NSE7_EFW-7.0試験無料問題集（165題）「Fortinet NSE 7

出題：1

Which of the following statements are correct regarding application layer test commands? (Choose two.)

A. Some of them display statistics and configuration information about a feature or process.

B. They display real-time application debugs.

C. Some of them can be used to restart an application.

D. They are used to filter real-time debugs.

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

A. Set the priority of the static default route using port1 to 10. Most Voted

B. Set the priority of the static default route using port2 to 1.

C. Set preserve-session-route to enable.

D. Set snat-route-change to enable.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

A. The FortiGuard license for the primary unit is updated.

B. One of the monitored interfaces in the primary unit is disconnected.

C. A secondary unit is removed from the HA cluster.

D. Primary unit stops sending HA heartbeat keepalives.

正解：B,D 解答を投票する

出題：4

An administrator has been assigned the task of creating a set of firewall policies which must be evaluated before any custom policies defined within the policy packages of managed FortiGate devices, across all 25 ADOMSs in FortiManager.
How should the administrator accomplish this task?

A. Create a header policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this header policy to all other ADOMs.

B. Create a footer policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this footer policy to all other ADOMs.

C. Move the FortiGate devices into a single globally scoped ADOM, and merge policy packages, inserting the new firewall policies at the top.

D. Use a CLI script from the root ADOM on FortiManager to push these new policies to all FortiGate devices, through the FGFM tunnel.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

A. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

B. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

C. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

D. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

正解：A,D 解答を投票する

出題：6

Refer to the exhibits.

Which contain the partial configurations of two VPNs on FortiGate.
An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovered that FortiGate is not matching the user-2 VPN for members of the Users-2 group.
Which two changes must administrator make to fix the issue? (Choose two.)

A. Set up specific peer IDs on both VPNs.

B. Use different pre-shared keys on both VPNs

C. Change to aggressive mode on both VPNs.

D. Enable Mode Config on both VPNs.

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?

A. Change protocol to TCP.

B. Disable webfilter-force-off.

C. Enable fortiguard-anycast.

D. Increase webfilter-timeout.

正解：B 解答を投票する

出題：8

Examine the output of the 'diagnose ips anomaly list' command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

A. Those whose traffic exceeded a threshold of a matching DoS policy.

B. Those whose traffic was detected as an anomaly by an IPS sensor.

C. Those whose traffic matches an IPS sensor.

D. Those whose traffic matches a DoS policy.

正解：D 解答を投票する

出題：9

Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

A. Number of packets that matched the sniffer filter but could not be captured by the sniffer.

B. Number of total packets dropped by the FortiGate.

C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.

D. Number of packets that didn't match the sniffer filter.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

In which two states is a given session categorized as ephemeral? (Choose two.)

A. A UDP session with packets sent and received

B. A TCP session waiting for FIN ACK

C. A UDP session with only one packet received

D. A TCP session waiting for the SYN ACK

正解：C,D 解答を投票する

NSE7_EFW-7.0試験無料問題集「Fortinet NSE 7 - Enterprise Firewall 7.0 認定」