port7 (heartbeat port) becomes disconnected on the secondary, both FortiGate devices will elect itself the primary because when heartbeat communication fails, all cluster members think they are the primary unit (condition referred to as Split Brain) https://docs.fortinet.com/document/fortigate/6.4.0/best-practices/493254/heartbeat-interfaces

質問 # 79
Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

• A. The initiator provided remote as its IPsec peer ID.
• B. The remote gateway IP address is 10.0.0.1.
• C. It shows a phase 1 negotiation.
• D. The negotiation is using AES128 encryption with CBC hash.

正解：A、C

質問 # 80
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. port 7 is used the HA heartbeat on all devices in the cluster.
• B. The slave configuration is not synchronized with the master.
• C. The HA management IP is 169.254.0.2.
• D. Master is selected because it is the only device in the cluster.

正解：A、B

質問 # 81
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. The local router has not established a TCP session with 100.64.3.1.
• B. Since the counters were last reset; the 10.200.3.1 peer has never been down.
• C. The local router's BGP state is Established with the 10.125.0.60 peer.
• D. The local router has received a total of three BGP prefixes from all peers.

正解：A、C

質問 # 82
View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Which of the following statements is true regarding this output?

• A. The requested URL belongs to category ID 255.
• B. FortiGate found the requested URL in its local cache.
• C. The server hostname Is training, fortinet.com.
• D. This web request was inspected using the ftgd-allow web filler profile.

正解：B

質問 # 83
Which two statements about OCVPN are true? (Choose two.)

• A. FortiGate devices under different FortiCare accounts can be used to form OCVPN.
• B. OCVPN offers only Hub-Spoke VPNs.
• C. OCVPN supports static and dynamic IPs in WAN interface.
• D. Only root vdom supports OCVPN.

正解：C、D

質問 # 84
......

NSE7_EFW-7.0問題集はNSE 7 Network Security Architect認証済み試験問題と解答：https://www.jpntest.com/shiken/NSE7_EFW-7.0-mondaishu