CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

NSE 7 Network Security Architect NSE7_EFW-7.0 Exam Dumps

Page: 2 / 6
Total 163 questions
Get NSE7_EFW-7.0 Full Access Download NSE7_EFW-7.0 PDF

Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Question 5

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

Options:

A.

The remote gateway IP address is 10.0.0.1.

B.

The initiator provided remote as its IPsec peer ID.

C.

It shows a phase 1 negotiation.

D.

The negotiation is using AES128 encryption with CBC hash.

Question 6

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

For the peer 10.125.0.60, the BGP state of is Established.

B.

The local BGP peer has received a total of three BGP prefixes.

C.

Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

D.

The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Question 7

View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

Options:

A.

The session would remain in the session table, and its traffic would still egress from port1.

B.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C.

The session would remain in the session table, and its traffic would start to egress from port2.

D.

The session would be deleted, so the client would need to start a new session.

Question 8

What is the purpose of an internal segmentation firewall (ISFW)?

Options:

A.

It inspects incoming traffic to protect services in the corporate DMZ.

B.

It is the first line of defense at the network perimeter.

C.

It splits the network into multiple security segments to minimize the impact of breaches.

D.

It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Page: 2 / 6
Total 163 questions
Get NSE7_EFW-7.0 Full Access Download NSE7_EFW-7.0 PDF