NSE7_EFW-7.0試験無料問題集（165題）「Fortinet NSE 7

出題：1

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

A. The connectivity between the client workstations and the DNS server.

B. The connectivity between the FortiGate unit and the DNS server.

C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.

D. That DNS service is enabled in the explicit web proxy interface.

正解：B 解答を投票する

出題：2

An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn't the script make any changes to the managed device?

A. Incomplete commands are ignored in CLI scripts.

B. Commands that start with the # sign are not executed.

C. CLI scripts will add objects only if they are referenced by policies.

D. Static routes can only be added using TCL scripts.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

A. The packet is denied because of reverse path forwarding check.

B. HTTP administrative access is configured with a port number different than 80.

C. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

D. Redirection of HTTP to HTTPS administrative access is disabled.

正解：B,C 解答を投票する

出題：4

Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

A. The master unit is processing this traffic.

B. This session is for HA heartbeat traffic.

C. The inspection of this session has been offloaded to the slave unit.

D. This session cannot be synced with the slave unit.

正解：A 解答を投票する

出題：5

View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

A. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

B. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

C. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

D. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

正解：A,D 解答を投票する

出題：6

Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

A. OSPF router IDs are unique.

B. Authentication settings match.

C. OSPF interface network types match.

D. OSPF interface priority settings are unique.

E. OSPF link costs match.

正解：A,B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

A. set fail-open enable

B. set ips fail-open disable

C. set av-failopen off

D. set av-failopen pass

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

A. Reduce the session time to live.

B. Reduce the maximum file size to inspect.

C. Increase the TCP session timers.

D. Increase the FortiGuard cache time to live.

正解：A,B 解答を投票する

出題：9

An administrator added the following Ipsec VPN to a FortiGate configuration:
configvpn ipsec phasel -interface
edit "RemoteSite"
set type dynamic
set interface "portl"
set mode main
set psksecret ENC LCVkCiK2E2PhVUzZe
next
end
config vpn ipsec phase2-interface
edit "RemoteSite"
set phasel name "RemoteSite"
set proposal 3des-sha256
next
end
However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.