Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

NSE7_EFW-7.0 Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Questions 4

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

Options:

A.

TCP half open.

B.

TCP half close.

C.

TCP time wait.

D.

TCP session time to live.

Buy Now
Questions 5

View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Which of the following statements is true regarding this output?

Options:

A.

The requested URL belongs to category ID 255.

B.

The server hostname Is training, fortinet.com.

C.

FortiGate found the requested URL in its local cache.

D.

This web request was inspected using the ftgd-allow web filler profile.

Buy Now
Questions 6

A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the ‘diagnose debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

Options:

A.

The user student must not be listed in the CA’s ignore user list.

B.

The user student must belong to one or more of the monitored user groups.

C.

The student workstation’s IP subnet must be listed in the CA’s trusted list.

D.

At least one of the student’s user groups must be allowed by a FortiGate firewall policy.

Buy Now
Questions 7

View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

Options:

A.

The slave configuration is not synchronized with the master.

B.

The HA management IP is 169.254.0.2.

C.

Master is selected because it is the only device in the cluster.

D.

port 7 is used the HA heartbeat on all devices in the cluster.

Buy Now
Questions 8

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

Options:

A.

In the phase 1 network configuration, set the IKE version to 2.

B.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

C.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

D.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

Buy Now
Questions 9

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn’t the tunnel come up?

Options:

A.

The pre-shared keys do not match.

B.

The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.

C.

The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.

D.

The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Buy Now
Questions 10

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

B.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

C.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

D.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

Buy Now
Questions 11

A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

Options:

A.

The session would be deleted, and the client would need to start a new session.

B.

The session would remain in the session table, and its traffic would start to egress from port2.

C.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

D.

The session would remain in the session table, and its traffic would still egress from port1.

Buy Now
Questions 12

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

In the network on port4, two OSPF routers are down.

B.

Port4 is connected to the OSPF backbone area.

C.

The local FortiGate’s OSPF router ID is 0.0.0.4

D.

The local FortiGate has been elected as the OSPF backup designated router.

Buy Now
Questions 13

Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

Options:

A.

set av-failopen off

B.

set av-failopen pass

C.

set fail-open enable

D.

set ips fail-open disable

Buy Now
Questions 14

Refer to the exhibit, which shows a partial routing table.

Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)

Options:

A.

Source IP address: 10.1.0.10. Destination IP address: 10.64.1.52

B.

Source IPaddress: 10.72.3.52. Destination IP address: 10.1.0.254

C.

Source IPaddress: 10.10.4.24, Destination IPaddress: 10.72.3.20

D.

Source IPaddress: 10.73.9.10, Destination IPaddress: 10.72.3.15

Buy Now
Questions 15

Refer to the exhibit, which shows the output of a diagnose command.

What can you conclude from the output shown in the exhibit? (Choose two.)

Options:

A.

This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate.

B.

This is an expected session created by the IPS engine.

C.

Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.

D.

Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.

Buy Now
Questions 16

What does the dirty flag mean in a FortiGate session?

Options:

A.

Traffic has been blocked by the antivirus inspection.

B.

The next packet must be re-evaluated against the firewall policies.

C.

The session must be removed from the former primary unit after an HA failover.

D.

Traffic has been identified as from an application that is not allowed.

Buy Now
Questions 17

What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

Options:

A.

A process crash.

B.

Configuration changes.

C.

Changes in the status of any of the FortiGuard licenses.

D.

System entering to and leaving from the proxy conserve mode.

Buy Now
Questions 18

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

Options:

A.

It is currently in system conserve mode because of high CPU usage.

B.

It is currently in extreme conserve mode because of high memory usage.

C.

It is currently in proxy conserve mode because of high memory usage.

D.

It is currently in memory conserve mode because of high memory usage.

Buy Now
Questions 19

Examine the following partial outputs from two routing debug commands; then answer the question below.

# get router info kernel

tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.1.254 dev=2(port1)

tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.2.254 dev=3(port2)

tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254

gwy=0.0.0.0 dev=4(port3)

# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2

Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

Options:

A.

port!

B.

port2.

C.

Both portl and port2.

D.

port3.

Buy Now
Questions 20

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:

diagnose vpn ike log-filter src-addr4 10.0.10.1

diagnose debug application ike -1

diagnose debug enable

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?

Options:

A.

The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

B.

The log-filter setting is set incorrectly. The VPN’s traffic does not match this filter.

C.

The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.

D.

The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Buy Now
Questions 21

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

Options:

A.

Phase 2 authentication is set to sha1 on both sides.

B.

Anti-replay is disabled.

C.

Hub2Spoke1 is a policy-based VPN.

D.

Hub2Spoke1 is configured on interface wan2.

Buy Now
Questions 22

Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

Options:

A.

The port4 interface is connected to the OSPF backbone area.

B.

The local FortiGate has been elected as the OSPF backup designated router.

C.

There are at least 5 OSPF routers connected to the port4 network.

D.

Two OSPF routers are down in the port4 network.

Buy Now
Questions 23

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

Options:

A.

Reduce the session time to live.

B.

Increase the TCP session timers.

C.

Increase the FortiGuard cache time to live.

D.

Reduce the maximum file size to inspect.

Buy Now
Questions 24

Refer to the exhibits.

Which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovered that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must administrator make to fix the issue? (Choose two.)

Options:

A.

Use different pre-shared keys on both VPNs

B.

Enable Mode Config on both VPNs.

C.

Set up specific peer IDs on both VPNs.

D.

Change to aggressive mode on both VPNs.

Buy Now
Exam Code: NSE7_EFW-7.0
Exam Name: Fortinet NSE 7 - Enterprise Firewall 7.0
Last Update: Nov 2, 2024
Questions: 163
NSE7_EFW-7.0 pdf

NSE7_EFW-7.0 PDF

$24  $80
NSE7_EFW-7.0 Engine

NSE7_EFW-7.0 Testing Engine

$28.5  $95
NSE7_EFW-7.0 PDF + Engine

NSE7_EFW-7.0 PDF + Testing Engine

$39  $130