考题篇(6.2) 02 ❀ 企业防火墙 ❀ Fortinet 网络安全架构师 NSE7

 Refer to the exhibit, which contains the output of a debug command. 〖查看下列图片,其中包含调试命令的输出。〗

  Which two statements about the exhibit are true? (Choose two.)  〖关于上面图片的哪两种说法是正确的?(选择两个)〗

  A. The local FortiGate OSPF router ID is 0.0.0.4. 〖本地FortiGate OSPF路由器ID为0.0.0.4。〗

  B. The local FortiGate is the backup designated router. 〖本地的FortiGate是备份的指定路由器。〗

  C. In the network connected to port4, two OSPF routers are down. 〖日志含义端口4连接的网络中有两台OSPF路由器down。〗

  D. Port4is connected to the OSPF backbone area. 〖port4连接OSPF骨干区域。〗

  【分析】

  【答案】A D

 

 Refer to the exhibit, which contains the output of diagnose sys session stat. 〖查看下列图片,其中包含诊断系统会话stat的输出。〗

  Which two statements about the output shown are correct? (Choose two.)  〖关于输出的哪两个语句是正确的?(选择两个)〗

  A. No sessions have been deleted because of memory pages exhaustion.  〖没有因为内存页耗尽而删除会话。〗

  B. There are 0 ephemeral sessions.  〖有0个临时会话。〗

  C. There are 168 TCP sessions waiting to complete the three-way handshake.  〖有168个TCP会话等待完成三次握手。〗

  D. All the sessions in the session table are TCP sessions. 〖会话表中所有会话都是TCP会话。〗

  【分析】

  FortiGate有一种机制来保护内存使用免受某些形式的DoS攻击。FortiGate将会话表中的条目分类为临时会话,如果该条目是未完全建立的TCP会话(三路握手未完成),或者是只接收到一个包的UDP会话。在一些Dos攻击中。这类会话的数量会不正常地增加,可能会消耗单位内存。FortiGate设置了会话表中可以同时存在的临时会话的最大数量的硬限制。

  【答案】A B

 

 Refer to the exhibit, which contains central management configuration. 〖查看下列图片,其中包含中央管理配置。〗

  Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243is experiencing an outage?〖如果10.0.1.243正在经历停机,FortiGate将选择哪台服务器用于防病毒和IPS更新?〗

  A. 10.0.1.242  

  B. 10.0.1.244  

  C. Public FortiGuard servers  

  D. 10.0.1.240

  【分析】

   你可以在服务器类型设置中定义以下选项:

  ●  rating:Web过滤,反垃圾邮件等等

  ●  update:反病毒、IPS等

  【答案】C

 

 Refer to the exhibit, which contains the output of diagnose sys session list. 〖查看下列图片,其中包含诊断系统会话列表的输出。〗

  If the HA ID for the primary unit is zero (0), which statement about the output is true? 〖如果主单元的HA ID为零(0),关于输出的哪个语句为真?〗

  A. This session cannot be synced with the slave unit.  〖此会话不能与从单元同步。〗

  B. The inspection of this session has been offloaded to the slave unit.  〖这个会话的检查已经卸载到从属单元。〗

  C. The master unit is processing this traffic.  〖主单元正在处理此流量。〗

  D. This session is for HA heartbeat traffic. 〖该会话用于HA心跳流量。〗

  【分析】

  缺省情况下,HA会话同步功能处于关闭状态。如果启用了它,你可以检查主设备的会话表,以查看哪些会话已同步到从设备。他们都有synced标志。如果是所有会话,则ha_id字段显示正在处理该流量的设备的HA成员ID。 

  【答案】C

 

 Refer to the exhibit, which contains the partial output of an IKE real-time debug. 〖查看下列图片,其中包含IKE实时调试的部分输出。〗

  Why did the tunnel not come up?  〖为什么隧道没有上来?〗

  A. The pre-shared keys do not match  〖预共享密钥不匹配〗

  B. The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration.  〖对端网关阶段1配置与本端网关阶段1配置不匹配。〗

  C. The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration.  〖对端网关阶段2配置与本端网关阶段2配置不匹配。〗

  D. The remote gateway is using aggressive mode and the local gateway is configured to use main mode.  〖对端网关配置为野蛮模式,本端网关配置为主模式。〗

  【分析】

 

  【答案】B

 

 An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signalto fix the problem. 〖管理员为HA集群配置了两台FortiGate设备。在测试HA故障转移时,管理员注意到网络中的一些交换机继续将流量发送到前一个主单元。管理员决定启用设置link-failed-signalto修复问题。〗

  Which statement about this command is true?  〖关于这个命令,哪句话是正确的?〗

  A. It forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.  〖它强制前主设备在故障切换发生时关闭所有非心跳接口一秒钟。〗

  B. It disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.  〖故障切换后,关闭所有HA成员的所有非心跳接口2秒。〗

  C. It sends a link failed signal to all connected devices.  〖它向所有连接的设备发送链路故障信号。〗

  D. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.  〖它向所有连接的设备发送ARP报文,表示故障切换后,HA虚拟MAC地址通过新的主服务器可达。〗

  【分析】

  在故障转移之后,新的主机会广播免费ARP包,通知网络,每个虚拟MAC地址现在可以通过不同的交换机端口访问。

  在大多数网络中,这足以让交换机用新信息更新其MAC转发表。然而,一些高端交换机在故障转移后可能不会正确地清除其MAC表。因此,即使在收到免费ARP之后,它们也会继续向前主机发送数据包。在这些情况下,你应该使用set link-faild-signal enable命令强制前主机在故障转移发生时关闭所有非心跳接口1秒钟。这模拟了链路故障,将清除交换机MAC表中的相关条目。

  【答案】A

 

 What does the dirty flag mean in a FortiGate session?  〖在FortiGate会话中dirty标识是什么意思?〗

  A. The session must be removed from the former primary unit after an HA failover.  〖HA故障切换后,该会话必须从原主单元中移除。〗

  B. Traffic has been blocked by the antivirus inspection.  〖流量被反病毒检测阻断。〗

  C. Traffic has been identified as from an application that is not allowed.  〖已识别出来自不允许的应用程序的流量。〗

  D. The next packet must be re-evaluated against the firewall policies. 〖必须根据防火墙策略重新评估下一个数据包。〗

  【分析】

   如果防火墙策略配置发生了变化,那么所有带有may_dirty标志的现有会话也会被标记为dirty。这表明它需要重新评估下一个会话包,以确定会话是否必须被阻止。

  【答案】D

 

 Refer to the exhibit, which contains partial outputs from two routing debug commands.  〖查看下列图片,其中包含两个路由调试命令的部分输出。〗

 

  Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?  〖FortiGate将使用哪个出站接口将内部用户的web流量路由到Internet?〗

  A. port3  

  B. port2  

  C. port1  

  D. Both port1and port2

  【分析】

  port1优先级为0,port2优先级为10,数字越小越优先,所以会走port1。

  【答案】C

 

 Refer to the exhibit, which contains the output of a debug command.  〖查看下列图片,其中包含调试命令的输出。〗

  Which statement about this FortiGate is correct?  〖关于这个FortiGate的说法哪一个是正确的?〗

  A. It is currently in system conserve mode because of high CPU usage.  〖由于CPU使用率高,它目前处于系统节省模式。〗

  B. It is currently in extreme conserve mode because of high memory usage.  〖由于高内存使用量,它目前处于极端节省模式。〗

  C. It is currently in proxy conserve mode because of high memory usage.  〖由于内存使用率高,它目前处于代理保护模式。〗

  D. It is currently in memory conserve mode because of high memory usage.  〖由于内存使用率高,它目前处于内存保护模式。〗

  【分析】

   memory conserve mode: ON 表示进入了内存保护模式

    FortiGate只有一种保护模式。它是根据内存使用情况触发的。你可以在CLl上配置三个内存阈值:

  ●  极端:FortiGate开始删除新的会话的阈值

  ●  红色:FortiGate进入保护模式的阈值

  ●  绿色:FortiGate退出保存模式的阈值

  【答案】D

 

 How does FortiManager handle FortiGate requests from FortiGate devices, when it is configured as a local FDS? 〖当FortiManager被配置为本地FDS时,它如何处理来自FortiGate设备的FortiGate请求?〗

  A. FortiManager will respond to update requests only from a managed device.  〖FortiManager将只响应来自托管设备的更新请求。〗

  B. FortiManager can download and maintain local copies of FortiGuard databases.  〖FortiManager可以下载和维护FortiGuard数据库的本地副本。〗

  C. FortiManager supports only FortiGuard push update to managed devices.  〖FortiManager只支持被管理设备的FortiGuard推送更新。〗

  D. FortiManager does not support web filter rating requests. 〖FortiManager不支持web过滤器评级请求。〗

  【分析】

   FortiManager可以作为本地的FDS。它不断地连接到公共的FDS服务器,以获取管理设备许可证信息并检查固件可用性更新。

  【答案】B

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值