Fortinet Fortinet Certifications NSE7_EFW Questions & Answers

• Question 61:

  View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

  

  Based on the output, which of the following statements is correct?

  A. Anti-reply is enabled.

  B. DPD is disabled.

  C. Quick mode selectors are disabled.

  D. Remote gateway IP is 10.200.5.1.

  Correct Answer: A

• Question 62:

  View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

  

  Why didn't the tunnel come up?

  A. The pre-shared keys do not match.

  B. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.

  C. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

  D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

  Correct Answer: C

• Question 63:

  Examine the following traffic log; then answer the question below.

  date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted." What does the log mean?

  A. There is not enough available memory in the system to create a new entry in the NAT port table.

  B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.

  C. FortiGate does not have any available NAT port for a new connection.

  D. The limit for the maximum number of entries in the NAT port table has been reached.

  Correct Answer: B

• Question 64:

  An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.

  

  Based on the output in the exhibit, what can cause this authentication problem?

  A. User student is not found in the LDAP server.

  B. User student is using a wrong password.

  C. The FortiGate has been configured with the wrong password for the LDAP administrator.

  D. The FortiGate has been configured with the wrong authentication schema.

  Correct Answer: A

• Question 65:

  Examine the following partial output from a sniffer command; then answer the question below.

  

  What is the meaning of the packets dropped counter at the end of the sniffer?

  A. Number of packets that didn't match the sniffer filter.

  B. Number of total packets dropped by the FortiGate.

  C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.

  D. Number of packets that matched the sniffer filter but could not be captured by the sniffer.

  Correct Answer: C

• Question 66:

  View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

  

  Which one of the following statements explains why the cache statistics are all zeros?

  A. The administrator has reallocated the cache memory to a separate process.

  B. There are no users making web requests.

  C. The FortiGuard web filter cache is disabled in the FortiGate's configuration.

  D. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

  Correct Answer: D

• Question 67:

  Examine the output from the `diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.

  

  Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

  A. diagnose sniffer packet any `port 500'

  B. diagnose sniffer packet any `esp'

  C. diagnose sniffer packet any `host 10.0.10.10'

  D. diagnose sniffer packet any `port 4500'

  Correct Answer: B

• Question 68:

  View the exhibit, which contains the output of a real-time debug, and then answer the question below.

  

  Which of the following statements is true regarding this output? (Choose two.)

  A. This web request was inspected using the root web filter profile.

  B. FortiGate found the requested URL in its local cache.

  C. The requested URL belongs to category ID 52.

  D. The web request was allowed by FortiGate.

  Correct Answer: BC

• Question 69:

  An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

  A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

  B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

  C. Sends a link failed signal to all connected devices.

  D. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

  Correct Answer: A

• Question 70:

  The logs in a FSSO collector agent (CA) are showing the following error:

  failed to connect to registry: PIKA1026 (192.168.12.232)

  What can be the reason for this error?

  A. The CA cannot resolve the name of the workstation.

  B. The FortiGate cannot resolve the name of the workstation.

  C. The remote registry service is not running in the workstation 192.168.12.232.

  D. The CA cannot reach the FortiGate with the IP address 192.168.12.232.

  Correct Answer: C