Fortinet NSE7_EFW Free Practice Questions

NEW QUESTION 1
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

• A. diagnose sniffer packet any ‘udp port 500’
• B. diagnose sniffer packet any ‘udp port 4500’
• C. diagnose sniffer packet any ‘esp’
• D. diagnose sniffer packet any ‘udp port 500 or udp port 4500’

Answer: C

NEW QUESTION 2
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. The slave configuration is not synchronized with the master.
• B. The HA management IP is 169.254.0.2.
• C. Master is selected because it is the only device in the cluster.
• D. port 7 is used the HA heartbeat on all devices in the cluste

Answer: AC

NEW QUESTION 3
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn’t the script make any changes to the managed device?

• A. Commands that start with the # sign are not executed.
• B. CLI scripts will add objects only if they are referenced by policies.
• C. Incomplete commands are ignored in CLI scripts.
• D. Static routes can only be added using TCL script

Answer: B

NEW QUESTION 4
Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

• A. The next-hop IP address is up.
• B. There is no other route, to the same destination, with a higher distance.
• C. The link health monitor (if configured) is up.
• D. The next-hop IP address belongs to one of the outgoing interface subnets.
• E. The outgoing interface is u

Answer: ABE

NEW QUESTION 5
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: B

NEW QUESTION 6
What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

• A. IP addresses are in the same subnet.
• B. Hello and dead intervals match.
• C. OSPF IP MTUs match.
• D. OSPF peer IDs match.
• E. OSPF costs matc

Answer: ABD

NEW QUESTION 7
Which of the following tasks are automated using the Install Wizard on FortiManager? (Choose two.)

• A. Preview pending configuration changes for managed devices.
• B. Add devices to FortiManager.
• C. Import policy packages from managed devices.
• D. Install configuration changes to managed devices.
• E. Import interface mappings from managed device

Answer: BD

NEW QUESTION 8
View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

• A. This session is for HA heartbeat traffic.
• B. This session is synced with the slave unit.
• C. The inspection of this session has been offloaded to the slave unit.
• D. This session cannot be synced with the slave uni

Answer: B

NEW QUESTION 9
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspec

Answer: AD

NEW QUESTION 10
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

• A. The debug output shows phases 1 and 2 negotiations onl
• B. Once the tunnel is up, it does not show any more output.
• C. The log-filter setting was set incorrectl
• D. The VPN’s traffic does not match this filter.
• E. The debug shows only error message
• F. If there is no output, then the tunnel is operating normally.
• G. The debug output shows phase 1 negotiation onl
• H. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

Answer: D

NEW QUESTION 11
The CLI command set intelligent-mode <enable | disable> controls the IPS engine’s adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

• A. Determines the optimal number of IPS engines required based on system load.
• B. Downloads signatures on demand from FDS based on scanning requirements.
• C. Determines when it is secure enough to stop scanning session traffic.
• D. Choose a matching algorithm based on available memory and the type of inspection being performed.

Answer: D

NEW QUESTION 12
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A. diagnose sniffer packet any ‘port 500’
• B. diagnose sniffer packet any ‘esp’
• C. diagnose sniffer packet any ‘host 10.0.10.10’
• D. diagnose sniffer packet any ‘port 4500’

Answer: B

NEW QUESTION 13
An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

• A. Router ID.
• B. OSPF interface area.
• C. OSPF interface cost.
• D. OSPF interface MTU.
• E. Interface subnet mas

Answer: BDE

NEW QUESTION 14
What does the dirty flag mean in a FortiGate session?

• A. Traffic has been blocked by the antivirus inspection.
• B. The next packet must be re-evaluated against the firewall policies.
• C. The session must be removed from the former primary unit after an HA failover.
• D. Traffic has been identified as from an application that is not allowe

Answer: B

NEW QUESTION 15
Which statement is true regarding File description (FD) conserve mode?

• A. IPS inspection is affected when FortiGate enters FD conserve mode.
• B. A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
• C. FD conserve mode affects all daemons running on the device.
• D. Restarting the WAD process is required to leave FD conserve mod

Answer: B

NEW QUESTION 16
A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

• A. Both session have the local flag on.
• B. The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.
• C. One session has the proxy flag on, the other one does not.
• D. One of the sessions has the IP address of port2 as the source IP addres

Answer: AD

NEW QUESTION 17
An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.

• A. User student is not found in the LDAP server.
• B. User student is using a wrong password.
• C. The FortiGate has been configured with the wrong password for the LDAP administrator.
• D. The FortiGate has been configured with the wrong authentication schem

Answer: A

NEW QUESTION 18
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP state of the peer 10.125.0.60 is Established.
• B. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
• C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
• D. The local BGP peer has received a total of 3 BGP prefixe

Answer: AC

NEW QUESTION 19
A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user –samid administrator
“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab” Based on the output, what FortiGate LDAP setting is configured incorrectly?

• A. cnid.
• B. username.
• C. password.
• D. d

Answer: A

NEW QUESTION 20
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn’t the tunnel come up?

• A. The pre-shared keys do not match.
• B. The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.
• C. The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.
• D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Answer: C

NEW QUESTION 21
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

• A. The connectivity between the FortiGate unit and the DNS server.
• B. The connectivity between the client workstations and the DNS server.
• C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
• D. That DNS service is enabled in the explicit web proxy interfac

Answer: AB

NEW QUESTION 22
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP peers have successfully interchanged Open and Keepalive messages.
• B. Local BGP peer received a prefix for a default route.
• C. The state of the remote BGP peer is OpenConfirm.
• D. The state of the remote BGP peer will go to Connect after it confirms the received prefixe

Answer: AB

NEW QUESTION 23
......