Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

NSE7_EFW-7.0 Questions and Answers

Question # 6

Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

A.

The local router has received a total of three BGP prefixes from all peers.

B.

The local router has not established a TCP session with 100.64.3.1.

C.

Since the counters were last reset, the 10.200.3.1 peer has never been down.

D.

The local router BGP state is OpenConfirm with the 10.127.0.75 peer.

Full Access
Question # 7

View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration?

A.

IPS will scan every byte in every session.

B.

FortiGate will spawn IPS engine instances based on the system load.

C.

New packets will be passed through without inspection if the IPS socket buffer runs out of memory.

D.

IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Full Access
Question # 8

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

A.

This is an expected session created by a session helper.

B.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

C.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

D.

This is an expected session created by an application control profile.

Full Access
Question # 9

Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?

A.

FortiGate uses the CN information from the Subject field in the server certificate.

B.

FortiGate uses the first entry listed in the SAN field in the server certificate.

C.

FortiGate uses the SNI from the user's web browser.

D.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

Full Access
Question # 10

What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?

A.

The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.

B.

The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.

C.

The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.

D.

Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.

Full Access
Question # 11

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands to an SSH session on FortiGate: diagnose vpn ike log-filter dst-addr4 10.0.10.1 diagnose debug application ike -1

However, the IKE real-time debug does not show any output. Why?

A.

The administrator must also run the command diagnose debug enable.

B.

The administrator must enable the following real-time debug: diagnose debug application ipsec -1.

C.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

D.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

Full Access
Question # 12

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Why did the tunnel not come up?

A.

The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway.

B.

The Diffie-Hellman group does not match on the local and remote gateways.

C.

The proposal ID does not match between local and remote gateways.

D.

The encapsulation method for phase 2 is set to none on local and remote gateways.

Full Access
Question # 13

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A.

The local router's BGP state is Established with the 10.125.0.60 peer.

B.

Since the counters were last reset; the 10.200.3.1 peer has never been down.

C.

The local router has received a total of three BGP prefixes from all peers.

D.

The local router has not established a TCP session with 100.64.3.1.

Full Access
Question # 14

Which statement is true regarding File description (FD) conserve mode?

A.

IPS inspection is affected when FortiGate enters FD conserve mode.

B.

A FortiGate enters FD conserve mode when the amount of available description is less than 5%.

C.

FD conserve mode affects all daemons running on the device.

D.

Restarting the WAD process is required to leave FD conserve mode.

Full Access
Question # 15

Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

A.

It was created by the FortiGate kernel to allow push updates from FotiGuard.

B.

It is for management traffic terminating at the FortiGate.

C.

It is for traffic originated from the FortiGate.

D.

It was created by a session helper or ALG.

Full Access
Question # 16

Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

A.

Enable the redistribution of connected routers into BGP.

B.

Enable the redistribution of static routers into BGP.

C.

Disable the setting network-import-check.

D.

Enable the setting ebgp-multipath.

Full Access
Question # 17

How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

A.

FortiManager can download and maintain local copies of FortiGuard databases.

B.

FortiManager supports only FortiGuard push to managed devices.

C.

FortiManager will respond to update requests only if they originate from a managed device.

D.

FortiManager does not support rating requests.

Full Access
Question # 18

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.

Which statement about this setting is true?

A.

It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

B.

It sends a link failed signal to all connected devices.

C.

It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.

D.

It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.

Full Access
Question # 19

Which of the following statements are correct regarding application layer test commands? (Choose two.)

A.

They are used to filter real-time debugs.

B.

They display real-time application debugs.

C.

Some of them display statistics and configuration information about a feature or process.

D.

Some of them can be used to restart an application.

Full Access
Question # 20

What is the diagnose test application ipsmenitor 5 command used for?

A.

To enable IPS bypass mode

B.

To disable the IPS engine

C.

To restart all IPS engines and monitors

D.

To provide information regarding IPS sessions

Full Access
Question # 21

View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

A.

It is currently in system conserve mode because of high CPU usage.

B.

It is currently in FD conserve mode.

C.

It is currently in kernel conserve mode because of high memory usage.

D.

It is currently in system conserve mode because of high memory usage.

Full Access
Question # 22

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

A.

route-reflector enable

B.

route-reflector-server enable

C.

route-reflector-client enable

D.

route-reflector-peer enable

Full Access
Question # 23

Refer to the exhibit, which shows the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

A.

The local router has a different AS number than the remote peer.

B.

The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the openConfirm yet.

C.

The local router initiated the BGP session to 10.200.3.1 but did not receive a response.

D.

The router 10.200.3.1 has authentication configured for BGP and the local router does not.

Full Access
Question # 24

View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A.

10.0.1.240

B.

One of the public FortiGuard distribution servers

C.

10.0.1.244

D.

10.0.1.242

Full Access