ホームページ / NSE7_EFW-6.4 問題集  / NSE7_EFW-6.4 問題練習

Fortinet NSE7_EFW-6.4 問題練習

Fortinet NSE 7 - Enterprise Firewall 6.4 試験

最新更新時間: 2022/07/31,合計40問。

八月キャンペーン割引特典:NSE7_EFW-6.4 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。


さらに試験準備時間の35%を節約するには、NSE7_EFW-6.4 問題集を使用してください。

 / 3

Question No : 1
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

NAT-T is enabled. natt: mode=silentProtocol ESP is used. ESP is encapsulated in UDP port 4500 when NAT-T is enabled.

Question No : 2
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

CLI scripts can be run in three different ways:Device Database: By default, a script is executed on the device database. It is recommend you run the changes on the device database (default setting), as this allows you to check what configuration changes you will send to the managed device. Once scripts are run on the device database, you can install these changes to a managed device using the installation wizard.
Policy Package, ADOM database: If a script contains changes related to ADOM level objects andpolicies, you can change the default selection to run on Policy Package, ADOM database and can then be installed using the installation wizard.
Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don’t need to install these changes using the installation wizard. As the changes are directly installed on the managed device, no option is provided to verify and check the configuration changes through FortiManager prior to executing it.

Question No : 3
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.
The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?


Question No : 4
Refer to the exhibit, which contains partial output from an IKE real-time debug.

Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?


Question No : 5
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higher than the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

Question No : 6
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site


Question No : 7
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

diagnose debug crashlog read
2014-08-05 13:03:53 proxy=acceptor service=imap session fail mode=activated276: 2014-08-05 13:03:53 proxy=acceptor service=ftp session fail mode=activated277: 2014-08-05 13:03:53 proxy=acceptor service=nntp session fail mode=activated278: 2014-08-06 11:05:47 service=kernel conserve=on free=”45034 pages” red=”45874 pages” msg=”Kernel279: 2014-08-06 11:05:47 enters conserve mode”280: 2014-08-06 13:07:16 service=kernel conserve=exit free=”86704 pages” green=”68811 pages”281: 2014-08-06 13:07:16 msg=”Kernel leaves conserve mode”282: 2014-08-06 13:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201283: 2014-08-06 13:07:16 marginexit=302

Question No : 8
Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?


Question No : 9
View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)


Question No : 10
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.

Which statement are true regarding the output in the exhibit? (Choose two.)


Question No : 11
A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP .
Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)


Question No : 12
Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)


Question No : 13
Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

A configured static route only goes to routing table from routing database when all the following are met:
✑ The outgoing interface is up
✑ There is no other matching route with a lower distance
✑ The link health monitor (if configured) is successful
✑ The next-hop IP address belongs to one of the outgoing interface subnets

Question No : 14
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?


Question No : 15
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

Capture IKE Traffic without NAT:diagnose sniffer packet ‘host and udp port 500’―――――――――――――――――――――――――――――――――――――-Capture ESP Traffic without NAT:diagnose sniffer packet any ‘host and esp’―――――――――――――――――――――――――――――――――――――-Capture IKE and ESP with NAT-T:diagnose sniffer packet any ‘host and (udp port 500 or udp port 4500)’

 / 3