2023年最新ののFortinet NSE7_EFW-6.4問題集PDFNSE7_EFW-6.4最速合格したいならここ
NSE7_EFW-6.4練習試験問題集で99%合格率Fortinet試験合格させます
Fortinet NSE7_EFW-6.4 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
質問 # 21
Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; than answer the question below.
Which statement is true regarding the session in the exhibit?
- A. It was created by a session helper or ALG.
- B. It is for management traffic terminating at the FortiGate.
- C. It is for traffic originated from the FortiGate.
- D. It was created by the FortiGate kernel to allow push updates from FotiGuard.
正解:A
質問 # 22
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
- A. Import policy packages from managed devices.
- B. Install configuration changes to managed devices.
- C. Import interface mappings from managed devices.
- D. Preview pending configuration changes for managed devices.
- E. Add devices to FortiManager.
正解:B、D
解説:
Explanation
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/1200_ins There are 4 main wizards:Add Device: is used to add devices to central management and import their configurations.
Install: is used to install configuration changes from Device Manager or Policies & Objects to the managed devices. It allows you to preview the changes and, if the administrator doesn't agree with the changes, cancel and modify them.
Import policy: is used to import interface mapping, policy database, and objects associated with the managed devices into a policy package under the Policy & Object tab. It runs with the Add Device wizard by default and may be run at any time from the managed device list.
Re-install policy: is used to perform a quick install of the policy package. It doesn't give the ability to preview the changes that will be installed to the managed device.
質問 # 23
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?
- A. mem-failopen
- B. utm-failopen
- C. av-failopen
- D. ips-failopen
正解:C
解説:
Explanation
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Other_Profile_Consideration
質問 # 24
Which two statements about OCVPN are true? (Choose two.)
- A. FortiGate devices under different FortiCare accounts can be used to form OCVPN.
- B. OCVPN supports static and dynamic IPs in WAN interface.
- C. OCVPN offers only Hub-Spoke VPNs.
- D. Only root vdom supports OCVPN.
正解:B、D
解説:
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/977344/one-click-vpn-ocvpn
https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/496884/overlay-controller-vpn-ocvpn
質問 # 25
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the 'diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)
- A. At least one of thestudent's user groups must be allowed by a FortiGate firewall policy.
- B. The student workstation's IP subnet must be listed in the CA's trusted list.
- C. The user student must not be listed in the CA's ignore user list.
- D. The user student must belong to one or more of the monitored user groups.
正解:A、C
解説:
Explanation
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828
質問 # 26
Examine thefollowing partial outputs from two routing debug commands; then answer the question below:
Why the default route using port2 is not displayed in the output of the second command?
- A. It has a lower priority than the default route using port1.
- B. It is disabled in the FortiGate configuration.
- C. It has a higher distance than the default route using port1.
- D. It hasa higher priority than the default route using port1.
正解:C
解説:
Explanation
http://kb.fortinet.com/kb/viewContent.do?externalId=FD32103
質問 # 27
An administrator has configured the following CLIscript on FortiManager, which failed to apply any changes to the managed device after being executed.
Why didn't the script make any changes to the managed device?
- A. Incomplete commands are ignored in CLI scripts.
- B. Static routes can only be added using TCL scripts.
- C. CLI scripts will add objectsonly if they are referenced by policies.
- D. Commands that start with the # sign are not executed.
正解:D
解説:
Explanation
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/2400_Scr A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.
質問 # 28
Examine the following partialoutput from a sniffer command; then answer the question below.
What is the meaning of the packets dropped counter at the end of the sniffer?
- A. Number of total packets dropped by the FortiGate.
- B. Number of packets that matched the sniffer filter and were dropped by the FortiGate.
- C. Number of packets that matched the sniffer filter but could not be captured by the sniffer.
- D. Number of packets that didn't match the sniffer filter.
正解:C
解説:
Explanation
https://kb.fortinet.com/kb/documentLink.do?externalID=11655
質問 # 29
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:
Which statements are true regarding the output in the exhibit? (Choose two.)
- A. BGP peers have successfully interchanged Open and Keepalive messages.
- B. The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
- C. The state of the remote BGP peer is OpenConfirm.
- D. Local BGP peer received a prefix for a default route.
正解:A、D
質問 # 30
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
Why didn't the tunnel come up?
- A. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.
- B. The pre-shared keys do not match.
- C. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.
- D. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.
正解:C
質問 # 31
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?
- A. Diagnose debug application radius -1.
- B. Diagnose authd console -log enable.
- C. Diagnose debug application fnbamd -1.
- D. Diagnose radius console -log enable.
正解:C
解説:
Explanation
https://kb.fortinet.com/kb/documentLink.do?externalID=FD32838
質問 # 32
View the exhibit, which contains theoutput of get sys ha status, and then answer the question below.
Which statements are correct regarding the output? (Choose two.)
- A. port 7 is used the HA heartbeat on all devices in the cluster.
- B. The HA management IP is 169.254.0.2.
- C. The slave configuration is not synchronized with the master.
- D. Master is selected because it is the only device in the cluster.
正解:A、C
質問 # 33
Examine the output of the 'get router info ospf neighbor' command shown in the exhibit; then answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
Refer to the exhibit, which shows the output of a debug command.
Which statement about the output is true?
- A. TheOSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the war. l network.
- B. The local FortiGate is the designated router for the wan1 network.
- C. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.
- D. The interface ToRemote is a point-to-point OSPF network.
正解:D
解説:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-13.html
質問 # 34
Examine the IPsec configuration shown in the exhibit; then answer the question below.
An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?
- A. The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
- B. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.
- C. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.
- D. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
正解:C
質問 # 35
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
- A. Import policy packages from managed devices.
- B. Install configuration changes to managed devices.
- C. Import interface mappings from managed devices.
- D. Preview pending configuration changes for managed devices.
- E. Add devices to FortiManager.
正解:B、D
解説:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/1200_install_to%20devices/0400_Install%20wizard-device%20settings.htm There are 4 main wizards: Add Device: is used to add devices to central management and import their configurations.
Install: is used to install configuration changes from Device Manager or Policies & Objects to the managed devices. It allows you to preview the changes and, if the administrator doesn't agree with the changes, cancel and modify them.
Import policy: is used to import interface mapping, policy database, and objects associated with the managed devices into a policy package under the Policy & Object tab. It runs with the Add Device wizard by default and may be run at any time from the managed device list.
Re-install policy: is used to perform a quick install of the policy package. It doesn't give the ability to preview the changes that will be installed to the managed device.
質問 # 36
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.
Which statement are true regarding the output in the exhibit? (Choose two.)
- A. FortiGate will send the FortiGuard queries to the server with highest weight.
- B. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
- C. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
- D. A server's round trip delay (RTT) is not used to calculate its weight.
正解:A、B
質問 # 37
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?
- A. TCP half close.
- B. TCP time wait.
- C. TCP session time to live.
- D. TCP half open.
正解:D
解説:
http://docs-legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&file=CLI_get_Commands.58.25.html The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACK remains in the table.
The tcp-halfclose-timer controls for how long, after a FIN packet, a session without FIN/ACK remains in the table.
The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in the table. A closed session remains in the session table for a few seconds more to allow any out-of-sequence packet.
質問 # 38
......
Fortinet NSE7_EFW-6.4 認定を取得することの主な利点の一つは、エンタープライズファイアウォールソリューションを設計、実装、管理するために必要な知識とスキルを雇用主やクライアントに示すことができることです。これは、データセキュリティが極めて重要な金融、医療、政府などの産業では特に価値があります。さらに、認定保持者は試験から得た知識を活用して、組織がサイバー脅威を緩和し、データ漏洩のリスクを低減するのに役立てることができます。
最新の検証済みNSE7_EFW-6.4問題と解答で合格保証:https://www.jpntest.com/shiken/NSE7_EFW-6.4-mondaishu