What Breathing NSE7_EFW-6.4 Testing Material Is

NEW QUESTION 1
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

• A. FortiManager can download and maintain local copies of FortiGuard databases.
• B. FortiManager supports only FortiGuard push to managed devices.
• C. FortiManager will respond to update requests only if they originate from a managed device.
• D. FortiManager does not support rating requests.

Answer: A

NEW QUESTION 2
View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration?

• A. IPS will scan every byte in every session.
• B. FortiGate will spawn IPS engine instances based on the system load.
• C. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.
• D. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Answer: A

NEW QUESTION 3
View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

• A. 10.0.1.240
• B. One of the public FortiGuard distribution servers
• C. 10.0.1.244
• D. 10.0.1.242

Answer: B

NEW QUESTION 4
Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

• A. It caches available firmware updates for unmanaged devices.
• B. It can be configured as an update server, or a rating server, but not both.
• C. It supports rating requests from both managed and unmanaged devices.
• D. It provides VM license validation services.

Answer: AD

NEW QUESTION 5
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. General organization.
• C. Business.
• D. Information technology.

Answer: C

NEW QUESTION 6
Refer to the exhibit, which contains the debug output of diagnose dvm device list.

Which two statements about the output shown in the exhibit are correct? (Choose two.)

• A. ADOMs are disabled on the FortiManager
• B. The FortiGate configuration is in sync with latest running revision history.
• C. There are pending device-level changes yet to be installed on Local-FortiGate.
• D. The policy package has been modified for Local-FortiGate.

Answer: BC

NEW QUESTION 7
Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

• A. The remote gateway IP address is 10.0.0.1.
• B. The initiator provided remote as its IPsec peer ID.
• C. It shows a phase 1 negotiation.
• D. The negotiation is using AES128 encryption with CBC hash.

Answer: BC

NEW QUESTION 8
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?

• A. av-failopen
• B. mem-failopen
• C. utm-failopen
• D. ips-failopen

Answer: A

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Other_Profile_Consideratio

NEW QUESTION 9
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?

• A. There is not enough available memory in the system to create a new entry in the NAT port table.
• B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
• C. FortiGate does not have any available NAT port for a new connection.
• D. The limit for the maximum number of entries in the NAT port table has been reached.

Answer: B

NEW QUESTION 10
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3 ipsengine exit log”
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017 code = 11, reason: manual
What is the status of IPS on this FortiGate?

• A. IPS engine memory consumption has exceeded the model-specific predefined value.
• B. IPS daemon experienced a crash.
• C. There are communication problems between the IPS engine and the management database.
• D. All IPS-related features have been disabled in FortiGate’s configuration.

Answer: D

Explanation:
The command diagnose test application ipsmonitor includes many options that are useful for troubleshooting purposes.Option 3 displays the log entries generated every time an IPS engine process stopped. There are various reasons why these logs are generated:Manual: Because of the configuration, IPS no longer needs to run (that is, all IPS-releated features have been disabled)

NEW QUESTION 11
View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

• A. Change phase 1 encryption to AESCBC and authentication to SHA128.
• B. Change phase 1 encryption to 3DES and authentication to CBC.
• C. Change phase 1 encryption to AES128 and authentication to SHA512.
• D. Change phase 1 encryption to 3DES and authentication to SHA256.

Answer: B

NEW QUESTION 12
Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. The interface ToRemote is OSPF network type point-to-point.
• B. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.
• C. The local FortiGate is the backup designated router for the wan1 network.
• D. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1 network.

Answer: AC

Explanation:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-13.html

NEW QUESTION 13
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

• A. Phase1; IKE mode configuration; XAuth; phase 2.
• B. Phase1; XAuth; IKE mode configuration; phase2.
• C. Phase1; XAuth; phase 2; IKE mode configuration.
• D. Phase1; IKE mode configuration; phase 2; XAuth.

Answer: B

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet

NEW QUESTION 14
Refer to the exhibit, which contains partial output from an IKE real-time debug.

Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?

• A. auto-discovery-shortcut
• B. auto-discovery-forwarder
• C. auto-discovery-sender
• D. auto-discovery-receiver

Answer: C

NEW QUESTION 15
Which two statements about an auxiliary session are true? (Choose two.)

• A. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
• B. With the auxiliary session setting enabled, two sessions will be created in case of routing change.
• C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.
• D. With the auxiliary session disabled, only auxiliary sessions will be offloaded.

Answer: CD

NEW QUESTION 16
......