What Downloadable NSE7_EFW-6.2 Latest Exam Is

NEW QUESTION 1
What does the dirty flag mean in a FortiGate session?

• A. Traffic has been blocked by the antivirus inspection.
• B. The next packet must be re-evaluated against the firewall policies.
• C. The session must be removed from the former primaryunit after an HA failover.
• D. Traffic has been identified as from an application that is not allowed.

Answer: B

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40119&sliceId=1

NEW QUESTION 2
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

• A. Primary unit stops sending HA heartbeatkeepalives.
• B. The FortiGuard license for the primary unit is updated.
• C. One of the monitored interfaces inthe primary unit is disconnected.
• D. A secondary unit is removed from the HA cluster.

Answer: AB

NEW QUESTION 3
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device afterbeing executed.

Why didn’t the script make any changes to the managed device?

• A. Commands that start with the # sign are not executed.
• B. CLI scripts will add objects only if they are referenced by policies.
• C. Incomplete commands are ignored in CLI scripts.
• D. Static routes can only be added using TCL scripts.

Answer: A

Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/2400_Sc
A sequence of FortiGate CLI commands, as you would type them at the command line.A comment line starts with the number sign (#). A comment line will not be executed.

NEW QUESTION 4
In which two states is a given session categorized as ephemeral? (Choose two.)

• A. A TCP session waiting to complete the three-way handshake.
• B. A TCP session waiting for FIN ACK.
• C. A UDP session with packets sent and received.
• D. A UDP session with only one packet received.

Answer: AD

NEW QUESTION 5
Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

• A. It caches available firmware updates for unmanaged devices.
• B. It can be configured as an update server, or a rating server, but not both.
• C. It supports rating requests fromboth managed and unmanaged devices.
• D. It provides VM license validation services.

Answer: AD

NEW QUESTION 6
An administrator has decreased all the TCP session timers to optimize theFortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

• A. TCP half open.
• B. TCP half close.
• C. TCP time wait.
• D. TCP session time to live.

Answer: A

Explanation:
http://docs-legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/commo
n/html/wwhelp.htm?context=fgt&file=CLI_get_Commands.58.25.html
The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACKremains in the table.
The tcp-halfclose-timer controls for how long, after a FIN packet, asession without FIN/ACKremains in the table.
The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in thetable. A closed session remains in the session table for a few seconds more to allow any out-of-sequence packet.

NEW QUESTION 7
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP state of the peer 10.125.0.60 is Established.
• B. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
• C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
• D. The local BGP peer has received a total of 3 BGP prefixes.

Answer: AC

NEW QUESTION 8
View the central managementconfiguration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

• A. 10.0.1.240
• B. One of the public FortiGuard distribution servers
• C. 10.0.1.244
• D. 10.0.1.242

Answer: B

NEW QUESTION 9
What configuration changes can reduce the memory utilization in aFortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspect.

Answer: AD

NEW QUESTION 10
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

• A. FortiManager can download and maintain local copies of FortiGuard databases.
• B. FortiManager supports only FortiGuard push to managed devices.
• C. FortiManager will respond to update requests only if they originate from a managed device.
• D. FortiManager does not support rating requests.

Answer: A

NEW QUESTION 11
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. The slave configuration is not synchronized with the master.
• B. The HA management IP is 169.254.0.2.
• C. Master is selectedbecause it is the only device in the cluster.
• D. port 7 is used the HA heartbeat on all devices in the cluster.

Answer: AD

NEW QUESTION 12
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

• A. It is currently in system conserve mode because of high CPU usage.
• B. It is currently in extreme conserve mode because of high memory usage.
• C. It is currently in proxy conserve mode because of high memory usage.
• D. It is currently in memory conserve mode because of high memory usage.

Answer: D

NEW QUESTION 13
View the exhibit, which contains the partial output of an IKE real time debug, and then answer thequestion below.

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

• A. Change phase 1encryption to AESCBC and authentication to SHA128.
• B. Change phase 1 encryption to 3DES and authentication to CBC.
• C. Change phase 1 encryption to AES128 and authentication to SHA512.
• D. Change phase 1 encryption to 3DES and authentication to SHA256.

Answer: C

NEW QUESTION 14
Which of the following conditions must be met for a static route to be active in therouting table? (Choose three.)

• A. The next-hop IP address is up.
• B. There is no other route, to the same destination, with a higher distance.
• C. The link health monitor (if configured) is up.
• D. The next-hop IP address belongs to one of the outgoing interface subnets.
• E. The outgoing interface is up.

Answer: CDE

Explanation:
A configured static route only goes to routing table from routing database when all the following are met :
The outgoing interface is up
There is no other matching route with a lowerdistance
The link health monitor (if configured) is successful
The next-hop IP address belongs to one of the outgoing interface subnets

NEW QUESTION 15
Which two tasks are automated using theInstall Wizard on FortiManager? (Choose two.)

• A. Preview pending configuration changes for managed devices.
• B. Add devices to FortiManager.
• C. Import policy packages from managed devices.
• D. Install configuration changes to managed devices.
• E. Import interface mappings from managed devices.

Answer: AD

Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/1200_ins
There are 4 main wizards:Add Device: is used to add devices to central management and import their configurations.
Install: is used to install configuration changes from Device Manager or Policies & Objects to the managed devices. It allows you to preview the changes and, if the administrator doesn’t agree with the changes, cancel and modify them.
Import policy: isused to import interface mapping, policy database, and objects associated with the managed devices into a policy package under the Policy & Object tab. It runs with the Add Device wizard by default and may be run at any time from the managed device list.
Re-install policy: is used to perform a quick install of the policy package. It doesn’t give the ability to preview the changes that will be installed to the managed device.

NEW QUESTION 16
View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

• A. Both port1 and port2
• B. port3
• C. port1
• D. port2

Answer: A

NEW QUESTION 17
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3 ipsengine exit log”
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2021 code = 11, reason: manual
What is the status of IPS on this FortiGate?

• A. IPS engine memory consumption has exceeded the model-specific predefined value.
• B. IPS daemon experienced a crash.
• C. There are communication problems between the IPS engine and the management database.
• D. All IPS-related features have been disabled in FortiGate’s configuration.

Answer: D

Explanation:
The command diagnose test application ipsmonitor includes many options that are useful for troubleshooting purposes.Option 3 displays the log entries generated every time an IPS engine process stopped. There are various reasons why these logs are generated:Manual: Because of the configuration, IPS no longer needs to run (that is, all IPS-releated features have been disabled)

NEW QUESTION 18
View the exhibit, which contains the output of areal-time debug, and then answer the question below.

Which of the following statements is true regarding this output? (Choose two.)

• A. This web request was inspected using the root web filter profile.
• B. FortiGate found the requested URL in its localcache.
• C. The requested URL belongs to category ID 52.
• D. The web request was allowed by FortiGate.

Answer: BC

NEW QUESTION 19
A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

• A. Session would remain in the session table and its traffic would keep using port1 as the outgoing interface.
• B. Session would remain in the session table and its traffic would start using port2 as the outgoing interface.
• C. Session would be deleted, so the client would need to start a new session.
• D. Session would remain in the session table and its traffic would be shared between port1 and port2.

Answer: A

NEW QUESTION 20
When does a RADIUS server send an Access-Challenge packet?

• A. The server does not have the usercredentials yet.
• B. The server requires more information from the user, such as the token code for two-factor authentication.
• C. The user credentials are wrong.
• D. The user account is not found in the server.

Answer: B

NEW QUESTION 21
View the exhibit, which contains thepartial output of an IKE real-time debug, and then answer the question below.
ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7....
ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430 ike 0: in
BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C0000000100000001000000
ike 0:RemoteSite:4: initiator: aggressive mode get 1st response...
ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7
ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727)
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike 0:RemoteSite:4: received peer identifier FQDN ‘remore’ ike 0:RemoteSite:4: negotiation result
ike 0:RemoteSite:4: proposal id = 1:
ike 0:RemoteSite:4: protocol id = ISAKMP: ike 0:RemoteSite:4: trans_id = KEY_IKE.
ike 0:RemoteSite:4: encapsulation = IKE/none
ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key –len=128 ike 0:RemoteSite:4: type=OAKLEY_HASH_ALG, val=SHA.
ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY. ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024.
ike 0:RemoteSite:4: ISAKMP SA lifetime=86400
ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16:
B25B6C9384D8BDB24E3DA3DC90CF5E73
ike 0:RemoteSite:4: PSK authentication succeeded ike 0:RemoteSite:4: authentication OK ike0:RemoteSite:4: add INITIAL-CONTACT
ike 0:RemoteSite:4: enc BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F
ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12
ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140, id=baf47d0988e9237f/2 ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fda
Which statements about this debug output are correct? (Choose two.)

• A. The remote gateway IP address is 10.0.0.1.
• B. It shows a phase 1 negotiation.
• C. The negotiation is using AES128 encryption with CBC hash.
• D. The initiator has provided remote as its IPsec peer ID.

Answer: BD

NEW QUESTION 22
Which statement about memory conserve mode is true?

• A. A FortiGate exits conserve mode when the configured memory use threshold reaches yellow.
• B. A FortiGate starts dropping all the new and old sessions when the configured memory use threshold reachesextreme.
• C. A FortiGate starts dropping new sessions when the configured memory use threshold reaches red
• D. A FortiGate enters conserve mode when the configured memory use threshold reaches red

Answer: C

NEW QUESTION 23
Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

• A. It was created by the FortiGate kernel to allow push updates from FotiGuard.
• B. It is for management traffic terminating at the FortiGate.
• C. It is for traffic originated from the FortiGate.
• D. Itwas created by a session helper or ALG.

Answer: D

NEW QUESTION 24
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. General organization.
• C. Business.
• D. Information technology.

Answer: C

NEW QUESTION 25
Examine the following partial outputs from two routing debug commands; then answer the question below:

Why the default route using port2 is not displayed in the output of the second command?

• A. It has a lower priority than the default route using port1.
• B. It has a higher priority than the default route using port1.
• C. It has a higher distance than the defaultroute using port1.
• D. It is disabled in the FortiGate configuration.

Answer: C

Explanation:
http://kb.fortinet.com/kb/viewContent.do?externalId=FD32103

NEW QUESTION 26
......