NSE7_EFW-7.0 PDFで合格させるスゴ問題集でNSE7_EFW-7.0最新のリアル試験問題 [Q18-Q33]

NSE7_EFW-7.0 PDFで合格させるスゴ問題集でNSE7_EFW-7.0最新のリアル試験問題

有効なNSE7_EFW-7.0テスト解答NSE7_EFW-7.0試験PDF問題を試そう

Fortinet NSE7_EFW-7.0の試験は、高度なファイアウォールポリシー、仮想化、高い可用性、IPsec VPN、SSL VPN、Webフィルタリングなど、幅広いテーマをカバーしている。参加者はまた、ネットワークセキュリティ設計原則、トラブルシューティング技術、およびFortinetのエンタープライズファイアウォール技術の実装および管理のためのベストプラクティスについても学ぶ。試験は、候補者のネットワークセキュリティの知識を実際のシナリオに適用する能力をテストするよう設計されており、潜在的な雇用主に実用的なスキルを証明するための優れた方法となっている。

質問 # 18
Which of the following statements are correct regarding application layer test commands? (Choose two.)

A. Some of them display statistics and configuration information about a feature or process.
B. Some of them can be used to restart an application.
C. They display real-time application debugs.
D. They are used to filter real-time debugs.

正解：A、B

解説：
Application layer test commands don't display info in real time, but they do show statistics and configuration info about a feature or process. You can also use some of these commands to restart a process or execute a change in its operation.

質問 # 19
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website.
The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

A. The connectivity between the FortiGate unit and the DNS server.
B. That DNS service is enabled in the explicit web proxy interface.
C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
D. The connectivity between the client workstations and the DNS server.

正解：A

質問 # 20
View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate's inspection of this session?

A. FortiGate applied explicit proxy-based inspection.
B. FortiGate applied proxy-based inspection.
C. FortiGate applied flow-based inspection.
D. FortiGate forwarded this session without any inspection.

正解：B

解説：
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042

質問 # 21
Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?

A. The administrator must increase webfilter-timeout.
B. The administrator must disable webfilter-force-off.
C. The administrator must enable fortiguard-anycast.
D. The administrator must change protocol to TCP.

正解：C

質問 # 22
Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

A. FortiGate first checks the OSPF ID to elect a DR.
B. Non-DR and non-BDR routers form full adjacencies to DR only.
C. Only the DR receives link state information from non-DR routers.
D. Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.

正解：D

解説：
Some special IP multicast addresses are reserved for OSPF: 224.0.0.5: All OSPF routers must be able to transmit and listen to this address. 224.0.0.6: All DR and BDR routers must be able to transmit and listen to this address. https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html

質問 # 23
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

A. Hub2Spoke1 is configured on interface wan2.
B. Hub2Spoke1 is a policy-based VPN.
C. Phase 2 authentication is set to sha1 on both sides.
D. Anti-replay is disabled.

正解：A、C

質問 # 24
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

A. The FortiGuard web filter cache is disabled in the FortiGate's configuration.
B. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.
C. There are no users making web requests.
D. The administrator has reallocated the cache memory to a separate process.

正解：A

質問 # 25
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

A. Install configuration changes to managed devices.
B. Preview pending configuration changes for managed devices.
C. Add devices to FortiManager.
D. Import interface mappings from managed devices.
E. Import policy packages from managed devices.

正解：A、B

質問 # 26
View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

A. It is currently in FD conserve mode.
B. It is currently in system conserve mode because of high CPU usage.
C. It is currently in system conserve mode because of high memory usage.
D. It is currently in kernel conserve mode because of high memory usage.

正解：C

質問 # 27
Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

A. The remote gateway IP is 10.200.5.1.
B. Anti-replay is enabled.
C. The remote gateway has quick mode selectors containing a destination subnet of 10.1.2.0/24.
D. DPD is disabled.

正解：B、C

解説：
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 427, 444
Since the local subnet is 10.1.2.0/24, the remote gateway has the destination subnet as 10.1.2.0. The remote gateway IP is 10.200.4.1. DPD is enabled (dpd-link=on)

質問 # 28
Refer to exhibit, which contains the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

A. The local router has received the BGP prefixes from the remote peer.
B. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.
C. The TCP session to 10.200.3.1 has not completed the three-way handshake.
D. The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.

正解：C

質問 # 29
Examine the following partial output from two system debug commands; then answer the question below.

Which of the following statements are true regarding the above outputs? (Choose two.)

A. The unit is in kernel conserve mode
B. The Cached value is always the Active value plus the Inactive value
C. Kernel indirectly accesses the low memory (LowTotal) through memory paging
D. The unit is running a 32-bit FortiOS

正解：B、D

質問 # 30
Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?

A. Increase webfilter-timeout.
B. Enable fortiguard-anycast.
C. Change protocol to TCP.
D. Disable webfilter-force-off.

正解：D

質問 # 31
The CLI command set intelligent-mode <enable | disable> controls the IPS engine's adaptive scanning behavior .
Which of the following statements describes IPS adaptive scanning?

A. Downloads signatures on demand from FDS based on scanning requirements.
B. Choose a matching algorithm based on available memory and the type of inspection being performed.
C. Determines the optimal number of IPS engines required based on system load.
D. Determines when it is secure enough to stop scanning session traffic.

正解：D

質問 # 32
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)