[2024年最新] 最高のNSE7_EFW-7.0試験問題集を使って実際の試験問題と解答を解こう [Q74-Q90]

[2024年最新] 最高のNSE7_EFW-7.0試験問題集を使って- 実際の試験問題と解答を解こう

テストエンジンを練習してNSE7_EFW-7.0テスト問題

Fortinet NSE7_EFW-7.0の試験は、高度なファイアウォールポリシー、仮想化、高い可用性、IPsec VPN、SSL VPN、Webフィルタリングなど、幅広いテーマをカバーしている。参加者はまた、ネットワークセキュリティ設計原則、トラブルシューティング技術、およびFortinetのエンタープライズファイアウォール技術の実装および管理のためのベストプラクティスについても学ぶ。試験は、候補者のネットワークセキュリティの知識を実際のシナリオに適用する能力をテストするよう設計されており、潜在的な雇用主に実用的なスキルを証明するための優れた方法となっている。

 

質問 # 74
Examine the following routing table and BGP configuration; then answer the question below.

The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24 .
Which configuration change will make the local peer advertise this prefix?

• A. Enable the setting ebgp-multipath.
• B. Disable the setting network-import-check.
• C. Enable the redistribution of static routers into BGP.
• D. Enable the redistribution of connected routers into BGP.

正解：B

質問 # 75
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

• A. The connectivity between the FortiGate unit and the DNS server.
• B. That DNS service is enabled in the explicit web proxy interface.
• C. The connectivity between the client workstations and the DNS server.
• D. That DNS traffic from client workstations is allowed by the explicit web proxy policies.

正解：A

質問 # 76
Examine the following partial output from two system debug commands; then answer the question below.


Which of the following statements are true regarding the above outputs? (Choose two.)

• A. Kernel indirectly accesses the low memory (LowTotal) through memory paging
• B. The Cached value is always the Active value plus the Inactive value
• C. The unit is running a 32-bit FortiOS
• D. The unit is in kernel conserve mode

正解：B、C

質問 # 77
What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

• A. OSPF IP MTUs match.
• B. OSPF peer IDs match.
• C. OSPF costs match.
• D. Hello and dead intervals match.
• E. IP addresses are in the same subnet.

正解：A、D、E

質問 # 78
An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

• A. diagnose sniffer packet any 'udp port 4500'
• B. diagnose sniffer packet any 'ah'
• C. diagnose sniffer packet any 'ip proto 50'
• D. diagnose sniffer packet any 'udp port 500'

正解：C

解説：
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p. 443 Phase 2 : ESP => IP protocol 50 This command will capture any packets that use the IP protocol number 50, which is ESP (Encapsulating Security Payload). ESP is used to encrypt and authenticate the phase 2 traffic between two FortiGate devices1.

質問 # 79
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. The local router has received a total of three BGP prefixes from all peers.
• B. The local router's BGP state is Established with the 10.125.0.60 peer.
• C. Since the counters were last reset; the 10.200.3.1 peer has never been down.
• D. The local router has not established a TCP session with 100.64.3.1.

正解：B、D

質問 # 80
View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

• A. 10.0.1.244
• B. 10.0.1.242
• C. 10.0.1.240
• D. One of the public FortiGuard distribution servers

正解：D

質問 # 81
Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

• A. The port1 default route has a lower distance than the default route using port2.
• B. The port2 interface is disabled in the FortiGate configuration.
• C. The port1 default route has a lower priority value than the default route using port2.
• D. The port1 default route has a higher priority value than the default route using port2.

正解：A

質問 # 82
View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

• A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
• B. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.
• C. It is an ICMP session from 10.1.10.10 to 10.200.5.1.
• D. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.

正解：C

質問 # 83
Refer to the exhibit, which contains a TCL script configuration on FortiManager.
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.

Why did the TCL script fail to make any changes to the managed device?

• A. Incomplete commands are ignored in TCL scripts.
• B. The TCL command run_cmd has not been created.
• C. Changes to an interface configuration can be made only by a CLI script.
• D. The TCL script must start with tinclude <>.

正解：B

解説：
https://docs.fortinet.com/document/fortimanager/7.2.2/administration-guide/914165/tcl-scripts

質問 # 84
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. The state of the remote BGP peer is OpenConfirm.
• B. Local BGP peer received a prefix for a default route.
• C. The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
• D. BGP peers have successfully interchanged Open and Keepalive messages.

正解：B、D

質問 # 85
Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

• A. It was created by a session helper or ALG.
• B. It is for management traffic terminating at the FortiGate.
• C. It is for traffic originated from the FortiGate.
• D. It was created by the FortiGate kernel to allow push updates from FotiGuard.

正解：A

質問 # 86
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn't the script make any changes to the managed device?

• A. Incomplete commands are ignored in CLI scripts.
• B. CLI scripts will add objects only if they are referenced by policies.
• C. Commands that start with the # sign are not executed.
• D. Static routes can only be added using TCL scripts.

正解：C

質問 # 87
Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

• A. It was created by a session helper or ALG.
• B. It is for management traffic terminating at the FortiGate.
• C. It is for traffic originated from the FortiGate.
• D. It was created by the FortiGate kernel to allow push updates from FotiGuard.

正解：A

質問 # 88
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

• A. route-reflector-server enable
• B. route-reflector-client enable
• C. route-reflector enable
• D. route-reflector-peer enable

正解：B

解説：
https://docs.fortinet.com/document/fortigate/7.0.11/cli-reference/572620/config-router-bgp set route-reflector-client [enable|disable]

質問 # 89
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

Based on the output, which of the following statements is correct?

• A. Quick mode selectors are disabled.
• B. Anti-reply is enabled.
• C. DPD is disabled.
• D. Remote gateway IP is 10.200.5.1.

正解：B

質問 # 90
......

Fortinet NSE7_EFW-7.0認定は、ネットワークセキュリティの分野で知識とスキルを向上させたいネットワークセキュリティの専門家にとって優れた選択です。この認定は、セキュリティの専門家、ネットワーク管理者、ネットワークエンジニア、およびFortinet製品およびソリューションで働くセキュリティコンサルタントに最適です。この認定は、雇用市場で競争上の優位性を提供し、認定された個人が複雑なネットワークセキュリティソリューションを設計、実装、およびトラブルシューティングする知識とスキルを持っていることを雇用主に実証します。

 

NSE7_EFW-7.0実際の問題アンサーPDFには100%カバー率リアルな試験問題：https://www.jpntest.com/shiken/NSE7_EFW-7.0-mondaishu