NSE7 Enterprise Firewall - FortiOS 5.4 v1.0 (NSE7)

Page:    1 / 5   
Total 78 questions

View the exhibit, which contains the output of a debug command, and then answer the question below.


Which of the following statements about the exhibit are true? (Choose two.)

  • A. In the network on port4, two OSPF routers are down.
  • B. Port4 is connected to the OSPF backbone area.
  • C. The local FortiGate"™s OSPF router ID is 0.0.0.4
  • D. The local FortiGate has been elected as the OSPF backup designated router.


Answer : BC

How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

  • A. FortiManager can download and maintain local copies of FortiGuard databases.
  • B. FortiManager supports only FortiGuard push to managed devices.
  • C. FortiManager will respond to update requests only if they originate from a managed device.
  • D. FortiManager does not support rating requests.


Answer : A

View the exhibit, which contains the output of a real-time debug, and then answer the question below.


Which of the following statements is true regarding this output? (Choose two.)

  • A. This web request was inspected using the root web filter profile.
  • B. FortiGate found the requested URL in its local cache.
  • C. The requested URL belongs to category ID 52.
  • D. The web request was allowed by FortiGate.


Answer : BC

What is the purpose of an internal segmentation firewall (ISFW)?

  • A. It inspects incoming traffic to protect services in the corporate DMZ.
  • B. It is the first line of defense at the network perimeter.
  • C. It splits the network into multiple security segments to minimize the impact of breaches.
  • D. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.


Answer : C

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7.... ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430 ike 0: in BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C0000000100000001000000300101000 ike 0:RemoteSite:4: initiator: aggressive mode get 1st response... ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7 ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727) ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:RemoteSite:4: received peer identifier FQDN "˜remore"™ ike 0:RemoteSite:4: negotiation result ike 0:RemoteSite:4: proposal id = 1: ike 0:RemoteSite:4: protocol id = ISAKMP: ike 0:RemoteSite:4: trans_id = KEY_IKE. ike 0:RemoteSite:4: encapsulation = IKE/none ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key ""len=128 ike 0:RemoteSite:4: type=OAKLEY_HASH_ALG, val=SHA. ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY. ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024. ike 0:RemoteSite:4: ISAKMP SA lifetime=86400 ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16: B25B6C9384D8BDB24E3DA3DC90CF5E73 ike 0:RemoteSite:4: PSK authentication succeeded ike 0:RemoteSite:4: authentication OK ike 0:RemoteSite:4: add INITIAL-CONTACT ike 0:RemoteSite:4: enc BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12 ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140, id=baf47d0988e9237f/2 ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fda
Which statements about this debug output are correct? (Choose two.)

  • A. The remote gateway IP address is 10.0.0.1.
  • B. It shows a phase 1 negotiation.
  • C. The negotiation is using AES128 encryption with CBC hash.
  • D. The initiator has provided remote as its IPsec peer ID.


Answer : BD

Which of the following statements are correct regarding application layer test commands? (Choose two.)

  • A. They are used to filter real-time debugs.
  • B. They display real-time application debugs.
  • C. Some of them display statistics and configuration information about a feature or process.
  • D. Some of them can be used to restart an application.


Answer : BC

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?

  • A. FortiGate uses the Issued To: field in the server"™s certificate.
  • B. FortiGate switches to the full SSL inspection method to decrypt the data.
  • C. FortiGate blocks the request without any further inspection.
  • D. FortiGate uses the requested URL from the user"™s web browser.


Answer : D

What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?

  • A. av-failopen
  • B. mem-failopen
  • C. utm-failopen
  • D. ips-failopen


Answer : A

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.


Which of the following statements about the exhibit are true? (Choose two.)

  • A. For the peer 10.125.0.60, the BGP state of is Established.
  • B. The local BGP peer has received a total of three BGP prefixes.
  • C. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.
  • D. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.


Answer : AD

View the exhibit, which contains the output of a web diagnose command, and then answer the question below.


Which one of the following statements explains why the cache statistics are all zeros?

  • A. The administrator has reallocated the cache memory to a separate process.
  • B. There are no users making web requests.
  • C. The FortiGuard web filter cache is disabled in the FortiGate"™s configuration.
  • D. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.


Answer : C

View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.


Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

  • A. auto-discovery-sender
  • B. auto-discovery-forwarder
  • C. auto-discovery-shortcut
  • D. auto-discovery-receiver


Answer : A

View the global IPS configuration, and then answer the question below.


Which of the following statements is true regarding this configuration?

  • A. IPS will scan every byte in every session.
  • B. FortiGate will spawn IPS engine instances based on the system load.
  • C. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.
  • D. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.


Answer : A

View the following FortiGate configuration.


All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user"™s session?

  • A. The session would remain in the session table, and its traffic would still egress from port1.
  • B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
  • C. The session would remain in the session table, and its traffic would start to egress from port2.
  • D. The session would be deleted, so the client would need to start a new session.


Answer : A

View the exhibit, which contains the output of a diagnose command, and then answer the question below.


Which statements are true regarding the output in the exhibit? (Choose two.)

  • A. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
  • B. Servers with the D flag are considered to be down.
  • C. Servers with a negative TZ value are experiencing a service outage.
  • D. FortiGate used 209.222.147.3 as the initial server to validate its contract.


Answer : CD

What does the dirty flag mean in a FortiGate session?

  • A. Traffic has been blocked by the antivirus inspection.
  • B. The next packet must be re-evaluated against the firewall policies.
  • C. The session must be removed from the former primary unit after an HA failover.
  • D. Traffic has been identified as from an application that is not allowed.


Answer : B

Page:    1 / 5   
Total 78 questions