Fortinet NSE7_EFW-6.4 시험

Question No : 1

Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.



Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A.diagnose sniffer packet any ‘port 500’
• B.diagnose sniffer packet any ‘esp’
• C.diagnose sniffer packet any ‘host 10.0.10.10’
• D.diagnose sniffer packet any ‘port 4500’

답을 확인하기

정답:
Explanation:
NAT-T is enabled. natt: mode=silentProtocol ESP is used. ESP is encapsulated in UDP port 4500 when NAT-T is enabled.

Question No : 2

Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

• A.When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
• B.When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
• C.When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
• D.When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

답을 확인하기

정답:
Explanation:
CLI scripts can be run in three different ways:Device Database: By default, a script is executed on the device database. It is recommend you run the changes on the device database (default setting), as this allows you to check what configuration changes you will send to the managed device. Once scripts are run on the device database, you can install these changes to a managed device using the installation wizard.
Policy Package, ADOM database: If a script contains changes related to ADOM level objects andpolicies, you can change the default selection to run on Policy Package, ADOM database and can then be installed using the installation wizard.
Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don’t need to install these changes using the installation wizard. As the changes are directly installed on the managed device, no option is provided to verify and check the configuration changes through FortiManager prior to executing it.

Question No : 3

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.
The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

• A.Phase1; IKE mode configuration; XAuth; phase 2.
• B.Phase1; XAuth; IKE mode configuration; phase2.
• C.Phase1; XAuth; phase 2; IKE mode configuration.
• D.Phase1; IKE mode configuration; phase 2; XAuth.

답을 확인하기

정답:
Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet_Processing.htm

Question No : 4

Refer to the exhibit, which contains partial output from an IKE real-time debug.



Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?

• A.auto-discovery-shortcut
• B.auto-discovery-forwarder
• C.auto-discovery-sender
• D.auto-discovery-receiver

답을 확인하기

정답:
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/320160/example-advpn-configuration

Question No : 5

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

• A.FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.
• B.FortiGate limits the total number of simultaneous explicit web proxy users.
• C.FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
• D.FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

답을 확인하기

정답:
Explanation: https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/web_proxy.htm#Explicit2
The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higher than the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

Question No : 6

Examine the partial output from two web filter debug commands; then answer the question below:



Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A.Finance and banking
• B.General organization.
• C.Business.
• D.Information technology.

답을 확인하기

정답:

Question No : 7

What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

• A.A process crash.
• B.Configuration changes.
• C.Changes in the status of any of the FortiGuard licenses.
• D.System entering to and leaving from the proxy conserve mode.

답을 확인하기

정답:
Explanation:
diagnose debug crashlog read
2014-08-05 13:03:53 proxy=acceptor service=imap session fail mode=activated276: 2014-08-05 13:03:53 proxy=acceptor service=ftp session fail mode=activated277: 2014-08-05 13:03:53 proxy=acceptor service=nntp session fail mode=activated278: 2014-08-06 11:05:47 service=kernel conserve=on free=”45034 pages” red=”45874 pages” msg=”Kernel279: 2014-08-06 11:05:47 enters conserve mode”280: 2014-08-06 13:07:16 service=kernel conserve=exit free=”86704 pages” green=”68811 pages”281: 2014-08-06 13:07:16 msg=”Kernel leaves conserve mode”282: 2014-08-06 13:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201283: 2014-08-06 13:07:16 marginexit=302

Question No : 8

Refer to the exhibit, which shows a FortiGate configuration.



An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?

• A.The administrator must increase webfilter-timeout.
• B.The administrator must disable webfilter-force-off.
• C.The administrator must change protocol to TC
• D.The administrator must enable fortiguard-anycast.

답을 확인하기

정답:

Question No : 9

View the exhibit, which contains the output of a diagnose command, and then answer the question below.



What statements are correct regarding the output? (Choose two.)

• A.This is an expected session created by a session helper.
• B.Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
• C.Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
• D.This is an expected session created by an application control profile.

답을 확인하기

정답:

Question No : 10

Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.



Which statement are true regarding the output in the exhibit? (Choose two.)

• A.There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
• B.The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
• C.FortiGate will send the FortiGuard queries to the server with highest weight.
• D.A server's round trip delay (RTT) is not used to calculate its weight.

답을 확인하기

정답:

Question No : 11

A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP .
Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

• A.Both session have the local flag on.
• B.The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.
• C.One session has the proxy flag on, the other one does not.
• D.One of the sessions has the IP address of port2 as the source IP address.

답을 확인하기

정답:

Question No : 12

Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

• A.It caches available firmware updates for unmanaged devices.
• B.It can be configured as an update server, or a rating server, but not both.
• C.It supports rating requests from both managed and unmanaged devices.
• D.It provides VM license validation services.

답을 확인하기

정답:

Question No : 13

Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

• A.The next-hop IP address is up.
• B.There is no other route, to the same destination, with a higher distance.
• C.The link health monitor (if configured) is up.
• D.The next-hop IP address belongs to one of the outgoing interface subnets.
• E.The outgoing interface is up.

답을 확인하기

정답:
Explanation:
A configured static route only goes to routing table from routing database when all the following are met:
✑ The outgoing interface is up
✑ There is no other matching route with a lower distance
✑ The link health monitor (if configured) is successful
✑ The next-hop IP address belongs to one of the outgoing interface subnets

Question No : 14

Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.



Which IP addresses are included in the output of this command?

• A.Those whose traffic matches a DoS policy.
• B.Those whose traffic matches an IPS sensor.
• C.Those whose traffic exceeded a threshold of a matching DoS policy.
• D.Those whose traffic was detected as an anomaly by an IPS sensor.

답을 확인하기

정답:

Question No : 15

An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

• A.diagnose sniffer packet any ‘udp port 500’
• B.diagnose sniffer packet any ‘udp port 4500’
• C.diagnose sniffer packet any ‘esp’
• D.diagnose sniffer packet any ‘udp port 500 or udp port 4500’

답을 확인하기

정답:
Explanation:
Capture IKE Traffic without NAT:diagnose sniffer packet ‘host and udp port 500’―――――――――――――――――――――――――――――――――――――-Capture ESP Traffic without NAT:diagnose sniffer packet any ‘host and esp’―――――――――――――――――――――――――――――――――――――-Capture IKE and ESP with NAT-T:diagnose sniffer packet any ‘host and (udp port 500 or udp port 4500)’