Fortinet Fortinet Certifications NSE7_EFW-6.2 Questions & Answers

• Question 31:

  A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

  A. Both session have the local flag on.

  B. The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.

  C. One session has the proxy flag on, the other one does not.

  D. One of the sessions has the IP address of port2 as the source IP address.

  Correct Answer: AD

• Question 32:

  In which two states is a given session categorized as ephemeral? (Choose two.)

  A. A TCP session waiting to complete the three-way handshake.

  B. A TCP session waiting for FIN ACK.

  C. A UDP session with packets sent and received.

  D. A UDP session with only one packet received.

  Correct Answer: BC

• Question 33:

  View the exhibit, which contains a session entry, and then answer the question below.

  

  Which statement is correct regarding this session?

  A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.

  B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.

  C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.

  D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

  Correct Answer: B

• Question 34:

  View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

  

  The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

  

  However, the IKE real time debug does not show any output. Why?

  A. The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.

  B. The log-filter setting was set incorrectly. The VPN's traffic does not match this filter.

  C. The debug shows only error messages. If there is no output, then the tunnel is operating normally.

  D. The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

  Correct Answer: B

• Question 35:

  View the exhibit, which contains the output of a diagnose command, and then answer the question below.

  

  What statements are correct regarding the output? (Choose two.)

  A. This is an expected session created by a session helper.

  B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

  C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

  D. This is an expected session created by an application control profile.

  Correct Answer: AC

• Question 36:

  Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

  A. It caches available firmware updates for unmanaged devices.

  B. It can be configured as an update server, or a rating server, but not both.

  C. It supports rating requests from both managed and unmanaged devices.

  D. It provides VM license validation services.

  Correct Answer: AD

• Question 37:

  View the exhibit, which contains the output of a diagnose command, and the answer the question below.

  

  Which statements are true regarding the Weight value?

  A. Its initial value is calculated based on the round trip delay (RTT).

  B. Its initial value is statically set to 10.

  C. Its value is incremented with each packet lost.

  D. It determines which FortiGuard server is used for license validation.

  Correct Answer: C

• Question 38:

  View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below. The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

  A. Change phase 1 encryption to AESCBC and authentication to SHA128.

  B. Change phase 1 encryption to 3DES and authentication to CBC.

  C. Change phase 1 encryption to AES128 and authentication to SHA512.

  D. Change phase 1 encryption to 3DES and authentication to SHA256.

  Correct Answer: B

• Question 39:

  View the exhibit, which contains the output of a diagnose command, and then answer the question below.

  

  Which statements are true regarding the output in the exhibit? (Choose two.)

  A. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.

  B. Servers with the D flag are considered to be down.

  C. Servers with a negative TZ value are experiencing a service outage.

  D. FortiGate used 209.222.147.3 as the initial server to validate its contract.

  Correct Answer: AD

  A ?because flag is Failed so fortigate will check if server is available every 15 min D-state is I , contact to validate contract info

• Question 40:

  What does the dirty flag mean in a FortiGate session?

  A. Traffic has been blocked by the antivirus inspection.

  B. The next packet must be re-evaluated against the firewall policies.

  C. The session must be removed from the former primary unit after an HA failover.

  D. Traffic has been identified as from an application that is not allowed.

  Correct Answer: B

  https://kb.fortinet.com/kb/viewContent.do?externalId=FD40119andsliceId=1