Fortinet NSE7_EFW-7.0 Exam Questions Free Practice Test

Viewing page 2 out of 5 pages

Viewing questions 11-20 out of questions

Questions # 11:

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

Options:

Only the DR receives link state information from non-DR routers.

Non-DR and non-BDR routers form full adjacencies to DR only.

Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.

FortiGate first checks the OSPF ID to elect a DR.

Expert Solution

Questions # 12:

Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

Options:

set av-failopen off

set av-failopen pass

set fail-open enable

set ips fail-open disable

Expert Solution

Questions # 13:

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Question # 13

Which of the following statements about the exhibit are true? (Choose two.)

Options:

For the peer 10.125.0.60, the BGP state of is Established.

The local BGP peer has received a total of three BGP prefixes.

Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Expert Solution

Questions # 14:

View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.

Question # 14

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

Options:

FortiGate will exempt the connection based on the Web Content Filter configuration.

FortiGate will block the connection based on the URL Filter configuration.

FortiGate will allow the connection based on the FortiGuard category based filter configuration.

FortiGate will block the connection as an invalid URL.

Expert Solution

Questions # 15:

An administrator added the following Ipsec VPN to a FortiGate configuration:

configvpn ipsec phasel -interface

edit "RemoteSite"

set type dynamic

set interface "portl"

set mode main

set psksecret ENC LCVkCiK2E2PhVUzZe

next

end

config vpn ipsec phase2-interface

edit "RemoteSite"

set phasel name "RemoteSite"

set proposal 3des-sha256

next

end

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.

Question # 15

What is causing the IPsec problem in the phase 1 ?

Options:

The incoming IPsec connection is matching the wrong VPN configuration

The phrase-1 mode must be changed to aggressive

The pre-shared key is wrong

NAT-T settings do not match

Expert Solution

Questions # 16:

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

Options:

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device

Expert Solution

Questions # 17:

Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."

What does the log mean?

Options:

There is not enough available memory in the system to create a new entry in the NAT port table.

The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.

FortiGate does not have any available NAT port for a new connection.

The limit for the maximum number of entries in the NAT port table has been reached.

Expert Solution

Questions # 18:

Examine the partial output from two web filter debug commands; then answer the question below:

Question # 18

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

Options:

Finance and banking

General organization.

Business.

Information technology.

Expert Solution

Questions # 19:

Which two statements about conserve mode are true? (Choose two.)

Options:

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

Expert Solution

Questions # 20:

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Question # 20

What statements are correct regarding the output? (Choose two.)

Options:

This is an expected session created by a session helper.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

This is an expected session created by an application control profile.

Expert Solution

Viewing page 2 out of 5 pages

Viewing questions 11-20 out of questions

New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce