New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Fortinet NSE7_EFW-7.0 Fortinet NSE 7 - Enterprise Firewall 7.0 Exam Practice Test

Page: 1 / 16
Total 163 questions

Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which two statements about the Security Fabric are true? (Choose two.)

Options:

A.

Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer.

B.

Only the root FortiGate sends logs to FortiAnalyzer.

C.

Only FortiGate devices with fabric-object-unification set to default will receive and synchronize global CMDB objects sent by the root FortiGate.

D.

FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.

Question 2

Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

Options:

A.

This session cannot be synced with the slave unit.

B.

The inspection of this session has been offloaded to the slave unit.

C.

The master unit is processing this traffic.

D.

This session is for HA heartbeat traffic.

Question 3

Refer to the exhibit, which shows a partial web filter profile configuration.

Which action will FortiGate take if a user attempts to access which is categorized as File Sharing and Storage?

Options:

A.

FortiGate will block the connection, based on the FortiGuard category based filter configuration.

B.

FortiGate will block the connection as an invalid URL.

C.

FortiGate will exempt the connection, based on the Web Content Filter configuration.

D.

FortiGate will allow the connection, based on the URL Filter configuration.

Question 4

Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

Options:

A.

IPS failopen

B.

mem failopen

C.

AV failopen

D.

UTM failopen

Question 5

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

Options:

A.

In the network connected to port 4, two OSPF routers are down.

B.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.

C.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.

D.

There are a total of 5 OSPF routers attached to the Port4 network segment.

Question 6

View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

Options:

A.

It is currently in system conserve mode because of high CPU usage.

B.

It is currently in FD conserve mode.

C.

It is currently in kernel conserve mode because of high memory usage.

D.

It is currently in system conserve mode because of high memory usage.

Question 7

Refer to the exhibit, which contains the output of a debug command.

If the default settings are in place, what can be concluded about the conserve mode shown in the exhibit?

Options:

A.

FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings due to high memory use.

B.

FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.

C.

FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.

D.

FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.

Question 8

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

Options:

A.

Reduce the session time to live.

B.

Increase the TCP session timers.

C.

Increase the FortiGuard cache time to live.

D.

Reduce the maximum file size to inspect.

Question 9

View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

Options:

A.

10.0.1.240

B.

One of the public FortiGuard distribution servers

C.

10.0.1.244

D.

10.0.1.242

Question 10

Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

Options:

A.

It was created by the FortiGate kernel to allow push updates from FotiGuard.

B.

It is for management traffic terminating at the FortiGate.

C.

It is for traffic originated from the FortiGate.

D.

It was created by a session helper or ALG.

Question 11

View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate’s inspection of this session?

Options:

A.

FortiGate applied proxy-based inspection.

B.

FortiGate forwarded this session without any inspection.

C.

FortiGate applied flow-based inspection.

D.

FortiGate applied explicit proxy-based inspection.

Question 12

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

Options:

A.

HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

B.

Redirection of HTTP to HTTPS administrative access is disabled.

C.

HTTP administrative access is configured with a port number different than 80.

D.

The packet is denied because of reverse path forwarding check.

Question 13

Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

Options:

A.

Number of packets that didn’t match the sniffer filter.

B.

Number of total packets dropped by the FortiGate.

C.

Number of packets that matched the sniffer filter and were dropped by the FortiGate.

D.

Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Question 14

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:

diagnose debug application ike-1

diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

Options:

A.

Phase1; IKE mode configuration; XAuth; phase 2.

B.

Phase1; XAuth; IKE mode configuration; phase2.

C.

Phase1; XAuth; phase 2; IKE mode configuration.

D.

Phase1; IKE mode configuration; phase 2; XAuth.

Question 15

An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.

If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

Options:

A.

diagnose sniffer packet any ‘ah’

B.

diagnose sniffer packet any ‘ip proto 50’

C.

diagnose sniffer packet any ‘udp port 4500’

D.

diagnose sniffer packet any ‘udp port 500’

Question 16

Which statement about NGFW policy-based application filtering is true?

Options:

A.

After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

B.

The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

C.

After IPS identifies the application, it adds an entry to a dynamic ISDB table.

D.

FortiGate will drop all packets until the application can be identified.

Question 17

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

The local router's BGP state is Established with the 10.125.0.60 peer.

B.

Since the counters were last reset; the 10.200.3.1 peer has never been down.

C.

The local router has received a total of three BGP prefixes from all peers.

D.

The local router has not established a TCP session with 100.64.3.1.

Question 18

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?

Options:

A.

auto-discovery-shortcut

B.

auto-discovery-forwarder

C.

auto-discovery-sender

D.

auto-discovery-receiver

Question 19

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.

Which statement about this setting is true?

Options:

A.

It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

B.

It sends a link failed signal to all connected devices.

C.

It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.

D.

It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.

Question 20

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

Options:

A.

Neighbor range

B.

Route reflector

C.

Next-hop-self

D.

Neighbor group

Question 21

Refer to the exhibit, which contains a CLI script configuration on FortiManager.

An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed.

What are two reasons why the script did not make any changes to the managed device? (Choose two.)

Options:

A.

Static routes can be added using only TCL scripts.

B.

The commands that start with the # sign did not run.

C.

CLI scripts must start with #!.

D.

Incomplete commands can cause CLI scripts to fail.

Question 22

Refer to the exhibit, which shows the output of a BGP debug command.

What can be concluded about the router in this scenario?

Options:

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.

B.

The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Question 23

View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

Options:

A.

This session is for HA heartbeat traffic.

B.

This session is synced with the slave unit.

C.

The inspection of this session has been offloaded to the slave unit.

D.

This session cannot be synced with the slave unit.

Question 24

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set the priority of the static default route using port1 to 10. Most Voted

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set snat-route-change to enable.

Page: 1 / 16
Total 163 questions