Fortinet Fortinet Certifications NSE7_EFW-7.0 Questions & Answers

• Question 111:

  Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

  A. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

  B. FortiGate limits the total number of simultaneous explicit web proxy users.

  C. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator

  D. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

  Correct Answer: B

  Explanation: https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt- 52/web_proxy.htm#Explicit2 The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higher than the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

• Question 112:

  Which of the following statements are correct regarding application layer test commands? (Choose two.)

  A. They are used to filter real-time debugs.

  B. They display real-time application debugs.

  C. Some of them display statistics and configuration information about a feature or process.

  D. Some of them can be used to restart an application.

  Correct Answer: CD

  Application layer test commands don't display info in real time, but they do show statistics and configuration info about a feature or process. You can also use some of these commands to restart a process or execute a change in its operation.

• Question 113:

  Refer to the exhibit, which contains partial output from an IKE real-time debug.

  

  Which two statements about this debug output are correct? (Choose two.)

  A. The remote gateway IP address is 10.0.0.1.

  B. The initiator provided remote as its IPsec peer ID.

  C. It shows a phase 1 negotiation.

  D. The negotiation is using AES128 encryption with CBC hash.

  Correct Answer: BC

• Question 114:

  What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

  A. A process crash.

  B. Configuration changes.

  C. Changes in the status of any of the FortiGuard licenses.

  D. System entering to and leaving from the proxy conserve mode.

  Correct Answer: AD

  diagnose debug crashlog read

  275: 2014-08-05 13:03:53 proxy=acceptor service=imap session fail mode=activated276: 2014-08-05 13:03:53 proxy=acceptor service=ftp session fail mode=activated277: 2014-08-05 13:03:53 proxy=acceptor service=nntp session fail mode=activated278: 2014-08-06 11:05:47 service=kernel conserve=on free="45034 pages" red="45874 pages" msg="Kernel279: 2014-08-06 11:05:47 enters conserve mode"280: 2014-08-06 13:07:16 service=kernel conserve=exit free="86704 pages" green="68811 pages"281: 2014-08-06 13:07:16 msg="Kernel leaves conserve mode"282: 2014-08-06 13:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201283: 2014-08-06 13:07:16 marginexit=302

• Question 115:

  View the IPS exit log, and then answer the question below.

  # diagnose test application ipsmonitor 3

  ipsengine exit log"

  pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017

  code = 11, reason: manual

  What is the status of IPS on this FortiGate?

  A. IPS engine memory consumption has exceeded the model-specific predefined value.

  B. IPS daemon experienced a crash.

  C. There are communication problems between the IPS engine and the management database.

  D. All IPS-related features have been disabled in FortiGate's configuration.

  Correct Answer: D

  The command diagnose test application ipsmonitor includes many options that are useful for troubleshooting purposes.Option 3 displays the log entries generated every time an IPS engine process stopped. There are various reasons why these logs are generated:Manual: Because of the configuration, IPS no longer needs to run (that is, all IPS-releated features have been disabled)

• Question 116:

  Examine the output of the `get router info bgp summary' command shown in the exhibit; then answer the question below.

  

  Which statements are true regarding the output in the exhibit? (Choose two.)

  A. BGP state of the peer 10.125.0.60 is Established.

  B. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.

  C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.

  D. The local BGP peer has received a total of 3 BGP prefixes.

  Correct Answer: AC

• Question 117:

  Which two statements about conserve mode are true? (Choose two.)

  A. FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

  B. FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

  C. FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

  D. FortiGate exits conserve mode when the system memory goes below the configured green threshold.

  Correct Answer: AD

• Question 118:

  Refer to the exhibit, which contains the output of a debug command.

  

  If the default settings are in place, what can be concluded about the conserve mode shown in the exhibit?

  A. FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings due to high memory use.

  B. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.

  C. FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.

  D. FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.

  Correct Answer: C

• Question 119:

  Refer to the exhibit, which shows the output of a BGP debug command.

  

  Which statement explains why the state of the 10.200.3.1 peer is Connect?

  A. The local router has a different AS number than the remote peer.

  B. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the openConfirm yet.

  C. The local router initiated the BGP session to 10.200.3.1 but did not receive a response.

  D. The router 10.200.3.1 has authentication configured for BGP and the local router does not.

  Correct Answer: C

• Question 120:

  View the exhibit, which contains an entry in the session table, and then answer the question below.

  

  Which one of the following statements is true regarding FortiGate's inspection of this session?

  A. FortiGate applied proxy-based inspection.

  B. FortiGate forwarded this session without any inspection.

  C. FortiGate applied flow-based inspection.

  D. FortiGate applied explicit proxy-based inspection.

  Correct Answer: A

  https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042