Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 60certs

Fortinet NSE7_EFW-7.0 Dumps

Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Question 1

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?

Options:

A.

auto-discovery-shortcut

B.

auto-discovery-forwarder

C.

auto-discovery-sender

D.

auto-discovery-receiver

Question 2

Refer to the exhibit, which shows a session entry. Which statement about this session is true?

Options:

A.

It is an ICMP session from 10.1.10.10 to 10.200.5. 1.

B.

It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

Question 3

View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

Options:

A.

Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

B.

Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

C.

Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

D.

Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

Question 4

Refer to the exhibit, which shows the output of a BGP debug command.

What can be concluded about the router in this scenario?

Options:

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.

B.

The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Question 5

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

Options:

A.

The remote gateway IP address is 10.0.0.1.

B.

The initiator provided remote as its IPsec peer ID.

C.

It shows a phase 1 negotiation.

D.

The negotiation is using AES128 encryption with CBC hash.

Question 6

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

For the peer 10.125.0.60, the BGP state of is Established.

B.

The local BGP peer has received a total of three BGP prefixes.

C.

Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

D.

The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Question 7

View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

Options:

A.

The session would remain in the session table, and its traffic would still egress from port1.

B.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C.

The session would remain in the session table, and its traffic would start to egress from port2.

D.

The session would be deleted, so the client would need to start a new session.

Question 8

What is the purpose of an internal segmentation firewall (ISFW)?

Options:

A.

It inspects incoming traffic to protect services in the corporate DMZ.

B.

It is the first line of defense at the network perimeter.

C.

It splits the network into multiple security segments to minimize the impact of breaches.

D.

It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Question 9

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

Options:

A.

The connectivity between the FortiGate unit and the DNS server.

B.

The connectivity between the client workstations and the DNS server.

C.

That DNS traffic from client workstations is allowed by the explicit web proxy policies.

D.

That DNS service is enabled in the explicit web proxy interface.

Question 10

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

Options:

A.

FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

B.

FortiGate limits the total number of simultaneous explicit web proxy users.

C.

FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator

D.

FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

Question 11

Refer to the exhibit, which shows a central management configuration.

Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage?

Options:

A.

Public FortiGuard servers

B.

10.0.1.243

C.

10.0.1.242

D.

10.0.1.244

Question 12

View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.

Which action will FortiGate take if a user attempts to access which is categorized as File Sharing and Storage?

Options:

A.

FortiGate will exempt the connection based on the Web Content Filter configuration.

B.

FortiGate will block the connection based on the URL Filter configuration.

C.

FortiGate will allow the connection based on the FortiGuard category based filter configuration.

D.

FortiGate will block the connection as an invalid URL.

Question 13

Which statement about memory conserve mode is true?

Options:

A.

A FortiGate exits conserve mode when the configured memory use threshold reaches yellow.

B.

A FortiGate starts dropping all the new and old sessions when the configured memory use threshold reaches extreme.

C.

A FortiGate starts dropping new sessions when the configured memory use threshold reaches red

D.

A FortiGate enters conserve mode when the configured memory use threshold reaches red

Question 14

You have configured FortiManager as a local FDS to provide FortiGate AV and IPS updates, but FortiGate devices are not receiving updates to their AV signature databases, IPS engines, or IPS signature databases.

Which two settings need to be verified for these features to function? (Choose two.)

Options:

A.

FortiGate needs to have the server list entry for FortiManager set to server-type update under config system central-management.

B.

FortiManager needs to be the license validation server for FortiGate devices trying to retrieve updated AV and IPS packages.

C.

Service access needs to be enabled on FortiManager under System Settings > Network.

D.

FortiGate needs to have include-default-servers disabled under config system central-management.

Question 15

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

Options:

A.

Router ID.

B.

OSPF interface area.

C.

OSPF interface cost.

D.

OSPF interface MTU.

E.

Interface subnet mask.

Question 16

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

Options:

A.

Primary unit stops sending HA heartbeat keepalives.

B.

The FortiGuard license for the primary unit is updated.

C.

One of the monitored interfaces in the primary unit is disconnected.

D.

A secondary unit is removed from the HA cluster.

Question 17

View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

Options:

A.

auto-discovery-sender

B.

auto-discovery-forwarder

C.

auto-discovery-shortcut

D.

auto-discovery-receiver

Question 18

Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

Options:

A.

IPS failopen

B.

mem failopen

C.

AV failopen

D.

UTM failopen

Question 19

View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Which of the following statements is true regarding this output?

Options:

A.

The requested URL belongs to category ID 255.

B.

The server hostname Is training, fortinet.com.

C.

FortiGate found the requested URL in its local cache.

D.

This web request was inspected using the ftgd-allow web filler profile.

Question 20

How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

Options:

A.

FortiManager can download and maintain local copies of FortiGuard databases.

B.

FortiManager supports only FortiGuard push to managed devices.

C.

FortiManager will respond to update requests only if they originate from a managed device.

D.

FortiManager does not support rating requests.

Question 21

Examine the following partial output from two system debug commands; then answer the question below.

Which of the following statements are true regarding the above outputs? (Choose two.)

Options:

A.

The unit is running a 32-bit FortiOS

B.

The unit is in kernel conserve mode

C.

The Cached value is always the Active value plus the Inactive value

D.

Kernel indirectly accesses the low memory (LowTotal) through memory paging

Question 22

View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

Based on the output, which of the following statements is correct?

Options:

A.

Anti-reply is enabled.

B.

DPD is disabled.

C.

Quick mode selectors are disabled.

D.

Remote gateway IP is 10.200.5.1.

Question 23

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

Options:

A.

Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

B.

Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

C.

Sends a link failed signal to all connected devices.

D.

Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

Question 24

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

Options:

A.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

B.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

C.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

D.

When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device