最新的Fortinet NSE7 Enterprise Firewall - FortiOS 5.4 - NSE7免費考試真題
問題1
A FortiGate device has the following LDAP configuration:
The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?
A FortiGate device has the following LDAP configuration:
The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?
正確答案: C
問題2
View the following FortiGate configuration.
All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?
View the following FortiGate configuration.
All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?
正確答案: A
問題3
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
Why didn't the tunnel come up?
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
Why didn't the tunnel come up?
正確答案: A
問題4
Examine the following partial output from two system debug commands; then answer the question below.
Which of the following statements are true regarding the above outputs? (Choose two.)
Examine the following partial output from two system debug commands; then answer the question below.
Which of the following statements are true regarding the above outputs? (Choose two.)
正確答案: A,C
問題5
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
正確答案: A,B
問題6
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.
The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:
However, the IKE real time debug does not show any output. Why?
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.
The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:
However, the IKE real time debug does not show any output. Why?
正確答案: A
問題7
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0- 0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0- 0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.- 10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2,
[10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0- 0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0- 0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.- 10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2,
[10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?
正確答案: C
問題8
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.
Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.
Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
正確答案: B
問題9
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.
Based on the output, which of the following statements is correct?
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.
Based on the output, which of the following statements is correct?
正確答案: D