[2023年07月20日] 無料NSE 7 Network Security Architect NSE7_SDW-6.4公式認定ガイドPDFダウンロード [Q42-Q67]

[2023年07月20日] 無料NSE 7 Network Security Architect NSE7_SDW-6.4公式認定ガイドPDFダウンロード

Fortinet NSE7_SDW-6.4公式認定ガイドPDF

Fortinet NSE7_SDW-6.4（Fortinet NSE 7 - SD-WAN 6.4）試験は、ITプロフェッショナルの知識とスキルをテストする業界で認められた認定試験であり、FortinetのSD-WANソリューションを展開、設定、管理する能力を評価します。ネットワーク管理者、エンジニア、セキュリティ専門家が対象であり、組織のセキュアなSD-WANソリューションの実装と維持を担当しています。この認定は、候補者が、組織のビジネス要件を満たし、ネットワークのセキュリティと信頼性を確保しながらSD-WANソリューションを設計および展開するために必要な専門知識を持っていることを検証します。

FortinetのNSE7_SDW-6.4認定試験は、クラウド接続性、セキュリティ、サービス品質（QoS）、ルーティング、およびネットワーク管理に関連するトピックをカバーしています。試験は、FortinetのSD-WANソリューションのさまざまなコンポーネント、すなわちFortiGateファイアウォール、FortiManager、およびFortiAnalyzerについてもカバーしています。候補者は、SD-WAN技術に関する深い理解を持っており、その利点、実装のベストプラクティス、およびトラブルシューティング技術を理解していることが期待されています。

Fortinet NSE7_SDW-6.4（Fortinet NSE 7 - SD-WAN 6.4）認定試験は、SD-WAN技術とFortinetソリューションを扱うネットワークおよびセキュリティプロフェッショナル向けの上級レベルの試験です。この試験は、広範囲なトピックをカバーし、セキュアなSD-WANソリューションを設計、実装、および管理する候補者の知識とスキルを試験します。この認定資格は業界で高く評価され、SD-WAN技術とFortinetソリューションのスキルと知識を向上させたいプロフェッショナルに理想的です。

質問 # 42
An administrator is troubleshooting VoIP quality issues that occur when calling external phone numbers The SD-WAN interface on the edge FortiGate is configured with the default settings, and is using two upstream links One link has random jitter and latency issues and is based on a wireless connection Which two actions must the administrator apply simultaneously on the edge FortiGate to improve VoIP quality using SD_WAN rules?

A. Place the troublesome link at the top of the interface preference list.
B. Choose the suitable interface based on the interface cost and weight.
C. Use the performance SLA targets to detect latency and jitter instantly.
D. Select the corresponding SD-WAN balancing strategy in the SD-WAN rule.
E. Configure an SD-WAN rule to load balance all traffic without VoIP.

正解：C、D

質問 # 43
Refer to the exhibit.

Which statement about the trace evaluation by FomGate is true?

A. Packets exceeding the configured concurrent connection limit are dropped based on the priority
B. Packets exceeding the configured maximum concurrent connection limit are denied by the per-IP shaper.
C. The packet exceeded the configured maximum bandwidth and was dropped by the shared shaper.
D. The packet exceeded the configured bandwidth and was dropped based on the priority configuration.

正解：B

解説：
configuration.

質問 # 44
Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two )

A. It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.
B. It provides direct connectivity between all sites by creating on-demand tunnels between spokes.
C. It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links.
D. It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.

正解：A、B

質問 # 45
Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

A. Configure the IKE mode to be aggressive mode.
B. Use different proposals are used between the interfaces.
C. Specify a unique peer ID for each dial-up VPN interface.
D. Use unique Diffie Hellman groups on each VPN interface.

正解：A、C

質問 # 46
Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

A. Set load-balance-mode source-ip-ip-based.
B. Set cost 15.
C. Set priority 10.
D. Set source 100.64.1.1.

正解：D

質問 # 47
Which two statements describe how IPsec phase 1 aggressive mode is different from main mode when performing IKE negotiation? (Choose two)

A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
B. XAuth is enabled as an additional level of authentication, which requires a username and password.
C. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
D. A total of six packets are exchanged between an initiator and a responder instead of three packets.

正解：B、D

質問 # 48
Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

A. Set load-balance-mode source-ip-ip-based.
B. Set source 100.64.1.1.
C. Set cost 15.
D. Set priority 10.

正解：C、D

質問 # 49
Which statement about using BGP routes in SD-WAN is true?

A. VPN topologies must be form using only BGP dynamic routing with SD-WAN
B. Dynamic routing protocols can be used only with non-encrypted traffic
C. Adding static routes must be enabled on all ADVPN interfaces.
D. Learned routes can be used as dynamic destinations in SD-WAN rules

正解：A

質問 # 50
Refer to exhibits.

Exhibit A shows the source NAT global setting and exhibit B shows the routing table on FortiGate.
Based on the exhibits, which two statements about increasing the port2 interface priority to 20 are true? (Choose two.)

A. All the existing sessions will continue to use port2, and new sessions will use port1.
B. All the existing sessions that do not use SNAT will be flushed and routed through port1.
C. All the existing sessions will be blocked from using port1 and port2.
D. All the existing sessions using SNAT will be flushed and routed through port1.

正解：B、D

質問 # 51
What is the purpose of a predefined template on the FortiAnalyzer?

A. It specifies the report layout which contains predefined texts, charts, and macros
B. It can be edited and modified as required
C. It contains predefined data to generate mock reports
D. It specifies report settings which contains time period, device selection, and schedule

正解：A

解説：
FortiAnalyzer 6.4 Study Guide page 197

質問 # 52
Refer to the exhibit.

Based on the exhibit, which two statements about traffic passing through the SD WAN member port2 are true? (Choose two)

A. FortiGate, by default, resets all session routing information after a route change
B. FortiGate flushes all routing information from the session table after a route change
C. FortiGate performs new routing lookups for new packets after a route change
D. FortiGate marks an existing session routing information as persistent

正解：C、D

質問 # 53
Which statement reflects how BGP tags work with SD-WAN rules?

A. BGP tags match the SD-WAN rule based on the order that these rules were installed.
B. BGP tags require that the adding of static routes be enabled on all ADVPN interfaces
C. Route tags are used for a BGP community and the SD-WAN rules are assigned the same tag
D. VPN topologies are formed using only BGP dynamic routing with SD-WAN

正解：D

質問 # 54
Refer to exhibits.
Exhibit A.

Exhibit B.

Exhibit A shows the traffic shaping policy and exhibit B show: the firewall policy FortiGate is not performing traffic shaping as expected basi on the policies shown in the exhibits.
To correct this traffic shaping issue on FortiGate, what configuration change must be made on which policy?

A. The web filter profile must be enabled on the firewall policy
B. The shaper mode must be applied per-IP shaper on the traffic shaping policy
C. The application control profile must be enabled on the firewall policy.
D. The URL category must be specified on the traffic shaping policy

正解：A

質問 # 55
Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

A. Set load-balance-mode source-ip-ip-based.
B. Set cost 15.
C. Set priority 10.
D. Set source 100.64.1.1.

正解：D

質問 # 56
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two)

A. Internet Key Exchange (IKE)
B. Encapsulating Security Payload (ESP)
C. Secure Shell (SSH)
D. Security Association (SA)
E. Transport Layer Security (TLS)

正解：A、B

質問 # 57
What is the lnkmtd process responsible for?

A. Monitoring links for any bandwidth saturation
B. Logging interface quality information
C. Processing performance SLA probes
D. Flushing route tags addresses

正解：A

質問 # 58
Which statement reflects how BGP tags work with SD-WAN rules?

A. BGP tags match the SD-WAN rule based on the order that these rules were installed.
B. BGP tags require that the adding of static routes be enabled on all ADVPN interfaces
C. VPN topologies are formed using only BGP dynamic routing with SD-WAN
D. Route tags are used for a BGP community and the SD-WAN rules are assigned the same tag

正解：D

解説：
SD-WAN 6.4.5 Guide Page 226-227.

質問 # 59
What are the two minimum configuration requirements for an outgoing interface to be selected once the SD-WAN logical interface is enabled? (Choose two )

A. Select SD-WAN balancing strategy.
B. Specify incoming interfaces in SD-WAN rules.
C. Configure SD-WAN rules interface preference.
D. Specify outgoing interface routing cost.

正解：A、C

質問 # 60
Refer to the exhibits.
Exhibit A:

Exhibit B:

Exhibit A shows the SD-WAN rules and exhibit B shows the traffic logs. The SD-WAN traffic logs reflect how FortiGate distributes traffic.
Based on the exhibits, what are two expected behaviors when FortiGate processes SD-WAN traffic? (Choose two.)

A. The Vimeo SD-WAN rule steers Vimeo application traffic among all SD-WAN member interfaces.
B. The first Vimeo session may not match the Vimeo SD-WAN rule because the session is used for the application learning phase.
C. SD-WAN rules are evaluated in the same way as firewall policies: from top to bottom.
D. The implicit rule overrides all other rules because parameters widely cover sources and destinations.

正解：B、C

質問 # 61
Refer to exhibits.

Exhibit A shows the source NAT global setting and exhibit B shows the routing table on FortiGate.
Based on the exhibits, which two statements about increasing the port2 interface priority to 20 are true? (Choose two.)

A. All the existing sessions will continue to use port2, and new sessions will use port1.
B. All the existing sessions will be blocked from using port1 and port2.
C. All the existing sessions that do not use SNAT will be flushed and routed through port1.
D. All the existing sessions using SNAT will be flushed and routed through port1.

正解：A、D

質問 # 62
What is the lnkmtd process responsible for?

A. Monitoring links for any bandwidth saturation
B. Logging interface quality information
C. Flushing route tags addresses
D. Processing performance SLA probes

正解：D

解説：
SD-WAN 6.4.5 Guide Page 105.

質問 # 63
Refer to exhibits.

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.
The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.
Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

A. The reverse shaper option must be enabled and a traffic shaper must be selected
B. The guaranteed-10mbps option must be selected as the per-IP shaper option
C. A new firewall policy must be created and SD-WAN must be selected as the incoming interface.
D. The guaranteed-10mbps option must be selected as the reverse shaper option.

正解：A

質問 # 64
Refer to exhibits.
Exhibit A.

Exhibit B.

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SO-WAN interface and the static routes configuration.
Port1 and port2 are member interfaces of the SD-WAN, and port2 becomes a dead member after reaching the failure thresholds Which statement about the dead member is correct?

A. Dead members require manual administrator access to bring them back alive
B. Subnets 100 .64.1.0/23 and 172 . 20 . 0. 0/16 are reachable only through port1
C. SD-WAN interface becomes disabled and port1 becomes the WAN interface
D. Port2 might become alive when a single response is received from an SLA server

正解：B

質問 # 65
Refer to the exhibit.

What must you configure to enable ADVPN?

A. The protected subnets should be set to address object to all (0.0.0.0/0).
B. On the hub VPN, only the device needs additional phase one settings.
C. ADVPN should only be enabled on unmanaged FortiGate devices.
D. Each VPN device has a unique pre-shared key configured separately on phase one.

正解：D

解説：
Explanation/Reference:

質問 # 66
Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)