Fortinet Fortinet Certifications NSE7_EFW-7.0 Questions & Answers

• Question 131:

  What is the diagnose test application ipsmenitor 5 command used for?

  A. To enable IPS bypass mode

  B. To disable the IPS engine

  C. To restart all IPS engines and monitors

  D. To provide information regarding IPS sessions

  Correct Answer: A

  Explanation: # diagnose test application ipsmonitor

  5: Toggle bypass status

  13: IPS session list

  98: Stop all IPS engines

  99: Restart all IPS engines and monitor

• Question 132:

  A FortiGate device has the following LDAP configuration:

  

  The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:

  >dsquery user -samid administrator

  "CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"

  Based on the output, what FortiGate LDAP setting is configured incorrectly?

  A. cnid.

  B. username.

  C. password.

  D. dn.

  Correct Answer: B

  https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516

• Question 133:

  An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.

  If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

  A. diagnose sniffer packet any `ah'

  B. diagnose sniffer packet any `ip proto 50'

  C. diagnose sniffer packet any `udp port 4500'

  D. diagnose sniffer packet any `udp port 500'

  Correct Answer: B

  Explanation: Enterprise_Firewall_7.0_Study_Guide-Online.pdf p. 443 Phase 2 : ESP => IP protocol 50

  This command will capture any packets that use the IP protocol number 50, which is ESP (Encapsulating Security Payload). ESP is used to encrypt and authenticate the phase 2 traffic between two FortiGate devices1.

• Question 134:

  Which two statements about the Security Fabric are true? (Choose two.)

  A. Only the root FortiGate collects network information and forwards it to FortiAnalyzer.

  B. FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.

  C. All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity.

  D. Branch FortiGate devices must be configured first.

  Correct Answer: BC

  Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/327890/deploying- security-fabric

• Question 135:

  The CLI command set intelligent-mode controls the IPS engine's adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

  A. Determines the optimal number of IPS engines required based on system load.

  B. Downloads signatures on demand from FDS based on scanning requirements.

  C. Determines when it is secure enough to stop scanning session traffic.

  D. Choose a matching algorithm based on available memory and the type of inspection being performed.

  Correct Answer: C

  Configuring IPS intelligenceStarting with FortiOS 5.2, intelligent-mode is a new adaptive detection method. This command is enabled the default and it means that the IPS engine will perform adaptive scanning so that, for some traffic, the FortiGate can quickly finish scanning and offload the traffic to NPU or kernel. It is a balanced method which could cover all known exploits. When disabled, the IPS engine scans every single byte. config ips globalset intelligent-mode {enable|disable}end

• Question 136:

  Refer to the exhibit, which shows a partial routing table.

  

  Assuming all the appropriate firewall policies are configured, what two changes would an administrator need to make if they wanted to send traffic from a client directly connected to port3, to a server directly connected to port4? (Choose two.)

  A. Configure route leaking between VRF 12 and VRF 21.

  B. Disable auto-asic-offload as this is not supported between VRF instances.

  C. Configure RIPv2 to exchange route information between the VRF instances.

  D. Configure route leaking between port3 and port4.

  E. Enable SNAT on the relevant firewall policies to prevent RPF check drops.

  Correct Answer: AE

  Explanation: Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 148, 159

• Question 137:

  Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

  A. Preview pending configuration changes for managed devices.

  B. Add devices to FortiManager.

  C. Import policy packages from managed devices.

  D. Install configuration changes to managed devices.

  E. Import interface mappings from managed devices.

  Correct Answer: AD

  https://help.fortinet.com/fmgr/50hlp/56/5-62/FortiManager_Admin_Guide/1000_Device%20Manager/1200_install_to%20devices/0400 _Install%20wizard-device%20settings.htm There are 4 main wizards:Add Device: is used to add devices to central management and import their configurations. Install: is used to install configuration changes from Device Manager or Policies and Objects to themanaged devices. It allows you to preview the changes and, if the administrator doesn't agree with the changes, cancel and modify them. Import policy: is used to import interface mapping, policy database, and objects associated with the managed devices into a policy package under the Policy and Object tab. It runs with the Add Device wizard by default and may be run at any time from the managed device list. Re-install policy: is used to perform a quick install of the policy package. It doesn't give the ability to preview the changes that will be installed to the managed device.

• Question 138:

  Which two statements about OCVPN are true? (Choose two.)

  A. Only root vdom supports OCVPN.

  B. OCVPN supports static and dynamic IPs in WAN interface.

  C. OCVPN offers only Hub-Spoke VPNs.

  D. FortiGate devices under different FortiCare accounts can be used to form OCVPN.

  Correct Answer: AB

  Reference: https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/977344/one-click-vpn-ocvpn https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/496884/overlay-controller-vpn- ocvpn

• Question 139:

  View the exhibit, which contains the output of a diagnose command, and then answer the question below.

  

  What statements are correct regarding the output? (Choose two.)

  A. This is an expected session created by a session helper.

  B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

  C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

  D. This is an expected session created by an application control profile.

  Correct Answer: AC

• Question 140:

  Examine the following routing table and BGP configuration; then answer the question below.

  

  TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

  A. Enable the redistribution of connected routers into BGP.

  B. Enable the redistribution of static routers into BGP.

  C. Disable the setting network-import-check.

  D. Enable the setting ebgp-multipath.

  Correct Answer: C