NSE7_EFW-7.0試験無料問題集（165題）「Fortinet NSE 7

出題：1

Which statement about NGFW policy-based application filtering is true?

A. The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

B. FortiGate will drop all packets until the application can be identified.

C. After IPS identifies the application, it adds an entry to a dynamic ISDB table.

D. After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

正解：B 解答を投票する

出題：2

Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

A. It has a higher distance than the default route using port1.

B. It has a lower priority value than the default route using port1.

C. It is disabled in the FortiGate configuration.

D. It has a higher priority value than the default route using port1.

正解：A 解答を投票する

出題：3

View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate's inspection of this session?

A. FortiGate applied explicit proxy-based inspection.

B. FortiGate applied proxy-based inspection.

C. FortiGate forwarded this session without any inspection.

D. FortiGate applied flow-based inspection.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3
ipsengine exit log"
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?

A. IPS daemon experienced a crash.

B. IPS engine memory consumption has exceeded the model-specific predefined value.

C. There are communication problems between the IPS engine and the management database.

D. All IPS-related features have been disabled in FortiGate's configuration.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)

A. It caches available firmware updates for unmanaged devices.

B. It can be configured as an update server, a rating server, or both.

C. It provides VM license validation services.

D. It supports rating requests from non-FortiGate devices.

正解：B,C 解答を投票する

出題：6

An administrator added the following Ipsec VPN to a FortiGate configuration:
configvpn ipsec phasel -interface
edit "RemoteSite"
set type dynamic
set interface "portl"
set mode main
set psksecret ENC LCVkCiK2E2PhVUzZe
next
end
config vpn ipsec phase2-interface
edit "RemoteSite"
set phasel name "RemoteSite"
set proposal 3des-sha256
next
end
However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.

What is causing the IPsec problem in the phase 1 ?

A. NAT-T settings do not match

B. The pre-shared key is wrong

C. The phrase-1 mode must be changed to aggressive

D. The incoming IPsec connection is matching the wrong VPN configuration

正解：B 解答を投票する

出題：7

Which two statements about an auxiliary session are true? (Choose two.)

A. With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session.

B. With the auxiliary session setting enabled, two sessions are created in case of routing change.

C. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.

D. With the auxiliary session setting disabled, only auxiliary sessions are offloaded.

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration?

A. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.

B. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

C. IPS will scan every byte in every session.

D. FortiGate will spawn IPS engine instances based on the system load.

正解：C 解答を投票する

出題：9

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

A. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

B. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator

C. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

D. FortiGate limits the total number of simultaneous explicit web proxy users.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

A. The packet is denied because of reverse path forwarding check.

B. HTTP administrative access is configured with a port number different than 80.

C. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

D. Redirection of HTTP to HTTPS administrative access is disabled.

正解：B,C 解答を投票する

NSE7_EFW-7.0試験無料問題集「Fortinet NSE 7 - Enterprise Firewall 7.0 認定」