Fortinet Fortinet Certifications NSE7_EFW Questions & Answers

• Question 41:

  View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

  

  Which of the following statements about the exhibit are true? (Choose two.)

  A. For the peer 10.125.0.60, the BGP state of is Established.

  B. The local BGP peer has received a total of three BGP prefixes.

  C. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

  D. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

  Correct Answer: BC

• Question 42:

  Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator

  has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated

  MAC address problem in the network.

  What HA setting must be changed in one of the HA clusters to fix the problem?

  A. Group ID.

  B. Group name.

  C. Session pickup.

  D. Gratuitous ARPs.

  Correct Answer: A

• Question 43:

  Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

  A. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

  B. FortiGate limits the total number of simultaneous explicit web proxy users.

  C. FortiGate limits the number of simultaneous sessions per explicit web proxy user. The limit CAN be modified by the administrator.

  D. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

  Correct Answer: C

• Question 44:

  When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?

  A. FortiGate uses the Issued To: field in the server's certificate.

  B. FortiGate switches to the full SSL inspection method to decrypt the data.

  C. FortiGate blocks the request without any further inspection.

  D. FortiGate uses the requested URL from the user's web browser.

  Correct Answer: D

• Question 45:

  Examine the output of the `get router info ospf neighbor' command shown in the exhibit; then answer the question below.

  

  Which statements are true regarding the output in the exhibit? (Choose two.)

  A. The interface ToRemote is OSPF network type point-to-point.

  B. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.

  C. The local FortiGate is the backup designated router for the wan1 network.

  D. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1 network.

  Correct Answer: AC

• Question 46:

  How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

  A. FortiManager can download and maintain local copies of FortiGuard databases.

  B. FortiManager supports only FortiGuard push to managed devices.

  C. FortiManager will respond to update requests only if they originate from a managed device.

  D. FortiManager does not support rating requests.

  Correct Answer: A

• Question 47:

  An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

  

  Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

  A. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

  B. Redirection of HTTP to HTTPS administrative access is disabled.

  C. HTTP administrative access is configured with a port number different than 80.

  D. The packet is denied because of reverse path forwarding check.

  Correct Answer: AC

• Question 48:

  Examine the following partial outputs from two routing debug commands; then answer the question below:

  

  Why the default route using port2 is not displayed in the output of the second command?

  A. It has a lower priority than the default route using port1.

  B. It has a higher priority than the default route using port1.

  C. It has a higher distance than the default route using port1.

  D. It is disabled in the FortiGate configuration.

  Correct Answer: A

• Question 49:

  Examine the output of the `get router info ospf interface' command shown in the exhibit; then answer the question below.

  

  Which statements are true regarding the above output? (Choose two.)

  A. The port4 interface is connected to the OSPF backbone area.

  B. The local FortiGate has been elected as the OSPF backup designated router.

  C. There are at least 5 OSPF routers connected to the port4 network.

  D. Two OSPF routers are down in the port4 network.

  Correct Answer: AD

• Question 50:

  Examine the following partial outputs from two routing debug commands; then answer the question below.

  # get router info kernel

  tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

  gwy=10.200.1.254 dev=2(port1)

  tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

  gwy=10.200.2.254 dev=3(port2)

  tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254

  gwy=0.0.0.0 dev=4(port3)

  # get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2,

  [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is

  directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

  A. port!

  B. port2.

  C. Both portl and port2.

  D. port3.

  Correct Answer: B