New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-6.2 - Fortinet NSE 7 - Enterprise Firewall 6.2

Fortinet NSE7_EFW-6.2 Fortinet NSE 7 - Enterprise Firewall 6.2 Exam Practice Test

Demo: 15 questions
Total 102 questions
Get NSE7_EFW-6.2 Full Access Download NSE7_EFW-6.2 PDF

Fortinet NSE 7 - Enterprise Firewall 6.2 Questions and Answers

Question 1

Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)

Options:

A.

The link health monitor (if configured) is up.

B.

There is no other route, to the same destination, with a higher distance.

C.

The outgoing interface is up.

D.

The next-hop IP address is up.

Question 2

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Why didn’t the tunnel come up?

Options:

A.

IKE mode configuration is not enabled in the remote IPsec gateway.

B.

The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.

C.

The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.

D.

One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Question 3

An administrator added the following Ipsec VPN to a FortiGate configuration:

configvpn ipsec phasel -interface

edit "RemoteSite"

set type dynamic

set interface "portl"

set mode main

set psksecret ENC LCVkCiK2E2PhVUzZe

next

end

config vpn ipsec phase2-interface

edit "RemoteSite"

set phasel name "RemoteSite"

set proposal 3des-sha256

next

end

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.

What is causing the IPsec problem in the phase 1 ?

Options:

A.

The incoming IPsec connection is matching the wrong VPN configuration

B.

The phrase-1 mode must be changed to aggressive

C.

The pre-shared key is wrong

D.

NAT-T settings do not match

Question 4

An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.

Based on the output in the exhibit, what can cause this authentication problem?

Options:

A.

User student is not found in the LDAP server.

B.

User student is using a wrong password.

C.

The FortiGate has been configured with the wrong password for the LDAP administrator.

D.

The FortiGate has been configured with the wrong authentication schema.

Question 5

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

Options:

A.

SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B.

SIP ALG supports SIP HA failover; SIP helper does not.

C.

SIP ALG supports SIP over IPv6; SIP helper does not.

D.

SIP ALG can create expected sessions for media traffic; SIP helper does not.

E.

SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Question 6

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

Options:

A.

Neighbor range

B.

Route reflector

C.

Next-hop-self

D.

Neighbor group

Question 7

View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

Options:

A.

The administrator has reallocated the cache memory to a separate process.

B.

There are no users making web requests.

C.

The FortiGuard web filter cache is disabled in the FortiGate’s configuration.

D.

FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

Question 8

Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

Options:

A.

IPS failopen

B.

mem failopen

C.

AV failopen

D.

UTM failopen

Question 9

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

Options:

A.

Router ID.

B.

OSPF interface area.

C.

OSPF interface cost.

D.

OSPF interface MTU.

E.

Interface subnet mask.

Question 10

When does a RADIUS server send an Access-Challenge packet?

Options:

A.

The server does not have the user credentials yet.

B.

The server requires more information from the user, such as the token code for two-factor authentication.

C.

The user credentials are wrong.

D.

The user account is not found in the server.

Question 11

A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user –samid administrator

“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab”

Based on the output, what FortiGate LDAP setting is configured incorrectly?

Options:

A.

cnid.

B.

username.

C.

password.

D.

dn.

Question 12

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

In the network on port4, two OSPF routers are down.

B.

Port4 is connected to the OSPF backbone area.

C.

The local FortiGate’s OSPF router ID is 0.0.0.4

D.

The local FortiGate has been elected as the OSPF backup designated router.

Question 13

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

Options:

A.

It is currently in system conserve mode because of high CPU usage.

B.

It is currently in extreme conserve mode because of high memory usage.

C.

It is currently in proxy conserve mode because of high memory usage.

D.

It is currently in memory conserve mode because of high memory usage.

Question 14

Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

Options:

A.

The port4 interface is connected to the OSPF backbone area.

B.

The local FortiGate has been elected as the OSPF backup designated router.

C.

There are at least 5 OSPF routers connected to the port4 network.

D.

Two OSPF routers are down in the port4 network.

Question 15

Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

Options:

A.

The next-hop IP address is up.

B.

There is no other route, to the same destination, with a higher distance.

C.

The link health monitor (if configured) is up.

D.

The next-hop IP address belongs to one of the outgoing interface subnets.

E.

The outgoing interface is up.

Load More NSE7_EFW-6.2 Questions
Demo: 15 questions
Total 102 questions
Get NSE7_EFW-6.2 Full Access Download NSE7_EFW-6.2 PDF