NSE7_EFW-7.0 PDFで合格させるスゴ問題集でNSE7_EFW-7.0最新のリアル試験問題 [Q73-Q97]

NSE7_EFW-7.0 PDFで合格させるスゴ問題集でNSE7_EFW-7.0最新のリアル試験問題

有効なNSE7_EFW-7.0テスト解答NSE7_EFW-7.0試験PDF問題を試そう

質問 # 73
Examine the output from the 'diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A. diagnose sniffer packet any 'port 500'
• B. diagnose sniffer packet any 'host 10.0.10.10'
• C. diagnose sniffer packet any 'esp'
• D. diagnose sniffer packet any 'port 4500'

正解：D

質問 # 74
Which two statements about OCVPN are true? (Choose two.)

• A. FortiGate devices under different FortiCare accounts can be used to form OCVPN.
• B. OCVPN offers only Hub-Spoke VPNs.
• C. OCVPN supports static and dynamic IPs in WAN interface.
• D. Only root vdom supports OCVPN.

正解：C、D

質問 # 75
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the 'diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

• A. The student workstation's IP subnet must be listed in the CA's trusted list.
• B. The user student must belong to one or more of the monitored user groups.
• C. At least one of the student's user groups must be allowed by a FortiGate firewall policy.
• D. The user student must not be listed in the CA's ignore user list.

正解：C、D

解説：
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828

質問 # 76
An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any "host 10.0.2.10" 2
What information is included in the output of the sniffer? (Choose two.)

• A. IP payload.
• B. Ethernet headers.
• C. Port names.
• D. IP headers.

正解：A、D

質問 # 77
A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

• A. One session has the proxy flag on, the other one does not.
• B. One of the sessions has the IP address of port2 as the source IP address.
• C. Both session have the local flag on.
• D. The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.

正解：B、C

質問 # 78
What is the purpose of an internal segmentation firewall (ISFW)?

• A. It inspects incoming traffic to protect services in the corporate DMZ.
• B. It is the first line of defense at the network perimeter.
• C. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.
• D. It splits the network into multiple security segments to minimize the impact of breaches.

正解：D

解説：
ISFW splits your network into multiple security segments. They serve as a breach containers from attacks that come from inside.

質問 # 79
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.

Which statement are true regarding the output in the exhibit? (Choose two.)

• A. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
• B. FortiGate will send the FortiGuard queries to the server with highest weight.
• C. A server's round trip delay (RTT) is not used to calculate its weight.
• D. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.

正解：A、B

質問 # 80
How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

• A. When run on the Device Database, changes are applied directly to the managed FortiGate device.
• B. When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device
• C. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
• D. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

正解：B、C

解説：
CLI scripts can be run in three different ways: Device Database: By default, a script is executed on the device database. It is recommend you run the changes on the device database (default setting), as this allows you to check what configuration changes you will send to the managed device. Once scripts are run on the device database, you can install these changes to a managed device using the installation wizard.
Policy Package, ADOM database: If a script contains changes related to ADOM level objects and policies, you can change the default selection to run on Policy Package, ADOM database and can then be installed using the installation wizard.
Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don't need to install these changes using the installation wizard. As the changes are directly installed on the managed device, no option is provided to verify and check the configuration changes through FortiManager prior to executing it.

質問 # 81
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. Information technology.
• C. General organization.
• D. Business.

正解：D

質問 # 82
What is the diagnose test application ipsmonitor 99 command used for?

• A. To provide information regarding IPS sessions
• B. To enable IPS bypass mode
• C. To disable the IPS engine
• D. To restart all IPS engines and monitors

正解：D

質問 # 83
Refer to the exhibit, which shows a session entry .

Which statement about this session is true?

• A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
• B. It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.
• C. It is an ICMP session from 10.1.10.10 to 10.200.5. 1.
• D. It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

正解：C

質問 # 84
Which two statements about an auxiliary session are true? (Choose two.)

• A. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
• B. With the auxiliary session setting disabled, only auxiliary sessions are offloaded.
• C. With the auxiliary session setting enabled, two sessions are created in case of routing change.
• D. With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session.

正解：A、C

解説：
Reference:
NSE7 Study Guide Chapter 4 , slide "ECMP Accelerated with Auxiliary session"

質問 # 85
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

• A. Anti-replay is enabled.
• B. The npu_flag for this tunnel is 02.
• C. The npu_flag for this tunnel is 03.
• D. Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.

正解：A、C

質問 # 86
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Why didn't the tunnel come up?

• A. IKE mode configuration is not enabled in the remote IPsec gateway.
• B. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
• C. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.
• D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

正解：C

質問 # 87
The logs in a FSSO collector agent (CA) are showing the following error:
failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

• A. The FortiGate cannot resolve the name of the workstation.
• B. The remote registry service is not running in the workstation 192.168.12.232.
• C. The CA cannot reach the FortiGate with the IP address 192.168.12.232.
• D. The CA cannot resolve the name of the workstation.

正解：B

解説：
https://kb.fortinet.com/kb/documentLink.do?externalID=FD30548

質問 # 88
Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

• A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.
• B. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.
• C. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
• D. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

正解：A、C

質問 # 89
The CLI command set intelligent-mode <enable | disable> controls the IPS engine's adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

• A. Downloads signatures on demand from FDS based on scanning requirements.
• B. Choose a matching algorithm based on available memory and the type of inspection being performed.
• C. Determines the optimal number of IPS engines required based on system load.
• D. Determines when it is secure enough to stop scanning session traffic.

正解：D

解説：
Configuring IPS intelligence Starting with FortiOS 5.2, intelligent-mode is a new adaptive detection method. This command is enabled the default and it means that the IPS engine will perform adaptive scanning so that, for some traffic, the FortiGate can quickly finish scanning and offload the traffic to NPU or kernel. It is a balanced method which could cover all known exploits. When disabled, the IPS engine scans every single byte.
config ips global set intelligent-mode {enable|disable} end

質問 # 90
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network .
What HA setting must be changed in one of the HA clusters to fix the problem?

• A. Group name.
• B. Gratuitous ARPs.
• C. Session pickup.
• D. Group ID.

正解：D

質問 # 91
Refer to the exhibit, which shows a partial web filter profile configuration.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

• A. FortiGate will block the connection as an invalid URL.
• B. FortiGate will allow the connection, based on the URL Filter configuration.
• C. FortiGate will block the connection, based on the FortiGuard category based filter configuration.
• D. FortiGate will exempt the connection, based on the Web Content Filter configuration.

正解：C

解説：
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 351 url filter -> FortiGuard Web Filter -> Web Content Filter -> Advanced Filter Options Allow -> Block

質問 # 92
An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

• A. diagnose sniffer packet any 'ah'
• B. diagnose sniffer packet any 'ip proto 50'
• C. diagnose sniffer packet any 'udp port 4500'
• D. diagnose sniffer packet any 'udp port 500'

正解：B

解説：
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p. 443 Phase 2 : ESP => IP protocol 50 This command will capture any packets that use the IP protocol number 50, which is ESP (Encapsulating Security Payload). ESP is used to encrypt and authenticate the phase 2 traffic between two FortiGate devices1.

質問 # 93
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. Master is selected because it is the only device in the cluster.
• B. The HA management IP is 169.254.0.2.
• C. port 7 is used the HA heartbeat on all devices in the cluster.
• D. The slave configuration is not synchronized with the master.

正解：C、D

質問 # 94
View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate's inspection of this session?

• A. FortiGate applied proxy-based inspection.
• B. FortiGate applied explicit proxy-based inspection.
• C. FortiGate forwarded this session without any inspection.
• D. FortiGate applied flow-based inspection.

正解：A

質問 # 95
View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

• A. Both port1 and port2
• B. port3
• C. port2
• D. port1

正解：D

質問 # 96
Which statement about protocol options is true?

• A. Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.
• B. Protocol options allows administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.
• C. Protocol options allows administrators the ability to configure the Any setting for all enabled protocols which provides the most efficient use of system resources.
• D. Protocol options allows administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

正解：D

質問 # 97
......

フォーティネットNSE7_EFW-7.0試験は、データサイエンスにおける知識と熟練度を示すためにIT専門家が受ける価値のある認定である、華為H13-711_V3.0：HCIA-Big Data V3.0です。この認定は、IT専門家がデータサイエンスの専門家の中で目立ち、知識とスキル豊富なプロフェッショナルとして自己を区別するのを支援します。華為H13-711_V3.0認定試験に合格することで、IT専門家は最新のビッグデータ技術とテクニックについて自己を最新に保ち、自分たちの職業に先んじることができます。

 

NSE7_EFW-7.0問題集はあなたの合格を必ず保証します：https://www.jpntest.com/shiken/NSE7_EFW-7.0-mondaishu