Fortinet Fortinet Certifications NSE7_EFW-6.2 Questions & Answers

• Question 61:

  Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

  A. The next-hop IP address is up.

  B. There is no other route, to the same destination, with a higher distance.

  C. The link health monitor (if configured) is up.

  D. The next-hop IP address belongs to one of the outgoing interface subnets.

  E. The outgoing interface is up.

  Correct Answer: CDE

  A configured static route only goes to routing table from routing database when all the following are met : The outgoing interface is up There is no other matching route with a lower distance The link health monitor (if configured) is successful The next-hop IP address belongs to one of the outgoing interface subnets

• Question 62:

  View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

  

  Based on the output, which of the following statements is correct?

  A. Anti-reply is enabled.

  B. DPD is disabled.

  C. Quick mode selectors are disabled.

  D. Remote gateway IP is 10.200.5.1.

  Correct Answer: A

• Question 63:

  View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

  

  Why didn't the tunnel come up?

  A. The pre-shared keys do not match.

  B. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.

  C. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

  D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

  Correct Answer: C

• Question 64:

  An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

  A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

  B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

  C. Sends a link failed signal to all connected devices.

  D. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

  Correct Answer: A

• Question 65:

  View these partial outputs from two routing debug commands:

  

  Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

  A. Both port1 and port2

  B. port3

  C. port1

  D. port2

  Correct Answer: C

• Question 66:

  What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

  A. IP addresses are in the same subnet.

  B. Hello and dead intervals match.

  C. OSPF IP MTUs match.

  D. OSPF peer IDs match.

  E. OSPF costs match.

  Correct Answer: ABC

  https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-advanced-routing- 54/Routing_OSPF/ OSPF_Background_Concepts.htm#Adjacenc

• Question 67:

  View the IPS exit log, and then answer the question below.

  # diagnose test application ipsmonitor 3

  ipsengine exit log"

  pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017 code = 11, reason: manual

  What is the status of IPS on this FortiGate?

  A. IPS engine memory consumption has exceeded the model-specific predefined value.

  B. IPS daemon experienced a crash.

  C. There are communication problems between the IPS engine and the management database.

  D. All IPS-related features have been disabled in FortiGate's configuration.

  Correct Answer: D

  The command diagnose test application ipsmonitor includes many options that are useful for

  troubleshooting purposes.

  Option 3 displays the log entries generated every time an IPS engine process stopped. There are various

  reasons why these logs are generated:

  Manual: Because of the configuration, IPS no longer needs to run (that is, all IPS-releated features have

  been disabled)

• Question 68:

  View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

  

  If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

  A. This session is for HA heartbeat traffic.

  B. This session is synced with the slave unit.

  C. The inspection of this session has been offloaded to the slave unit.

  D. This session cannot be synced with the slave unit.

  Correct Answer: B

• Question 69:

  Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

  A. Preview pending configuration changes for managed devices.

  B. Add devices to FortiManager.

  C. Import policy packages from managed devices.

  D. Install configuration changes to managed devices.

  E. Import interface mappings from managed devices.

  Correct Answer: AD

  https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device% 20Manager/1200_install_to%20devices/0400_Install% 20wizard-device%20settings.htm There are 4 main wizards: Add Device: is used to add devices to central management and import their configurations. Install: is used to install configuration changes from Device Manager or Policies and Objects to the managed devices. It allows you to preview the changes and, if the administrator doesn't agree with the changes, cancel and modify them. Import policy: is used to import interface mapping, policy database, and objects associated with the managed devices into a policy package under the Policy and Object tab. It runs with the Add Device wizard by default and may be run at any time from the managed device list. Re-install policy: is used to perform a quick install of the policy package. It doesn't give the ability to preview the changes that will be installed to the managed device.

• Question 70:

  Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

  A. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.

  B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.

  C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.

  D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

  Correct Answer: BD

  CLI scripts can be run in three different ways: Device Database: By default, a script is executed on the device database. It is recommend you run the changes on the device database (default setting), as this allows you to check what configuration changes you will send to the managed device. Once scripts are run on the device database, you can install these changes to a managed device using the installation wizard. Policy Package, ADOM database: If a script contains changes related to ADOM level objects and policies, you can change the default selection to run on Policy Package, ADOM database and can then be installed using the installation wizard. Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don't need to install these changes using the installation wizard. As the changes are directly installed on the managed device, no option is provided to verify and check the configuration changes through FortiManager prior to executing it.