Rebirth Fortinet NSE 7 - Enterprise Firewall 6.4 NSE7_EFW-6.4 Preparation Exams

NEW QUESTION 1
Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

• A. Anti-replay is enabled.
• B. DPD is disabled.
• C. Remote gateway IP is 10.200.4.1.
• D. Quick mode selectors are disabled.

Answer: AC

NEW QUESTION 2
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

• A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
• B. SIP ALG supports SIP HA failover; SIP helper does not.
• C. SIP ALG supports SIP over IPv6; SIP helper does not.
• D. SIP ALG can create expected sessions for media traffic; SIP helper does not.
• E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Answer: BCD

NEW QUESTION 3
What does the dirty flag mean in a FortiGate session?

• A. Traffic has been blocked by the antivirus inspection.
• B. The next packet must be re-evaluated against the firewall policies.
• C. The session must be removed from the former primary unit after an HA failover.
• D. Traffic has been identified as from an application that is not allowed.

Answer: B

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40119&sliceId=1

NEW QUESTION 4
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

• A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.
• B. The TCP session for the BGP connection to 10.200.3.1 is down.
• C. The local peer has received the BGP prefixed from the remote peer.
• D. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Answer: B

Explanation:
http://www.ciscopress.com/articles/article.asp?p=2756480&seqNum=4

NEW QUESTION 5
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. The slave configuration is not synchronized with the master.
• B. The HA management IP is 169.254.0.2.
• C. Master is selected because it is the only device in the cluster.
• D. port 7 is used the HA heartbeat on all devices in the cluster.

Answer: AD

NEW QUESTION 6
View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

• A. The session would remain in the session table, and its traffic would still egress from port1.
• B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
• C. The session would remain in the session table, and its traffic would start to egress from port2.
• D. The session would be deleted, so the client would need to start a new session.

Answer: A

Explanation:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40943

NEW QUESTION 7
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

• A. IPS failopen
• B. mem failopen
• C. AV failopen
• D. UTM failopen

Answer: AC

NEW QUESTION 8
What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

• A. IP addresses are in the same subnet.
• B. Hello and dead intervals match.
• C. OSPF IP MTUs match.
• D. OSPF peer IDs match.
• E. OSPF costs match.

Answer: ABC

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-advanced-routing-54/Routing_OSPF/OSPF_Bac

NEW QUESTION 9
Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing
through the policy.
What must the administrator change to fix the issue?

• A. The administrator must increase webfilter-timeout.
• B. The administrator must disable webfilter-force-off.
• C. The administrator must change protocol to TCP.
• D. The administrator must enable fortiguard-anycast.

Answer: D

NEW QUESTION 10
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

• A. The connectivity between the FortiGate unit and the DNS server.
• B. The connectivity between the client workstations and the DNS server.
• C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
• D. That DNS service is enabled in the explicit web proxy interface.

Answer: A

NEW QUESTION 11
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

• A. It is currently in system conserve mode because of high CPU usage.
• B. It is currently in extreme conserve mode because of high memory usage.
• C. It is currently in proxy conserve mode because of high memory usage.
• D. It is currently in memory conserve mode because of high memory usage.

Answer: D

NEW QUESTION 12
Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

• A. Number of packets that didn’t match the sniffer filter.
• B. Number of total packets dropped by the FortiGate.
• C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.
• D. Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Answer: D

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=11655

NEW QUESTION 13
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

• A. FortiGate limits the number of simultaneous sessions per explicit web proxy use
• B. This limit CANNOT be modified by the administrator.
• C. FortiGate limits the total number of simultaneous explicit web proxy users.
• D. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN bemodified by the administrator
• E. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials.This limit CANNOT be modified by the administrator.

Answer: B

Explanation:
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/web_proxy.htm#Explicit2
The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higher than the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

NEW QUESTION 14
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspect.

Answer: AD

NEW QUESTION 15
Which of the following statements are correct regarding application layer test commands? (Choose two.)

• A. They are used to filter real-time debugs.
• B. They display real-time application debugs.
• C. Some of them display statistics and configuration information about a feature or process.
• D. Some of them can be used to restart an application.

Answer: CD

Explanation:
Application layer test commands don’t display info in real time, but they do show statistics and configuration info about a feature or process. You can also use some of these commands to restart a process or execute a change in its operation.

NEW QUESTION 16
......