2023年更新のNSE 7 Network Security Architectが有効なNSE7_EFW-6.4問題集を無料提供しています [Q14-Q29]

2023年更新のNSE 7 Network Security Architectが有効なNSE7_EFW-6.4問題集を無料提供しています

最新のJPNTest NSE7_EFW-6.4のPDF問題集をダウンロードしちゃおう：https://www.jpntest.com/shiken/NSE7_EFW-6.4-mondaishu（124問題と解答)

質問 # 14
Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

A. Enable the setting ebgp-multipath.
B. Enable the redistribution of static routers into BGP.
C. Disable the setting network-import-check.
D. Enable the redistribution of connected routers into BGP.

正解：C

質問 # 15
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

A. Reduce the maximum file size to inspect.
B. Increase the FortiGuard cache time to live.
C. Increase the TCP session timers.
D. Reduce the session time to live.

正解：A、D

質問 # 16
Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

A. This session is for HA heartbeat traffic.
B. The master unit is processing this traffic.
C. The inspection of this session has been offloaded to the slave unit.
D. This session cannot be synced with the slave unit.

正解：B

質問 # 17
What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

A. OSPF IP MTUs match.
B. IP addressesare in the same subnet.
C. OSPF peer IDs match.
D. OSPF costs match.
E. Hello and dead intervals match.

正解：A、B、E

解説：
Explanation
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-advanced-routing-54/Routing_OSPF/OSPF_Bac

質問 # 18
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

A. auto-discovery-receiver
B. auto-discovery-shortcut
C. auto-discovery-sender
D. auto-discovery-forwarder

正解：D

質問 # 19
Which of the following conditions must be met fora static route to be active in the routing table? (Choose three.)

A. The next-hop IP address is up.
B. The next-hop IP address belongs to one of the outgoing interface subnets.
C. The outgoing interface is up.
D. There is no other route, to the same destination, with a higher distance.
E. The link health monitor (if configured) is up.

正解：B、C、E

解説：
Explanation
A configured static route only goes to routing table from routing database when all the following are met :
* The outgoing interface is up
* There isno other matching route with a lower distance
* The link health monitor (if configured) is successful
* The next-hop IP address belongs to one of the outgoing interface subnets

質問 # 20
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?

A. synced
B. dirty.
C. redir.
D. nds.

正解：A

解説：
The synced sessions have the 'synced' flag. The command 'diag sys session list' can be used to see the sessions on the member, with the associated flags.

質問 # 21
View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A. One of the public FortiGuard distribution servers
B. 10.0.1.240
C. 10.0.1.242
D. 10.0.1.244

正解：A

質問 # 22
View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Which of the following statements is true regarding this output?

A. The requested URL belongs to category ID 255.
B. FortiGate found the requested URL in its local cache.
C. This web request was inspected using the ftgd-allow web filler profile.
D. The server hostname Is training, fortinet.com.

正解：B

質問 # 23
A FortiGate device hasthe following LDAP configuration:

The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?

A. password.
B. dn.
C. cnid.
D. username.

正解：D

解説：
Explanation
https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516

質問 # 24
Refer to the exhibit, which contains partial output from an IKE real-time debug.

Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?

A. auto-discovery-shortcut
B. auto-discovery-sender
C. auto-discovery-forwarder
D. auto-discovery-receiver

正解：D

解説：
Reference:
First the Spoke receives SHORTCUT_OFFER, it respondes with sending shortcut-query. AT the end it receives SHORTCUT_REPLY and creates new dynamic tunnel (H2S_0_0).

質問 # 25
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?

A. synced
B. dirty.
C. redir.
D. nds.

正解：A

解説：
Explanation
The synced sessions have the 'synced' flag. The command 'diag sys session list' can be used to see the sessions on the member, with the associated flags.

質問 # 26
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

A. auto-discovery-receiver
B. auto-discovery-shortcut
C. auto-discovery-sender
D. auto-discovery-forwarder

正解：D

質問 # 27
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.

Which statement are true regarding the output in the exhibit? (Choose two.)

A. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
B. There are three FortiGuard serversthat are not responding to the queries sent by the FortiGate.
C. A server's round trip delay (RTT) is not used to calculate its weight.
D. FortiGate will send the FortiGuard queries to the server withhighest weight.

正解：A、D

質問 # 28
View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route webtraffic from internal users to the Internet?