March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Fortinet NSE7_EFW-6.0 Fortinet NSE 7 - Enterprise Firewall 6.0 Exam Practice Test

Demo: 13 questions
Total 91 questions

Fortinet NSE 7 - Enterprise Firewall 6.0 Questions and Answers

Question 1

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:

diagnose debug application ike-1

diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

Options:

A.

Phase1; IKE mode configuration; XAuth; phase 2.

B.

Phase1; XAuth; IKE mode configuration; phase2.

C.

Phase1; XAuth; phase 2; IKE mode configuration.

D.

Phase1; IKE mode configuration; phase 2; XAuth.

Question 2

What is the purpose of an internal segmentation firewall (ISFW)?

Options:

A.

It inspects incoming traffic to protect services in the corporate DMZ.

B.

It is the first line of defense at the network perimeter.

C.

It splits the network into multiple security segments to minimize the impact of breaches.

D.

It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Question 3

View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

Options:

A.

This session is for HA heartbeat traffic.

B.

This session is synced with the slave unit.

C.

The inspection of this session has been offloaded to the slave unit.

D.

This session cannot be synced with the slave unit.

Question 4

View the exhibit, which contains the output of a real-time debug, and then answer the question below.

Which of the following statements is true regarding this output? (Choose two.)

Options:

A.

This web request was inspected using the root web filter profile.

B.

FortiGate found the requested URL in its local cache.

C.

The requested URL belongs to category ID 52.

D.

The web request was allowed by FortiGate.

Question 5

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7....

ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430

ike 0: in BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C0000000100000001000000300101000

ike 0:RemoteSite:4: initiator: aggressive mode get 1st response...

ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F

ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100

ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7

ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727)

ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3

ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000

ike 0:RemoteSite:4: received peer identifier FQDN ‘remore’

ike 0:RemoteSite:4: negotiation result

ike 0:RemoteSite:4: proposal id = 1:

ike 0:RemoteSite:4: protocol id = ISAKMP:

ike 0:RemoteSite:4: trans_id = KEY_IKE.

ike 0:RemoteSite:4: encapsulation = IKE/none

ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key –len=128

ike 0:RemoteSite:4: type=OAKLEY_HASH_ALG, val=SHA.

ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY.

ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024.

ike 0:RemoteSite:4: ISAKMP SA lifetime=86400

ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16: B25B6C9384D8BDB24E3DA3DC90CF5E73

ike 0:RemoteSite:4: PSK authentication succeeded

ike 0:RemoteSite:4: authentication OK

ike 0:RemoteSite:4: add INITIAL-CONTACT

ike 0:RemoteSite:4: enc BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F

ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12

ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140, id=baf47d0988e9237f/2

ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fda

Which statements about this debug output are correct? (Choose two.)

Options:

A.

The remote gateway IP address is 10.0.0.1.

B.

It shows a phase 1 negotiation.

C.

The negotiation is using AES128 encryption with CBC hash.

D.

The initiator has provided remote as its IPsec peer ID.

Question 6

A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

Options:

A.

cnid.

B.

username.

C.

password.

D.

dn.

Question 7

View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

Based on the output, which of the following statements is correct?

Options:

A.

Anti-replay is enabled.

B.

DPD is disabled.

C.

Quick mode selectors are disabled.

D.

Remote gateway IP is 10.200.5.1.

Question 8

Examine the following partial output from two system debug commands; then answer the question below.

Which of the following statements are true regarding the above outputs? (Choose two.)

Options:

A.

The unit is running a 32-bit FortiOS

B.

The unit is in kernel conserve mode

C.

The Cached value is always the Active value plus the Inactive value

D.

Kernel indirectly accesses the low memory (LowTotal) through memory paging

Question 9

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

Options:

A.

Router ID.

B.

OSPF interface area.

C.

OSPF interface cost.

D.

OSPF interface MTU.

E.

Interface subnet mask.

Question 10

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.

# diagnose debug authd fsso list FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.

What should the administrator check?

Options:

A.

The IP address recorded in the logon event for the user STUDENT.

B.

The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.

C.

The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.

D.

The reserve DNS lookup forthe IP address 192.168.3.1.

Question 11

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

Options:

A.

HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

B.

Redirection of HTTP to HTTPS administrative access is disabled.

C.

HTTP administrative access is configured with a port number different than 80.

D.

The packet is denied because of reverse path forwarding check.

Question 12

Examine the following partial outputs from two routing debug commands; then answer the question below:

Why the default route using port2 is not displayed in the output of the second command?

Options:

A.

It has a lower priority than the default route using port1.

B.

It has a higher priority than the default route using port1.

C.

It has a higher distance than the default route using port1.

D.

It is disabled in the FortiGate configuration.

Question 13

In which of the following states is a given session categorized as ephemeral? (Choose two.)

Options:

A.

A TCP session waiting to complete the three-way handshake.

B.

A TCP session waiting for FIN ACK.

C.

A UDP session with packets sent and received.

D.

A UDP session with only one packet received.

Demo: 13 questions
Total 91 questions