Fortinet NSE7_NST-7.2 - Fortinet NSE 7 - Network Security 7.2 Support Engineer Exam
Page: 2 / 15
Total 71 questions
Question #6 (Topic: Exam A)
Which statement about IKE and IKE NAT-T is true?
A. IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.
B. IKE is the standard implementation for IKEv1 and IKE NAT-T is an extension added in IKEv2.
C. They each use their own IP protocol number.
D. They both use UDP as their transport protocol and the port number is configurable.
Answer: D
Question #7 (Topic: Exam A)
Refer to the exhibit, which shows the output of diagnose sys session list.
If the HA ID for the primary device is 0, what happens if the primary fails and the secondary becomes the primary?
If the HA ID for the primary device is 0, what happens if the primary fails and the secondary becomes the primary?
A. The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.
B. The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.
C. Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.
D. The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.
Answer: C
Question #8 (Topic: Exam A)
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
A. OSPF link costs match.
B. OSPF interface priority settings are unique.
C. OSPF interface network types match.
D. Authentication settings match.
E. OSPF router IDs are unique.
Answer: CDE
Question #9 (Topic: Exam A)
Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.
If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?
If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?
A. The session would be deleted, and the client would need to start a new session.
B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
C. The session would remain in the session table, and its traffic would egress from port2.
D. The session would remain in the session table, and its traffic would egress from port1.
Answer: A
Question #10 (Topic: Exam A)
Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.
What three conclusions can you draw from these log entries? (Choose three.)
What three conclusions can you draw from these log entries? (Choose three.)
A. Remote registry is not running on the workstation.
B. The FortiGate firmware version is not compatible with that of the collector agent.
C. DNS resolution is unable to resolve the workstation name.
D. The user’s status shows as “not verified” in the collector agent.
E. A firewall is blocking traffic to port 139 and 445.
Answer: ADE
