Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list FSSO logons-IP: 192.168.3.1 User: STUDENT Groups:
TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?
A. The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
B. The reserve DNS lookup forthe IP address 192.168.3.1.
C. The IP address recorded in the logon event for the user STUDENT.
D. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2.
TRAINING. LAB.
正解:D
質問 2:
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0- 0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0- 0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.- 10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2,
[10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?
A. port2.
B. port!
C. Both portl and port2.
D. port3.
正解:A
質問 3:
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)
A. Increase the FortiGuard cache time to live.
B. Increase the TCP session timers.
C. Reduce the maximum file size to inspect.
D. Reduce the session time to live.
正解:C,D
質問 4:
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.
Which one of the following statements explains why the cache statistics are all zeros?
A. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.
B. There are no users making web requests.
C. The FortiGuard web filter cache is disabled in the FortiGate's configuration.
D. The administrator has reallocated the cache memory to a separate process.
正解:A
質問 5:
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
A. Neighbor group
B. Next-hop-self
C. Neighbor range
D. Route reflector
正解:D
質問 6:
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.
Why didn't the script make any changes to the managed device?
A. Commands that start with the # sign are not executed.
B. Incomplete commands are ignored in CLI scripts.
C. Static routes can only be added using TCL scripts.
D. CLI scripts will add objects only if they are referenced by policies.
正解:D
Ichikawa -
NSE7噛み砕いてイメージをさせてくれたり、どこを重視するのかわかりやすくわたしには合った本でした。勉強のコツが嬉しい内容でPass4Testブレイクしつつなるほどな、と思ったり。