Fortinet NSE7_EFW-6.4 - Fortinet NSE 7 - Enterprise Firewall 6.4 Exam
Page: 2 / 7
Total 35 questions
Question #6 (Topic: Single Topic)
Refer to the exhibit, which shows the output of a BGP debug command.
Which statement about the exhibit is true?
Which statement about the exhibit is true?
A. The local router has not established a TCP session with 100.64.3.1
B. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
C. Since the counters were last reset, the 100.64.3.1 peer has never been down.
D. The local router has received a total of three BGP prefixes from all peers.
Answer: A
Question #7 (Topic: Single Topic)
Refer to the exhibit, which contains a TCL script configuration on FortiManager.
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.
Why did the TCL script fail to make any changes to the managed device?
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.
Why did the TCL script fail to make any changes to the managed device?
A. The TCL script must start with #include <>.
B. The TCL command run_cmd has not been created.
C. Changes to an interface configuration can be made only by a CLI script.
D. Incomplete commands are ignored in TCL scripts.
Answer: B
Question #8 (Topic: Single Topic)
Refer to the exhibit, which contains the debug output of diagnose dvm device list.
Which two statements about the output shown in the exhibit are correct? (Choose two.)
Which two statements about the output shown in the exhibit are correct? (Choose two.)
A. ADOMs are disabled on the FortiManager
B. The FortiGate configuration is in sync with latest running revision history.
C. There are pending device-level changes yet to be installed on Local-FortiGate.
D. The policy package has been modified for Local-FortiGate.
Answer: BC
Question #9 (Topic: Single Topic)
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web
filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web
filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?
A. The administrator must increase webfilter-timeout.
B. The administrator must disable webfilter-force-off.
C. The administrator must change protocol to TCP.
D. The administrator must enable fortiguard-anycast.
Answer: B
Question #10 (Topic: Single Topic)
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the
server name indication (SNI) extension?
server name indication (SNI) extension?
A. FortiGate uses the CN information from the Subject field in the server certificate.
B. FortiGate switches to the full SSL inspection method to decrypt the data.
C. FortiGate uses the requested URL from the userג€™s web browser.
D. FortiGate blocks the request without any further inspection.
Answer: A
