考题篇(6.2) 04 ❀ 企业防火墙 ❀ Fortinet 网络安全架构师 NSE７

Posted 2021-06-15 meigang2012

 Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)  〖以下哪个事件可以触发HA集群中新的主单元的选举?(选择两个)〗

　　A. One of the monitored interfaces in the primary unit is disconnected. 〖主单元中被监控的接口之一断开。〗

　　B. The FortiGuard license for the primary unit is updated. 〖主单元的FortiGuard license更新。〗

　　C. A secondary unit is removed from the HA cluster. 〖从HA集群中移除从单元。〗

　　D. Primary unit stops sending HA heartbeat keepalives. 〖主单元停止发送HA心跳keepalive。〗

　　【分析】

 

　　【答案】A D

 

 What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)  〖哪些配置更改可以降低FortiGate中的内存利用率?(选择两个)〗

　　A. Reduce the maximum file size to inspect.  〖减少要检查的最大文件大小。〗

　　B. Reduce the session time to live.  〖减少会话时间。〗

　　C. Increase the FortiGuard cache time to live.  〖增加FortiGuard缓存的生存时间。〗

　　D. Increase the TCP session timers. 〖增加TCP会话定时器。〗

　　【分析】

 

　　【答案】A B

 

 Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem? 〖个独立的FortiGate HA集群连接到同一个广播域。管理员报告两个集群使用相同的HA虚拟MAC地址。这将在网络中产生一个重复的MAC地址问题。要解决这个问题，必须在某个HA集群中更改什么HA设置?〗  

　　A. Gratuitous ARPs.  

　　B. Group name.  

　　C. Session pickup.  

　　D. Group ID.  

　　【分析】

 

　　【答案】D

 

 What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.) 〖两台FortiGate设备需要什么条件才能形成OSPF邻接关系?(选择三个)〗

　　A. OSPF IP MTUs match.  

　　B. OSPF peer IDs match.  

　　C. Hello and dead intervals match.  

　　D. OSPF costs match.  

　　E. IP addresses are in the same subnet.  

　　【分析】

 

　　【答案】A C E

 

 View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.  〖查看下列图片，其中包含诊断系统会话统计的输出，然后回答下面的问题。〗

 

　　Which statements are correct regarding the output shown? (Choose two.)  〖对于显示的输出，哪些语句是正确的?(选择两个)〗

　　A. All the sessions in the session table are TCP sessions.  〖会话表中所有会话都是TCP会话。〗

　　B. There are 0 ephemeral sessions.  〖有0个临时会话。〗

　　C. There are 166 TCP sessions waiting to complete the three-way handshake.  〖有166个TCP会话等待完成三次握手。〗

　　D. No sessions have been deleted because of memory pages exhaustion. 〖没有因为内存页耗尽而删除会话。〗

　　【分析】

 

　　【答案】B D

 

 Examine the output of the 'get router info ospf interface' command shown in the exhibit; then answer the question below. 〖查看下列图片中get router info ospf interface命令的输出，然后回答下面的问题。〗

　　Which statements are true regarding the above output? (Choose two.)  〖关于上述输出，哪些陈述是正确的?(选择两个)〗

　　A. The port4 interface is connected to the OSPF backbone area.  〖port4接口连接OSPF骨干区域。〗

　　B. The local FortiGate has been elected as the OSPF backup designated router.  〖日志含义本地FortiGate被选举为OSPF备份指定路由器。〗

　　C. Two OSPF routers are down in the port4 network.  〖日志含义端口4网络中两台OSPF路由器故障。〗

　　D. There are at least 5 OSPF routers connected to the port4 network.  〖端口4网络上至少连接了5台OSPF路由器。〗

　　【分析】

 

　　【答案】A D

 

 Examine the following partial outputs from two routing debug commands; then answer the question below. 〖查看以下两个路由调试命令的部分输出，然后回答下面的问题。〗

　　# get router info kernel  

　　tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0  

　　gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0-  

　　>0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2  

　　prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)  

　　# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254,  

　　port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl  

　　d0.200.2.0/24 is directly connected, port2

　　Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?  〖这个FortiGate将使用哪个或哪些出站接口来将内部用户的web流量路由到Internet?〗

　　A. port3.  

　　B. Both portl and port2.  

　　C. port2.  

　　D. port!

　　【分析】

 

　　【答案】C

 

 What does the dirty flag mean in a FortiGate session?  〖在FortiGate会话中脏标志意味着什么?〗

　　A. The session must be removed from the former primary unit after an HA failover.  〖HA故障切换后，该会话必须从原主单元中移除。〗

　　B. The next packet must be re-evaluated against the firewall policies.  〖必须根据防火墙策略重新评估下一个数据包。〗

　　C. Traffic has been identified as from an application that is not allowed.  〖已识别出来自不允许的应用程序的流量。〗

　　D. Traffic has been blocked by the antivirus inspection. 〖流量被反病毒检测阻断。〗

　　【分析】

 

　　【答案】B

 

 View the exhibit, which contains the output of a BGP debug command, and then answer the question below.  〖查看下列图片，其中包含BGP调试命令的输出，然后回答下面的问题。〗

　　Which of the following statements about the exhibit are true? (Choose two.)  〖下列关于展览的陈述哪一个是正确的?(选择两个)〗

　　A. Since the counters were last reset; the 10.200.3.1 peer has never been down.  〖自从计数器最后一次重置;10.200.3.1 peer从未down过。〗

　　B. The local router's BGP state is Established with the 10.125.0.60 peer.  〖日志含义本地路由器与10.125.0.60邻居的BGP状态建立。〗

　　C. The local router has not established a TCP session with 100.64.3.1.  〖本地路由器没有与100.64.3.1建立TCP会话。〗

　　D. The local router has received a total of three BGP prefixes from all peers.  〖日志含义本路由器从所有对等体接收到三个BGP前缀。〗

　　【分析】

 

　　【答案】B C

 

 View the exhibit, which contains the output of get sys ha status, and then answer the question below.  〖查看下列图片，其中包含get sys ha status的输出，然后回答下面的问题。〗

　　Which statements are correct regarding the output? (Choose two.)  〖关于输出，哪些语句是正确的?(选择两个)〗

　　A. port 7 is used the HA heartbeat on all devices in the cluster.  〖7号端口用于集群内所有设备的HA心跳。〗

　　B. The HA management IP is 169.254.0.2.  〖HA管理IP为169.254.0.2。〗

　　C. The slave configuration is not synchronized with the master.  〖从端配置没有与主端同步。〗

　　D. Master is selected because it is the only device in the cluster.  〖选择Master是因为它是集群中唯一的设备。〗

　　【分析】

 

　　【答案】A C