Fortinet Troubleshooting Professional v8.0 (NSE7)

Page:    1 / 2   
Total 30 questions

Examine the output of the 'diagnose ips anomaly list' command shown in the exhibit; then answer the question below.


Which IP addresses are included in the output of this command?

  • A. Those whose traffic matches a DoS policy.
  • B. Those whose traffic matches an IPS sensor
  • C. Those whosetraffic exceeded a threshold of a matching DoS policy.
  • D. Those whose traffic was detected as an anomaly by an IPS sensor.


Answer : D

Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:


Which statements are true regarding the output in the exhibit? (Choose two.) messages.
B. Local BGP peer received a prefix for a default route.
after itconfirms the received
prefixes.



Answer : A,B

Examine the following partial outputs from two routing debug commands; then answer the questionbelow.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via
10.200.2.254, port2, [10/0] dO.0.1.0/24 isdirectly connected, port3dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2
Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

  • A. port!
  • B. port2.
  • C. Both portl and port2.
  • D. port3.


Answer : B

An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer thequestion below.



Based on the output in the exhibit, what can cause this authentication problem?

  • A. User student is not found in the LDAP server.
  • B. User student is using a wrong password.
  • C. The FortiGate has been configured with the wrongpassword for the LDAP administrator.
  • D. The FortiGate has been configured with the wrong authentication schema.


Answer : A

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso listFSSO logons-IP: 192.168.3.1 User: STUDENT
Groups:TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING.
LAB.
What should the administrator check?

  • A. The IP address recorded in the logon event for the user STUDENT.
  • B. The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
  • C. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.
  • D. The reserve DNS lookup forthe IP address 192.168.3.1.


Answer : C

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

  • A. Reduce the session time to live.
  • B. Increase the TCP session timers.
  • C. Increase the FortiGuard cache time to live.
  • D. Reduce the maximum file size to inspect.


Answer : A,D

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the
IKE real time debug.
diagnose debug applicationike -1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial- up user is connecting to the VPN?

  • A. Phase 1; IKE mode configuration; XAuth; phase 2.
  • B. Phase 1; XAuth; IKE mode configuration; phase 2.
  • C. Phase 1; XAuth; phase 2, IKE mode configuration.
  • D. Phase 1; IKE mode configuration; phase 2; XAuth.


Answer : D

Examine the following traffic log; then answer the question below. date-20xx-02-01 time=19:52:01 devname=masterdevice_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?

  • A. There is not enough available memory in the system to create a new entry in the NAT port table.
  • B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
  • C. FortiGate does not have any available NAT port for a new connection.
  • D. The limit for the maximum number of entries in the NATport table has been reached.


Answer : B

An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?

  • A. redir
  • B. dirty
  • C. synced
  • D. nds


Answer : C

Examine the partial output from the IKE realtime debugshown in the exhibit; then answer the question below.



Why didn't the tunnel come up?

  • A. IKE mode configuration is not enabled in the remote IPsec gateway.
  • B. The remote gateway's Phase-2 configuration does not match the local gateway's phase- 2configuration.
  • C. The remote gateway's Phase-1 configuration does not match the local gateway's phase- 1 configuration.
  • D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.


Answer : B

Examine the output of the 'diagnose debug rating' commandshown in the exhibit; then answer the question below.


Which statement are true regarding the output in the exhibit? (Choose two.)

  • A. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
  • B. The TZ valuerepresents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
  • C. FortiGate will send the FortiGuard queries to the server with highest weight.
  • D. A server's round trip delay (RTT) is not used to calculate its weight.


Answer : B,C

A FortiGate device has the following LDAP configuration:


Based on the output, what FortiGate LDAP setting is configured incorrectly?

  • A. cnid.
  • B. username.
  • C. password.
  • D. dn.


Answer : B

Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

  • A. diagnose debug application radius -1.
  • B. daignose debug application fnbamd -1.
  • C. diagnose authd console-log enable
  • D. diagnose radius console-log enable


Answer : A

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created an inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routers to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both
VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

  • A. Router ID.
  • B. OSPF interface area.
  • C. OSPF interface cost.
  • D. OSPFinterface MTU.
  • E. Interface subnet mask.


Answer : B,C,D

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after thechanges, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets and before the arrival of the
SYN/ACKs. When the SYN/ACK packetsarrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

  • A. TCP half open.
  • B. TCP half close.
  • C. TCP time wait.
  • D. TCP session time to live.


Answer : D

Page:    1 / 2   
Total 30 questions