NSE7_EFW-6.4問題集PDFでNSE7_EFW-6.4リアル試験問題解答 [Q11-Q28]

NSE7_EFW-6.4問題集PDFでNSE7_EFW-6.4リアル試験問題解答

時間限定！今すぐ試そうNSE7_EFW-6.4試験 [2022] 問題集でFortinetのPDF問題

質問 11
Examine the partial output fromtwo web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

A. General organization.
B. Information technology.
C. Finance and banking
D. Business.

正解: D

質問 12
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Why didn't the tunnel come up?

A. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
B. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.
C. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
D. IKE mode configuration is not enabled in the remote IPsec gateway.

正解: B

質問 13
View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate's inspection of this session?

A. FortiGate forwarded this session without any inspection.
B. FortiGate applied proxy-based inspection.
C. FortiGate applied flow-based inspection.
D. FortiGate applied explicit proxy-based inspection.

正解: B

解説:
Explanation
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042

質問 14
Refer to exhibit, which contains the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

A. The local router has received the BGP prefixes from the remote peer.
B. The local router is receiving BGP keepalives from theremote peer, but the local peer has not received the OpenConfirm yet.
C. The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.
D. The TCP session to 10.200.3.1 has not completed the 3-way handshake.

正解: D

解説:
Explanation
BGP neighbor states and how they change:* Idle: Initial state* Connect: Waiting for a successful three-way TCP connection* Active: Unable to establish the TCP session* OpenSent: Waiting for an OPEN message from the peer* OpenConfirm: Waiting for the keepalive message from the peer* Established: Peers have successfully exchanged OPEN and keepalive messages

質問 15
Which two statements about an auxiliary session are true? (Choose two.)

A. With the auxiliary session disabled, only auxiliary sessions will be offloaded.
B. With the auxiliary session setting enabled, two sessions will be created in case of routing change.
C. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
D. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.

正解: A,D

質問 16
Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

A. The local router has not established a TCP session with 100.64.3.1.
B. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
C. The local router has received a total of three BGP prefixes from all peers.
D. Since the counters were last reset, the 10.200.3.1 peer has never been down.

正解: A

質問 17
View the exhibit, which contains the output of a real-time debug, and then answer the question below.

Which of the following statements is true regarding this output? (Choose two.)

A. The web request was allowed by FortiGate.
B. FortiGate found the requested URL in its local cache.
C. The requested URL belongs to category ID 52.
D. This web request was inspected using the root web filter profile.

正解: B,C

質問 18
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted." What does the log mean?

A. There is not enough available memory in the system to create a new entry inthe NAT port table.
B. FortiGate does not have any available NAT port for a new connection.
C. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
D. The limit for the maximum number of entries in the NAT port table has been reached.

正解: C

質問 19
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

A. Phase1; XAuth; IKE mode configuration; phase2.
B. Phase1; IKE mode configuration; phase 2; XAuth.
C. Phase1; XAuth; phase 2; IKE mode configuration.
D. Phase1; IKE mode configuration; XAuth; phase 2.

正解: A

解説:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet_Processing.htm

質問 20
Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

A. The initiator provided remote as its IPsec peer ID.
B. It shows a phase 1 negotiation.
C. The remote gateway IP address is 10.0.0.1.
D. The negotiation is using AES128 encryption with CBC hash.

正解: A,B

質問 21
View the exhibit, which contains the output of a diagnose command, and the answer the question below.

Which statements are true regarding the Weight value?

A. Its initial value is calculated based on the round trip delay (RTT).
B. Its initial value is statically set to 10.
C. It determines which FortiGuard server is used for license validation.
D. Its value is incremented with each packet lost.

正解: D

質問 22
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

A. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
B. FortiGate limits the total number of simultaneous explicit web proxy users.
C. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.
D. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

正解: B

解説:
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/web_proxy.htm#Explicit2 The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higher than the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

質問 23
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

A. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
B. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
D. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.

正解: A,B

解説:
CLI scripts can be run in three different ways: Device Database: By default, a script is executed on the device database. It is recommend you run the changes on the device database (default setting), as this allows you to check what configuration changes you will send to the managed device. Once scripts are run on the device database, you can install these changes to a managed device using the installation wizard.
Policy Package, ADOM database: If a script contains changes related to ADOM level objects and policies, you can change the default selection to run on Policy Package, ADOM database and can then be installed using the installation wizard.
Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don't need to install these changes using the installation wizard. As the changes are directly installed on the managed device, no option is provided to verify and check the configuration changes through FortiManager prior to executing it.

質問 24
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

A. auto-discovery-shortcut
B. auto-discovery-forwarder
C. auto-discovery-receiver
D. auto-discovery-sender

正解: B

質問 25
Examine the output of the 'get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

A. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
B. The local BGP peer has received a total of 3 BGP prefixes.
C. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
D. BGP state of the peer 10.125.0.60 is Established.

正解: A,D

質問 26
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

A. diagnose sniffer packet any 'udp port 500 or udp port 4500'
B. diagnose sniffer packet any 'udp port 4500'
C. diagnose sniffer packet any 'esp'
D. diagnose sniffer packet any 'udp port 500'

正解: C

解説:
Capture IKE Traffic without NAT: diagnose sniffer packet 'host and udp port 500' -------------------------------------- Capture ESP Traffic without NAT: diagnose sniffer packet any 'host and esp' -------------------------------------- Capture IKE and ESP with NAT-T: diagnose sniffer packet any 'host and (udp port 500 or udp port 4500)'

質問 27
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

A. That DNS service is enabled in the explicit web proxy interface.
B. The connectivity between the FortiGate unit and the DNS server.
C. The connectivity between the client workstations and the DNS server.
D. That DNS traffic from client workstations is allowed by the explicit web proxy policies.

正解: B

質問 28
......

NSE7_EFW-6.4プレミアム試験エンジンとPDFダウンロード：https://www.jpntest.com/shiken/NSE7_EFW-6.4-mondaishu