[2024年04月12日] 手に入れよう！最新NSE7_EFW-7.0認定された有効な試験問題集解答 [Q97-Q114]

[2024年04月12日] 手に入れよう！最新NSE7_EFW-7.0認定された有効な試験問題集解答

100%合格率保証付きの素晴らしいNSE7_EFW-7.0試験問題PDF

質問 # 97
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

• A. The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.
• B. The debug shows only error messages. If there is no output, then the tunnel is operating normally.
• C. The log-filter setting was set incorrectly. The VPN's traffic does not match this filter.
• D. The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

正解：C

質問 # 98
Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

• A. Enable the setting ebgp-multipath.
• B. Enable the redistribution of static routers into BGP.
• C. Enable the redistribution of connected routers into BGP.
• D. Disable the setting network-import-check.

正解：D

質問 # 99
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

• A. The FortiGuard license for the primary unit is updated.
• B. One of the monitored interfaces in the primary unit is disconnected.
• C. Primary unit stops sending HA heartbeat keepalives.
• D. A secondary unit is removed from the HA cluster.

正解：B、C

質問 # 100
View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?

• A. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
• B. The session would be deleted, so the client would need to start a new session.
• C. The session would remain in the session table, and its traffic would still egress from port1.
• D. The session would remain in the session table, and its traffic would start to egress from port2.

正解：C

解説：
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40943

質問 # 101
Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

• A. It has a lower priority value than the default route using port1.
• B. It has a higher distance than the default route using port1.
• C. It is disabled in the FortiGate configuration.
• D. It has a higher priority value than the default route using port1.

正解：B

質問 # 102
Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

• A. The port1 default route has a higher priority value than the default route using port2.
• B. The port2 interface is disabled in the FortiGate configuration.
• C. The port1 default route has a lower distance than the default route using port2.
• D. The port1 default route has a lower priority value than the default route using port2.

正解：C

質問 # 103
View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

• A. port2
• B. port3
• C. Both port1 and port2
• D. port1

正解：D

質問 # 104
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

• A. All the sessions in the session table are TCP sessions.
• B. There are 0 ephemeral sessions.
• C. No sessions have been deleted because of memory pages exhaustion.
• D. There are 166 TCP sessions waiting to complete the three-way handshake.

正解：B、C

質問 # 105
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

• A. port!
• B. port3.
• C. port2.
• D. Both portl and port2.

正解：C

質問 # 106
Examine the following routing table and BGP configuration; then answer the question below.

The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24 .
Which configuration change will make the local peer advertise this prefix?

• A. Enable the setting ebgp-multipath.
• B. Enable the redistribution of static routers into BGP.
• C. Enable the redistribution of connected routers into BGP.
• D. Disable the setting network-import-check.

正解：D

質問 # 107
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

• A. System entering to and leaving from the proxy conserve mode.
• B. A process crash.
• C. Configuration changes.
• D. Changes in the status of any of the FortiGuard licenses.

正解：A、B

解説：
diagnose debug crashlog read
275: 2014-08-05 13:03:53 proxy=acceptor service=imap session fail mode=activated 276: 2014-08-05 13:03:53 proxy=acceptor service=ftp session fail mode=activated 277: 2014-08-05 13:03:53 proxy=acceptor service=nntp session fail mode=activated 278: 2014-08-06 11:05:47 service=kernel conserve=on free="45034 pages" red="45874 pages" msg="Kernel 279: 2014-08-06 11:05:47 enters conserve mode" 280: 2014-08-06 13:07:16 service=kernel conserve=exit free="86704 pages" green="68811 pages" 281: 2014-08-06 13:07:16 msg="Kernel leaves conserve mode" 282: 2014-08-06 13:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201 283: 2014-08-06 13:07:16 marginexit=302

質問 # 108
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. The state of the remote BGP peer is OpenConfirm.
• B. BGP peers have successfully interchanged Open and Keepalive messages.
• C. The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
• D. Local BGP peer received a prefix for a default route.

正解：B、D

質問 # 109
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

• A. Importing interface mappings from managed devices
• B. Installing configuration changes to managed devices
• C. Adding devices to FortiManager
• D. Previewing pending configuration changes for managed devices

正解：B、D

質問 # 110
Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

• A. The inspection of this session has been offloaded to the slave unit.
• B. The master unit is processing this traffic.
• C. This session cannot be synced with the slave unit.
• D. This session is for HA heartbeat traffic.

正解：B

質問 # 111
Refer to the exhibit, which shows a partial routing table.

Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)

• A. Source IPaddress: 10.72.3.52. Destination IP address: 10.1.0.254
• B. Source IPaddress: 10.73.9.10, Destination IPaddress: 10.72.3.15
• C. Source IPaddress: 10.10.4.24, Destination IPaddress: 10.72.3.20
• D. Source IP address: 10.1.0.10. Destination IP address: 10.64.1.52

正解：A、D

質問 # 112
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the 'diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems .
What should the administrator check? (Choose two.)

• A. The student workstation's IP subnet must be listed in the CA's trusted list.
• B. At least one of the student's user groups must be allowed by a FortiGate firewall policy.
• C. The user student must not be listed in the CA's ignore user list.
• D. The user student must belong to one or more of the monitored user groups.

正解：C、D

質問 # 113
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

• A. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
• B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
• C. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
• D. Sends a link failed signal to all connected devices.

正解：C

質問 # 114
......

無料NSE7_EFW-7.0別格な問題集をダウンロード：https://www.jpntest.com/shiken/NSE7_EFW-7.0-mondaishu