Up To Date NSE7_EFW Testing Engine 2021

NEW QUESTION 1
Examine the following partial output from two system debug commands; then answer the question below.


Which of the following statements are true regarding the above outputs? (Choose two.)

• A. The unit is running a 32-bit FortiOS
• B. The unit is in kernel conserve mode
• C. The Cached value is always the Active value plus the Inactive value
• D. Kernel indirectly accesses the low memory (LowTotal) through memory paging

Answer: AC

NEW QUESTION 2
View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
• B. Servers with the D flag are considered to be down.
• C. Servers with a negative TZ value are experiencing a service outage.
• D. FortiGate used 209.222.147.3 as the initial server to validate its contrac

Answer: CD

NEW QUESTION 3
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn’t the tunnel come up?

• A. The pre-shared keys do not match.
• B. The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.
• C. The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.
• D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Answer: C

NEW QUESTION 4
View the exhibit, which contains the output of a real-time debug, and then answer the question below.

Which of the following statements is true regarding this output? (Choose two.)

• A. This web request was inspected using the root web filter profile.
• B. FortiGate found the requested URL in its local cache.
• C. The requested URL belongs to category ID 52.
• D. The web request was allowed by FortiGat

Answer: BC

NEW QUESTION 5
Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?

• A. The IKE real time shows the phases 1 and 2 negotiations onl
• B. It does not show any more outputonce the tunnel is up.
• C. The log-filter setting is set incorrectl
• D. The VPN’s traffic does not match this filter.
• E. The IKE real time debug shows the phase 1 negotiation onl
• F. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
• G. The IKE real time debug shows error messages onl
• H. If it does not provide any output, it indicates that the tunnel is operating normally.

Answer: A

NEW QUESTION 6
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

• A. The IP address recorded in the logon event for the user STUDENT.
• B. The DNS name resolution for the workstation name INTERNAL2. TRAININ
• C. LAB.
• D. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAININ
• E. LAB.
• F. The reserve DNS lookup forthe IP address 192.168.3.1.

Answer: C

NEW QUESTION 7
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

• A. FortiGate limits the number of simultaneous sessions per explicit web proxy use
• B. This limit CANNOT be modified by the administrator.
• C. FortiGate limits the total number of simultaneous explicit web proxy users.
• D. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
• E. FortiGate limits the number of workstations that authenticate using the same web proxy user credential
• F. This limit CANNOT be modified by the administrator.

Answer: C

NEW QUESTION 8
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. General organization.
• C. Business.
• D. Information technolog

Answer: C

NEW QUESTION 9
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP state of the peer 10.125.0.60 is Established.
• B. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
• C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
• D. The local BGP peer has received a total of 3 BGP prefixe

Answer: AC

NEW QUESTION 10
Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

• A. Number of packets that didn’t match the sniffer filter.
• B. Number of total packets dropped by the FortiGate.
• C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.
• D. Number of packets that matched the sniffer filter but could not be captured by the sniffe

Answer: C

NEW QUESTION 11
A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

• A. Session would remain in the session table and its traffic would keep using port1 as the outgoing interface.
• B. Session would remain in the session table and its traffic would start using port2 as the outgoing interface.
• C. Session would be deleted, so the client would need to start a new session.
• D. Session would remain in the session table and its traffic would be shared between port1 andport2.

Answer: A

NEW QUESTION 12
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

• A. auto-discovery-sender
• B. auto-discovery-forwarder
• C. auto-discovery-shortcut
• D. auto-discovery-receiver

Answer: C

NEW QUESTION 13
Which of the following statements are true about FortiManager when it is deployed as a local FDS? (Choose two.)

• A. Caches available firmware updates for unmanaged devices.
• B. Can be configured as an update server, or a rating server, but not both.
• C. Supports rating requests from both managed and unmanaged devices.
• D. Provides VM license validation service

Answer: AD

NEW QUESTION 14
View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration?

• A. IPS will scan every byte in every session.
• B. FortiGate will spawn IPS engine instances based on the system load.
• C. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.
• D. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Answer: A

NEW QUESTION 15
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

• A. The debug output shows phases 1 and 2 negotiations onl
• B. Once the tunnel is up, it does not show any more output.
• C. The log-filter setting was set incorrectl
• D. The VPN’s traffic does not match this filter.
• E. The debug shows only error message
• F. If there is no output, then the tunnel is operating normally.
• G. The debug output shows phase 1 negotiation onl
• H. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

Answer: D

NEW QUESTION 16
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

• A. FortiGate will exempt the connection based on the Web Content Filter configuration.
• B. FortiGate will block the connection based on the URL Filter configuration.
• C. FortiGate will allow the connection based on the FortiGuard category based filter configuration.
• D. FortiGate will block the connection as an invalid UR

Answer: B

NEW QUESTION 17
Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

• A. Enable the redistribution of connected routers into BGP.
• B. Enable the redistribution of static routers into BGP.
• C. Disable the setting network-import-check.
• D. Enable the setting ebgp-multipat

Answer: C

NEW QUESTION 18
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

• A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
• B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
• C. Sends a link failed signal to all connected devices.
• D. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failove

Answer: A

NEW QUESTION 19
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: B

NEW QUESTION 20
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspec

Answer: AD

NEW QUESTION 21
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?

• A. av-failopen
• B. mem-failopen
• C. utm-failopen
• D. ips-failopen

Answer: A

NEW QUESTION 22
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. The slave configuration is not synchronized with the master.
• B. The HA management IP is 169.254.0.2.
• C. Master is selected because it is the only device in the cluster.
• D. port 7 is used the HA heartbeat on all devices in the cluste

Answer: AC

NEW QUESTION 23
When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?

• A. FortiGate uses the Issued To: field in the server’s certificate.
• B. FortiGate switches to the full SSL inspection method to decrypt the data.
• C. FortiGate blocks the request without any further inspection.
• D. FortiGate uses the requested URL from the user’s web browse

Answer: D

NEW QUESTION 24
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

• A. The administrator has reallocated the cache memory to a separate process.
• B. There are no users making web requests.
• C. The FortiGuard web filter cache is disabled in the FortiGate’s configuration.
• D. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspectio

Answer: D

NEW QUESTION 25
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A. diagnose sniffer packet any ‘port 500’
• B. diagnose sniffer packet any ‘esp’
• C. diagnose sniffer packet any ‘host 10.0.10.10’
• D. diagnose sniffer packet any ‘port 4500’

Answer: B

NEW QUESTION 26
......