March Sale Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Note! NSE7_EFW-6.4 has been withdrawn. The new exam code is NSE7_EFW-7.0

NSE7_EFW-6.4 Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Question # 6

View the exhibit, which contains the output of get sys ha status, and then answer the question below.

NSE7_EFW-6.4 question answer

Which statements are correct regarding the output? (Choose two.)

A.

The slave configuration is not synchronized with the master.

B.

The HA management IP is 169.254.0.2.

C.

Master is selected because it is the only device in the cluster.

D.

port 7 is used the HA heartbeat on all devices in the cluster.

Full Access
Question # 7

Refer to the exhibit, which shows a FortiGate configuration.

NSE7_EFW-6.4 question answer

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator change to fix the issue?

A.

The administrator must increase webfilter-timeout.

B.

The administrator must disable webfilter-force-off.

C.

The administrator must change protocol to TCP.

D.

The administrator must enable fortiguard-anycast.

Full Access
Question # 8

Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

A.

When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.

B.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

C.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

D.

When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.

Full Access
Question # 9

View the exhibit, which contains the output of a diagnose command, and the answer the question below.

NSE7_EFW-6.4 question answer

Which statements are true regarding the Weight value?

A.

Its initial value is calculated based on the round trip delay (RTT).

B.

Its initial value is statically set to 10.

C.

Its value is incremented with each packet lost.

D.

It determines which FortiGuard server is used for license validation.

Full Access
Question # 10

Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

A.

Installing configuration changes to managed devices

B.

Importing interface mappings from managed devices

C.

Adding devices to FortiManager

D.

Previewing pending configuration changes for managed devices

Full Access
Question # 11

A FortiGate device has the following LDAP configuration:

NSE7_EFW-6.4 question answer

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

NSE7_EFW-6.4 question answer

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

A.

cnid.

B.

username.

C.

password.

D.

dn.

Full Access
Question # 12

In which two states is a given session categorized as ephemeral? (Choose two.)

A.

A TCP session waiting to complete the three-way handshake.

B.

A TCP session waiting for FIN ACK.

C.

A UDP session with packets sent and received.

D.

A UDP session with only one packet received.

Full Access
Question # 13

Examine the IPsec configuration shown in the exhibit; then answer the question below.

NSE7_EFW-6.4 question answer

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:

diagnose vpn ike log-filter src-addr4 10.0.10.1

diagnose debug application ike -1

diagnose debug enable

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?

A.

The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

B.

The log-filter setting is set incorrectly. The VPN’s traffic does not match this filter.

C.

The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.

D.

The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Full Access
Question # 14

Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."

What does the log mean?

A.

There is not enough available memory in the system to create a new entry in the NAT port table.

B.

The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.

C.

FortiGate does not have any available NAT port for a new connection.

D.

The limit for the maximum number of entries in the NAT port table has been reached.

Full Access
Question # 15

Which of the following statements are correct regarding application layer test commands? (Choose two.)

A.

They are used to filter real-time debugs.

B.

They display real-time application debugs.

C.

Some of them display statistics and configuration information about a feature or process.

D.

Some of them can be used to restart an application.

Full Access
Question # 16

View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

NSE7_EFW-6.4 question answer

Which one of the following statements explains why the cache statistics are all zeros?

A.

The administrator has reallocated the cache memory to a separate process.

B.

There are no users making web requests.

C.

The FortiGuard web filter cache is disabled in the FortiGate’s configuration.

D.

FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

Full Access
Question # 17

When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?

A.

FortiGate uses the requested URL from the user’s web browser.

B.

FortiGate uses the CN information from the Subject field in the server certificate.

C.

FortiGate blocks the request without any further inspection.

D.

FortiGate switches to the full SSL inspection method to decrypt the data.

Full Access
Question # 18

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

NSE7_EFW-6.4 question answer

Why didn’t the tunnel come up?

A.

IKE mode configuration is not enabled in the remote IPsec gateway.

B.

The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.

C.

The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.

D.

One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Full Access