NSE7 試験問題を無料オンラインアクセス

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list FSSO logons-IP: 192.168.3.1 User: STUDENT Groups:
TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

• A.The IP address recorded in the logon event for the user STUDENT.
• B.The reserve DNS lookup forthe IP address 192.168.3.1.
• C.The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
• D.The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2.
  TRAINING. LAB.

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?

• A.The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
• B.The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.
• C.The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
• D.The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.

An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

• A.diagnose sniffer packet any 'esp'
• B.diagnose sniffer packet any 'udp port 500 or udp port 4500'
• C.diagnose sniffer packet any 'udp port 500'
• D.diagnose sniffer packet any 'udp port 4500'

What does the dirty flag mean in a FortiGate session?

• A.Traffic has been blocked by the antivirus inspection.
• B.The next packet must be re-evaluated against the firewall policies.
• C.The session must be removed from the former primary unit after an HA failover.
• D.Traffic has been identified as from an application that is not allowed.

Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

• A.Number of packets that didn't match the sniffer filter.
• B.Number of packets that matched the sniffer filter but could not be captured by the sniffer.
• C.Number of total packets dropped by the FortiGate.
• D.Number of packets that matched the sniffer filter and were dropped by the FortiGate.