An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?
A. TCP half close.
B. TCP session time to live.
C. TCP time wait.
D. TCP half open.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?
A. The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.
B. Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.
C. The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.
D. The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following statements are correct regarding application layer test commands? (Choose two.)
A. Some of them display statistics and configuration information about a feature or process.
B. They display real-time application debugs.
C. They are used to filter real-time debugs.
D. Some of them can be used to restart an application.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.
Based on the output, which of the following statements is correct?
A. Anti-reply is enabled.
B. Remote gateway IP is 10.200.5.1.
C. DPD is disabled.
D. Quick mode selectors are disabled.
正解:A
質問 5:
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?
A. Sends a link failed signal to all connected devices.
B. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
C. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
D. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
正解:B
質問 6:
An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?
A. diagnose sniffer packet any 'udp port 4500'
B. diagnose sniffer packet any 'udp port 500'
C. diagnose sniffer packet any 'ah'
D. diagnose sniffer packet any 'ip proto 50'
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Refer to the exhibit, which shows a partial web filter profile configuration.
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?
A. FortiGate will exempt the connection, based on the Web Content Filter configuration.
B. FortiGate will block the connection, based on the FortiGuard category based filter configuration.
C. FortiGate will block the connection as an invalid URL.
D. FortiGate will allow the connection, based on the URL Filter configuration.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.
Which statement are true regarding the output in the exhibit? (Choose two.)
A. A server's round trip delay (RTT) is not used to calculate its weight.
B. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
C. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
D. FortiGate will send the FortiGuard queries to the server with highest weight.
正解:C,D
つち** -
NSE7_EFW-7.0の内容は問題数も増えた感じで内容も充実しているし、早速勉強していきたいと思います!