Fortinet Fortinet Certifications NSE7_EFW-6.4 Questions & Answers

• Question 21:

  A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

  A. Firewall monitor.

  B. Policy monitor.

  C. Logs.

  D. Crashlogs.

  Correct Answer: CD

• Question 22:

  Refer to the exhibit, which contains the debug output of diagnose dvm device list.

  

  Which two statements about the output shown in the exhibit are correct? (Choose two.)

  A. ADOMs are disabled on the FortiManager

  B. The FortiGate configuration is in sync with latest running revision history.

  C. There are pending device-level changes yet to be installed on Local-FortiGate.

  D. The policy package has been modified for Local-FortiGate.

  Correct Answer: BC

  Reference: https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade- guide/959309/cli-example-ofdiagnose-dvm-device-list

• Question 23:

  When does a RADIUS server send an Access-Challenge packet?

  A. The server does not have the user credentials yet.

  B. The server requires more information from the user, such as the token code for two- factor authentication.

  C. The user credentials are wrong.

  D. The user account is not found in the server.

  Correct Answer: B

• Question 24:

  Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

  A. Neighbor range

  B. Route reflector

  C. Next-hop-self

  D. Neighbor group

  Correct Answer: B

  Route reflectors help to reduce the number of IBGP sessions inside an AS. A route reflector forwards the routers learned from one peer to the other peers. If you configure route reflectors, you dont' need to create a full mesh IBGP network. All clients in a cluster only talck to route reflector to get sync routing updates. Route reflectors pass the routing updates to other route reflectors and border routers within the AS.

• Question 25:

  An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

  A. TCP half open.

  B. TCP half close.

  C. TCP time wait.

  D. TCP session time to live.

  Correct Answer: A

  http://docs-legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/common/html/wwhelp.htm?context=f gtandfile=CLI_get_Commands.58.25.html The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACKremains in the table. The tcp-halfclose-timer controls for how long, after a FIN packet, a session without FIN/ACKremains in the table. The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in thetable. A closed session remains in the session table for a few seconds more to allow any out-of-sequence packet.

• Question 26:

  The CLI command set intelligent-mode controls the IPS engine's adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

  A. Determines the optimal number of IPS engines required based on system load.

  B. Downloads signatures on demand from FDS based on scanning requirements.

  C. Determines when it is secure enough to stop scanning session traffic.

  D. Choose a matching algorithm based on available memory and the type of inspection being performed.

  Correct Answer: C

  Configuring IPS intelligenceStarting with FortiOS 5.2, intelligent-mode is a new adaptive detection method. This command is enabled the default and it means that the IPS engine will perform adaptive scanning so that, for some traffic, the FortiGate can quickly finish scanning and offload the traffic to NPU or kernel. It is a balanced method which could cover all known exploits. When disabled, the IPS engine scans every single byte. config ips globalset intelligent-mode {enable|disable}end

• Question 27:

  Refer to the exhibit, which contains the partial output of a diagnose command.

  

  Based on the output, which two statements are correct? (Choose two.)

  A. Anti-replay is enabled.

  B. DPD is disabled.

  C. Remote gateway IP is 10.200.4.1.

  D. Quick mode selectors are disabled.

  Correct Answer: AC

• Question 28:

  Refer to the exhibit, which shows a session entry. Which statement about this session is true?

  

  A. It is an ICMP session from 10.1.10.10 to 10.200.5. 1.

  B. It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.

  C. It is an ICMP session from 10.1.10.10 to 10.200.1.1.

  D. It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

  Correct Answer: A

• Question 29:

  When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?

  A. FortiGate uses the requested URL from the user's web browser.

  B. FortiGate uses the CN information from the Subject field in the server certificate.

  C. FortiGate blocks the request without any further inspection.

  D. FortiGate switches to the full SSL inspection method to decrypt the data.

  Correct Answer: B

• Question 30:

  Examine the following partial output from two system debug commands; then answer the question below.

  

  Which of the following statements are true regarding the above outputs? (Choose two.)

  A. The unit is running a 32-bit FortiOS

  B. The unit is in kernel conserve mode

  C. The Cached value is always the Active value plus the Inactive value

  D. Kernel indirectly accesses the low memory (LowTotal) through memory paging

  Correct Answer: AC