[2023年04月]更新のNSE7_EFW-7.0認定実際の問題を提供します
更新されたのはNSE7_EFW-7.0問題集PDFでNSE7_EFW-7.0リアル有効なブレーン問題集には165問があります!
Fortinet NSE7_EFW-7.0試験は、ネットワークセキュリティの専門家を対象とした認定試験です。この試験は、エンタープライズネットワークをサイバー脅威から保護するために設計されたセキュリティソリューションであるFortinet NSE 7 - Enterprise Firewall 7.0に関する候補者のスキルと知識を検証することを目的としています。この試験に合格することは、Fortinet NSE 7認定を取得したい専門家にとって必須の要件です。
Fortinet NSE 7 - Enterprise Firewall 7.0試験またはNSE7_EFW-7.0は、サイバーセキュリティソリューションの主要なプロバイダであるFortinetが提供する認定試験です。この試験は、Fortinetのエンタープライズレベルファイアウォールを展開、設定、管理するネットワークセキュリティ専門家の知識とスキルをテストするように設計されています。この認定は、組織のネットワークのセキュリティを確保するためのセキュリティポリシーとベストプラクティスの設計と実装において専門知識を証明したい専門家に最適です。
質問 # 12
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.
Why didn't the tunnel come up?
- A. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
- B. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
- C. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.
- D. IKE mode configuration is not enabled in the remote IPsec gateway.
正解:C
質問 # 13
Examine the following routing table and BGP configuration; then answer the question below.
The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24 .
Which configuration change will make the local peer advertise this prefix?
- A. Enable the redistribution of connected routers into BGP.
- B. Enable the setting ebgp-multipath.
- C. Disable the setting network-import-check.
- D. Enable the redistribution of static routers into BGP.
正解:C
質問 # 14
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.
Based on the output, which of the following statements is correct?
- A. Remote gateway IP is 10.200.5.1.
- B. Quick mode selectors are disabled.
- C. Anti-reply is enabled.
- D. DPD is disabled.
正解:C
質問 # 15
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
Why didn't the tunnel come up?
- A. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.
- B. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.
- C. The pre-shared keys do not match.
- D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.
正解:B
質問 # 16
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
- A. FortiManager does not support rating requests.
- B. FortiManager can download and maintain local copies of FortiGuard databases.
- C. FortiManager supports only FortiGuard push to managed devices.
- D. FortiManager will respond to update requests only if they originate from a managed device.
正解:B
質問 # 17
View the central management configuration shown in the exhibit, and then answer the question below.
Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
- A. 10.0.1.244
- B. 10.0.1.242
- C. One of the public FortiGuard distribution servers
- D. 10.0.1.240
正解:C
質問 # 18
Refer to exhibit, which contains the output of a BGP debug command.
Which statement explains why the state of the 10.200.3.1 peer is Connect?
- A. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.
- B. The local router has received the BGP prefixes from the remote peer.
- C. The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.
- D. The TCP session to 10.200.3.1 has not completed the three-way handshake.
正解:D
解説:
BGP neighbor states and how they change: * Idle: Initial state * Connect: Waiting for a successful three-way TCP connection * Active: Unable to establish the TCP session * OpenSent: Waiting for an OPEN message from the peer * OpenConfirm: Waiting for the keepalive message from the peer * Established: Peers have successfully exchanged OPEN and keepalive messages
質問 # 19
View these partial outputs from two routing debug commands:
Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
- A. port2
- B. port3
- C. port1
- D. Both port1 and port2
正解:C
質問 # 20
Examine the following routing table and BGP configuration; then answer the question below.
TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24 .
Which configuration change will make the local peer advertise this prefix?
- A. Enable the redistribution of connected routers into BGP.
- B. Enable the setting ebgp-multipath.
- C. Disable the setting network-import-check.
- D. Enable the redistribution of static routers into BGP.
正解:C
質問 # 21
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network .
What HA setting must be changed in one of the HA clusters to fix the problem?
- A. Session pickup.
- B. Gratuitous ARPs.
- C. Group name.
- D. Group ID.
正解:D
質問 # 22
An administrator has enabled HA session synchronization in a HA cluster with two members .
Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?
- A. dirty.
- B. nds.
- C. synced
- D. redir.
正解:C
質問 # 23
Refer to the exhibit, which shows the output of a BGP debug command.
Which statement explains why the state of the 10.200.3.1 peer is Connect?
- A. The local router initiated the BGP session to 10.200.3.1 but did not receive a response.
- B. The router 10.200.3.1 has authentication configured for BGP and the local router does not.
- C. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the openConfirm yet.
- D. The local router has a different AS number than the remote peer.
正解:A
質問 # 24
Which two statements about an auxiliary session are true? (Choose two.)
- A. With the auxiliary session setting enabled, two sessions are created in case of routing change.
- B. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
- C. With the auxiliary session setting disabled, only auxiliary sessions are offloaded.
- D. With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session.
正解:A、B
解説:
Reference:
NSE7 Study Guide Chapter 4 , slide "ECMP Accelerated with Auxiliary session"
質問 # 25
Refer to the exhibit, which contains the partial output of a diagnose command.
Based on the output, which two statements are correct? (Choose two.)
- A. Quick mode selectors are disabled.
- B. Remote gateway IP is 10.200.4.1.
- C. Anti-replay is enabled.
- D. DPD is disabled.
正解:B、C
質問 # 26
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)
- A. SIP ALG can create expected sessions for media traffic; SIP helper does not.
- B. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
- C. SIP ALG supports SIP HA failover; SIP helper does not.
- D. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.
- E. SIP ALG supports SIP over IPv6; SIP helper does not.
正解:B、C、E
質問 # 27
Refer to the exhibit, which contains a CLI script configuration on FortiManager.
An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed.
What are two reasons why the script did not make any changes to the managed device? (Choose two.)
- A. CLI scripts must start with #!.
- B. Incomplete commands can cause CLI scripts to fail.
- C. Static routes can be added using only TCL scripts.
- D. The commands that start with the # sign did not run.
正解:B、D
解説:
ref CLI scripts do not include Tool Command Language (Tcl) commands, and the first line of the script is not "#!" as it is for Tcl scripts. https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1000_Device%20Manager/2400_Scripts/1000_Script%20samples/0200_CLI%20scripts+.htm
質問 # 28
The logs in a FSSO collector agent (CA) are showing the following error:
failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?
- A. The remote registry service is not running in the workstation 192.168.12.232.
- B. The CA cannot reach the FortiGate with the IP address 192.168.12.232.
- C. The FortiGate cannot resolve the name of the workstation.
- D. The CA cannot resolve the name of the workstation.
正解:A
質問 # 29
View the exhibit, which contains a partial routing table, and then answer the question below.
Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)
- A. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.
- B. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.
- C. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.
- D. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.
正解:B、C
質問 # 30
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.
Which of the following statements about the exhibit are true? (Choose two.)
- A. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.
- B. For the peer 10.125.0.60, the BGP state of is Established.
- C. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.
- D. The local BGP peer has received a total of three BGP prefixes.
正解:B、C
質問 # 31
Examine the output of the 'get router info ospf interface' command shown in the exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
- A. Two OSPF routers are down in the port4 network.
- B. There are at least 5 OSPF routers connected to the port4 network.
- C. The local FortiGate has been elected as the OSPF backup designated router.
- D. The port4 interface is connected to the OSPF backbone area.
正解:B、D
質問 # 32
Examine the following partial outputs from two routing debug commands; then answer the question below:
Why the default route using port2 is not displayed in the output of the second command?
- A. It has a higher distance than the default route using port1.
- B. It has a lower priority than the default route using port1.
- C. It is disabled in the FortiGate configuration.
- D. It has a higher priority than the default route using port1.
正解:A
質問 # 33
Refer to the exhibit, which contains a TCL script configuration on FortiManager.
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.
Why did the TCL script fail to make any changes to the managed device?
- A. Incomplete commands are ignored in TCL scripts.
- B. The TCL command run_cmd has not been created.
- C. The TCL script must start with tinclude <>.
- D. Changes to an interface configuration can be made only by a CLI script.
正解:B
解説:
https://docs.fortinet.com/document/fortimanager/7.2.2/administration-guide/914165/tcl-scripts
質問 # 34
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Why did the tunnel not come up?
- A. The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway.
- B. The encapsulation method for phase 2 is set to none on local and remote gateways.
- C. The proposal ID does not match between local and remote gateways.
- D. The Diffie-Hellman group does not match on the local and remote gateways.
正解:A
解説:
local gateway: encryption AES-128, hash SHA remote gateway: encryption AES-256, hash SHA-256 So local gateway has less secure settings
質問 # 35
......
Fortinet NSE7_EFW-7.0試験は、企業用ファイアウォール試験の最新バージョンであり、Fortinetの企業用ファイアウォールを扱うITプロフェッショナルにとって必須のトピックをカバーしています。この試験は、ファイアウォールポリシー、VPN、SSL検査、ネットワークアドレス変換などの分野で、候補者の知識やスキルをテストします。試験に合格することで、候補者はFortinetの企業用ファイアウォールを設定、管理、トラブルシューティングする方法について深い理解を示すことができます。
あなたをお手軽にNSE7_EFW-7.0試験合格させるし100%試験合格保証:https://www.jpntest.com/shiken/NSE7_EFW-7.0-mondaishu