Fortinet NSE 7 - Enterprise Firewall 6.4 v1.0 (NSE7-EFW-6.4)

Page:    1 / 3   
Total 38 questions

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.
Which statement about this setting is true?

  • A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
  • B. It sends a link failed signal to all connected devices.
  • C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.
  • D. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.


Answer : D

Reference:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40860&sliceId=1


Refer to the exhibit, which shows the output of a diagnose command.


Which two statements about the output in the exhibit are true? (Choose two.)

  • A. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
  • B. Servers with a negative TZ value are experiencing a service outage.
  • C. Servers with the D flag are considered to be down.
  • D. FortiGate used 209.222.147.36 as the initial server to validate its contract.


Answer : AD

Explanation:
15 minutes is the default probing time, where the F flag is for failed connection. Flag I represents the Initial request on 209.222.147.36.

Refer to the exhibit, which shows a session table entry.


Which statement about FortiGate inspection of this session is true?

  • A. FortiGate forwarded this session without any inspection.
  • B. FortiGate applied proxy-based inspection.
  • C. FortiGate applied flow-based NGFW policy-based inspection.
  • D. FortiGate applied flow-based inspection.


Answer : B

Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

  • A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.
  • B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
  • C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.
  • D. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.


Answer : AB

Reference:
https://docs.fortinet.com/document/fortimanager/6.2.1/administration-guide/71780/cli-scripts


Refer to the exhibits, which show the configuration on FortiGate and partial session information.



All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network.
If the priority on route ID 1 were changes from 5 to 20, what would happen to traffic matching that user session?

  • A. The session would remain in the session table, and its traffic would still egress from port1.
  • B. The session would be deleted, and the client would need to start a new session.
  • C. The session would remain in the session table, and its traffic would start to egress from port2.
  • D. The session would remain in the session table, but its traffic would now egress from both port1 and port2.


Answer : A

Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40943


Refer to the exhibit, which shows the output of diagnose sys session list.


If the HA ID for the primary device is 0, which statement about the output is true?

  • A. This session cannot be synced with the secondary device.
  • B. This session is for HA talk traffic.
  • C. The inspection of this session has been offloaded to the secondary device.
  • D. The master unit is processing this traffic


Answer : D

Refer to the exhibit, which shows the output of diagnose sys session stat.


Which two statements about the output shown in the exhibit are correct? (Choose two.)

  • A. All the sessions in the session table are TCP sessions.
  • B. No sessions have been deleted because of memory page exhaustion.
  • C. There are 0 ephemeral sessions.
  • D. There are 166 TCP sessions waiting to complete the three-way handshake.


Answer : BC

Refer to the exhibit, which shows a partial routing table.


Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)

  • A. Source IP address: 10.73.9.10, Destination IP address: 10.72.3.15
  • B. Source IP address: 10.72.3.52, Destination IP address: 10.1.0.254
  • C. Source IP address: 10.10.4.24, Destination IP address: 10.72.3.20
  • D. Source IP address: 10.1.0.10, Destination IP address: 10.64.1.52


Answer : BD

Explanation:
Only the source/destination pairs within the same VRF will be able to ping each other.

Refer to the exhibit, which contains partial output from an IKE real-time debug.


Why did the tunnel not come up?

  • A. The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration.
  • B. The pre-shared keys do not match.
  • C. The remote gateway is configured to use aggressive mode and the local gateway is configured to use main mode.
  • D. The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration.


Answer : A

Explanation:
ISAKMP negotiation failed, which is a phase 1 function.

How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

  • A. FortiManager will respond to update requests only from a managed device.
  • B. FortiManager can download and maintain local copies of FortiGuard databases.
  • C. FortiManager does not support web filter rating requests.
  • D. FortiManager supports only FortiGuard push update to managed devices.


Answer : B

Reference:
https://docs.fortinet.com/document/fortimanager/6.0.6/cli-reference/330471/fds-setting#fds-setting


Refer to the exhibit, which shows the output of a web filtering diagnose command.


Which statement explains why the cache statistics are all zeros?

  • A. The FortiGuard web filter cache is disabled in the FortiGate configuration.
  • B. There are no users making web requests.
  • C. FortiGate is using flow-based inspection, which does not use the cache.
  • D. The administrator has reallocated the cache memory to a separate process.


Answer : A

Reference:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/406127/filtering


What does the dirty flag mean in a FortiGate session?

  • A. The next packet must be re-evaluated against the firewall policies.
  • B. Traffic has been identified as coming from an application that is not allowed.
  • C. Traffic has been blocked by the antivirus inspection.
  • D. The session must be removed from the former primary unit after an HA failover.


Answer : A

Reference:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40119&sliceId=1


An administrator wants to capture ESP traffic between two Fortigate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

  • A. diagnose sniffer packet any ג€˜espג€™
  • B. diagnose sniffer packet any ג€˜udp port 4500ג€™
  • C. diagnose sniffer packet any ג€˜tcp port 500 or tcp port 4500ג€™
  • D. diagnose sniffer packet any ג€˜udp port 500ג€™


Answer : A

Reference:
https://docs.fortinet.com/document/fortiadc/6.0.1/cli-reference/395933/diagnose-sniffer-packet


Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

  • A. OSPF peer IDs match
  • B. IP addresses are in the same subnet
  • C. Hello and dead intervals match
  • D. OSPF IP MTUs match
  • E. OSPF costs match


Answer : BCD

Reference:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-advanced-routing-54/Routing_OSPF/OSPF_Background_Concepts.htm#Adjacenc


Refer to the exhibit, which contains the output of a debug command.


What can be concluded about the conserve mode shown in the exhibit?

  • A. It is currently in memory conserve mode because of high memory usage.
  • B. It is currently in extreme conserve mode because of high memory usage.
  • C. It is currently in system conserve mode because of high CPU usage.
  • D. It is currently in proxy conserve mode because of high memory usage.


Answer : A

Reference:
https://www.fortinetguru.com/2017/09/fortigate-conserve-mode-changes-242562-386503/


Page:    1 / 3   
Total 38 questions