New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE7_EFW-7.0 Fortinet NSE 7 - Enterprise Firewall 7.0 Exam Practice Test

Page: 1 / 16
Total 163 questions

Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Question 1

Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."

What does the log mean?

Options:

A.

There is not enough available memory in the system to create a new entry in the NAT port table.

B.

The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.

C.

FortiGate does not have any available NAT port for a new connection.

D.

The limit for the maximum number of entries in the NAT port table has been reached.

Question 2

Refer to exhibit, which contains the output of a BGP debug command.

Question # 2

Which statement explains why the state of the 10.200.3.1 peer is Connect?

Options:

A.

The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.

B.

The TCP session to 10.200.3.1 has not completed the three-way handshake.

C.

The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.

D.

The local router has received the BGP prefixes from the remote peer.

Question 3

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

Options:

A.

FortiGate first checks the OSPF ID to elect a DR.

B.

Non-DR and non-BDR routers will form full adjacencies to DR and BDR only.

C.

BDR is responsible for forwarding link state information from one router to another.

D.

Only the DR receives link state information from non-DR routers.

Question 4

An administrator is running the following sniffer in a FortiGate:

diagnose sniffer packet any “host 10.0.2.10” 2

What information is included in the output of the sniffer? (Choose two.)

Options:

A.

Ethernet headers.

B.

IP payload.

C.

IP headers.

D.

Port names.

Question 5

Refer to the exhibit, which shows the output of a BGP debug command.

Question # 5

What can be concluded about the router in this scenario?

Options:

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.

B.

The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Question 6

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Question # 6

Why didn’t the tunnel come up?

Options:

A.

IKE mode configuration is not enabled in the remote IPsec gateway.

B.

The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.

C.

The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.

D.

One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Question 7

Refer to the exhibit, which contains the output of the diagnose vpn tunnel list.

Which command will capture ESP traffic for the VPN named DialUp_0?

Options:

A.

diagnose sniffer packet any ‘esp and host 10.200.3.2’

B.

diagnose sniffer packet any ‘ip proto 50’

C.

diagnose sniffer packet any ‘host 10.0.10.10’

D.

diagnose sniffer packet any ‘port 4500’

Question 8

Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.

Question # 8

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

Options:

A.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

B.

The session would remain in the session table, and its traffic would egress from port2.

C.

The session would be deleted, and the client would need to start a new session.

D.

The session would remain in the session table, and its traffic would egress from port1.

Question 9

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Question # 9

What statements are correct regarding the output? (Choose two.)

Options:

A.

This is an expected session created by a session helper.

B.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

C.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

D.

This is an expected session created by an application control profile.

Question 10

Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Question # 10

Which statement is true regarding the session in the exhibit?

Options:

A.

It was created by the FortiGate kernel to allow push updates from FotiGuard.

B.

It is for management traffic terminating at the FortiGate.

C.

It is for traffic originated from the FortiGate.

D.

It was created by a session helper or ALG.

Question 11

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

B.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

C.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

D.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

Question 12

View the global IPS configuration, and then answer the question below.

Question # 12

Which of the following statements is true regarding this configuration?

Options:

A.

IPS will scan every byte in every session.

B.

FortiGate will spawn IPS engine instances based on the system load.

C.

New packets will be passed through without inspection if the IPS socket buffer runs out of memory.

D.

IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Question 13

Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Question # 13

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

Options:

A.

The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

B.

The TCP session for the BGP connection to 10.200.3.1 is down.

C.

The local peer has received the BGP prefixed from the remote peer.

D.

The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Question 14

Refer to the exhibit, which shows a partial web filter profile configuration.

Question # 14

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

Options:

A.

FortiGate will block the connection, based on the FortiGuard category based filter configuration.

B.

FortiGate will block the connection as an invalid URL.

C.

FortiGate will exempt the connection, based on the Web Content Filter configuration.

D.

FortiGate will allow the connection, based on the URL Filter configuration.

Question 15

What is the purpose of an internal segmentation firewall (ISFW)?

Options:

A.

It inspects incoming traffic to protect services in the corporate DMZ.

B.

It is the first line of defense at the network perimeter.

C.

It splits the network into multiple security segments to minimize the impact of breaches.

D.

It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Question 16

Refer to the exhibit, which shows the output of a debug command.

Question # 16

Which two statements about the output are true? (Choose two.)

Options:

A.

In the network connected to port 4, two OSPF routers are down.

B.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.

C.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.

D.

There are a total of 5 OSPF routers attached to the Port4 network segment.

Question 17

Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

Options:

A.

When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.

B.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

C.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

D.

When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.

Question 18

Examine the partial output from two web filter debug commands; then answer the question below:

Question # 18

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

Options:

A.

Finance and banking

B.

General organization.

C.

Business.

D.

Information technology.

Question 19

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Question # 19

Which statements are true regarding the output in the exhibit? (Choose two.)

Options:

A.

FortiGate will probe 121.111.236.179 every fifteen minutes for a response.

B.

Servers with the D flag are considered to be down.

C.

Servers with a negative TZ value are experiencing a service outage.

D.

FortiGate used 209.222.147.3 as the initial server to validate its contract.

Question 20

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Question # 20

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

The local router's BGP state is Established with the 10.125.0.60 peer.

B.

Since the counters were last reset; the 10.200.3.1 peer has never been down.

C.

The local router has received a total of three BGP prefixes from all peers.

D.

The local router has not established a TCP session with 100.64.3.1.

Question 21

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

Options:

A.

Primary unit stops sending HA heartbeat keepalives.

B.

The FortiGuard license for the primary unit is updated.

C.

One of the monitored interfaces in the primary unit is disconnected.

D.

A secondary unit is removed from the HA cluster.

Question 22

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

Options:

A.

TCP half open.

B.

TCP half close.

C.

TCP time wait.

D.

TCP session time to live.

Question 23

What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?

Options:

A.

The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.

B.

The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.

C.

The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.

D.

Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.

Question 24

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

Question # 24

What should the administrator check to fix the problem?

Options:

A.

The connectivity between the FortiGate unit and the DNS server.

B.

The connectivity between the client workstations and the DNS server.

C.

That DNS traffic from client workstations is allowed by the explicit web proxy policies.

D.

That DNS service is enabled in the explicit web proxy interface.

Page: 1 / 16
Total 163 questions