NSE7_EFW-6.0 by Fortinet Valid Free Exam Practice Test

Question 1

Which of the following tasks are automated using the Install Wizard on FortiManager? (Choose two.)

A. Import interface mappings from managed devices. B. Preview pending configuration changes for managed devices. C. Import policy packages from managed devices. D. Install configuration changes to managed devices. E. Add devices to FortiManager.

Correct Answer: B,D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 2

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7....
ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430 ike 0: in BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C0000000100000001000000 ike 0:RemoteSite:4: initiator: aggressive mode get 1st response...
ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F
ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7
ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727)
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:RemoteSite:4: received peer identifier FQDN 'remore' ike 0:RemoteSite:4: negotiation result ike 0:RemoteSite:4: proposal id = 1:
ike 0:RemoteSite:4: protocol id = ISAKMP:
ike 0:RemoteSite:4: trans_id = KEY_IKE.
ike 0:RemoteSite:4: encapsulation = IKE/none
ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key -len=128
ike 0:RemoteSite:4: type=OAKLEY_HASH_ALG, val=SHA.
ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY.
ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024.
ike 0:RemoteSite:4: ISAKMP SA lifetime=86400
ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16:
B25B6C9384D8BDB24E3DA3DC90CF5E73
ike 0:RemoteSite:4: PSK authentication succeeded
ike 0:RemoteSite:4: authentication OK
ike 0:RemoteSite:4: add INITIAL-CONTACT
ike 0:RemoteSite:4: enc
BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12 ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140, id=baf47d0988e9237f/2 ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fda Which statements about this debug output are correct? (Choose two.)

A. The remote gateway IP address is 10.0.0.1. B. The negotiation is using AES128 encryption with CBC hash. C. It shows a phase 1 negotiation. D. The initiator has provided remote as its IPsec peer ID.

Correct Answer: C,D

Question 3

View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

A. The debug shows only error messages. If there is no output, then the tunnel is operating normally. B. The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1. C. The log-filter setting was set incorrectly. The VPN's traffic does not match this filter. D. The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.

Correct Answer: C

Question 4

View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3
ipsengine exit log"
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?

A. IPS daemon experienced a crash. B. There are communication problems between the IPS engine and the management database. C. All IPS-related features have been disabled in FortiGate's configuration. D. IPS engine memory consumption has exceeded the model-specific predefined value.

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 5

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

A. This is an expected session created by an application control profile. B. This is an expected session created by a session helper. C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10. D. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

Correct Answer: B,D

Question 6

What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

A. OSPF costs match. B. OSPF IP MTUs match. C. IP addresses are in the same subnet. D. Hello and dead intervals match. E. OSPF peer IDs match.

Correct Answer: B,C,D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 7

A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

A. Logs. B. Firewall monitor. C. Crashlogs. D. Policy monitor.

Correct Answer: A,C

Question 8

View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

A. The slave configuration is not synchronized with the master. B. port 7 is used the HA heartbeat on all devices in the cluster. C. Master is selected because it is the only device in the cluster. D. The HA management IP is 169.254.0.2.

Correct Answer: A,B

Question 9

Examine the output from the 'diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

A. diagnose sniffer packet any 'port 500' B. diagnose sniffer packet any 'port 4500' C. diagnose sniffer packet any 'host 10.0.10.10' D. diagnose sniffer packet any 'esp'

Correct Answer: B

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 10

View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

A. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection. B. There are no users making web requests. C. The FortiGuard web filter cache is disabled in the FortiGate's configuration. D. The administrator has reallocated the cache memory to a separate process.

Correct Answer: C

Fortinet NSE 7 - Enterprise Firewall 6.0 - NSE7_EFW-6.0 Exam Practice Test