Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0

Fortinet NSE7_EFW-7.0 Premium Access     Download Demo    
Page: 2 / 5
Total 163 questions

Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)

A.

Importing firewall address objects from managed devices

B.

Importing interface mappings from managed devices

C.

Importing static and dynamic route configurations from managed devices

D.

Importing devices to FortiManager

Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

A.

OSPF interface network types match.

B.

OSPF router IDs are unique.

C.

OSPF interface priority settings are unique.

D.

Authentication settings match.

E.

OSPF link costs match.

An administrator added the following Ipsec VPN to a FortiGate configuration:

configvpn ipsec phasel -interface

edit "RemoteSite"

set type dynamic

set interface "portl"

set mode main

set psksecret ENC LCVkCiK2E2PhVUzZe

next

end

config vpn ipsec phase2-interface

edit "RemoteSite"

set phasel name "RemoteSite"

set proposal 3des-sha256

next

end

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.

What is causing the IPsec problem in the phase 1 ?

A.

The incoming IPsec connection is matching the wrong VPN configuration

B.

The phrase-1 mode must be changed to aggressive

C.

The pre-shared key is wrong

D.

NAT-T settings do not match

An administrator has created a VPN community within VPN Manager on FortiManager. They also added gateways to the VPN community and are now trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces are not listed as available options.

What step must the administrator take to resolve this issue?

A.

Install the VPN community and gateway configuration to the FortiGate devices, in order for the interfaces to be displayed within Policy & Objects on FortiManager

B.

Set up all of the phase 1 settings in the VPN community that they neglected to set up initially. The interfaces will be automatically generated after the administrator configures all of the required settings.

C.

Refresh the device status from the Device Manager so that FortiGate will populate the IPsec interfaces.

D.

Create interface mappings for the IPsec VPN interfaces, before they can be used in a policy.

A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

A.

Both session have the local flag on.

B.

The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.

C.

One session has the proxy flag on, the other one does not.

D.

One of the sessions has the IP address of port2 as the source IP address.

Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

A.

The next-hop IP address is up.

B.

There is no other route, to the same destination, with a higher distance.

C.

The link health monitor (if configured) is up.

D.

The next-hop IP address belongs to one of the outgoing interface subnets.

E.

The outgoing interface is up.

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:

diagnose debug application ike-1

diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

A.

Phase1; IKE mode configuration; XAuth; phase 2.

B.

Phase1; XAuth; IKE mode configuration; phase2.

C.

Phase1; XAuth; phase 2; IKE mode configuration.

D.

Phase1; IKE mode configuration; phase 2; XAuth.

Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

A.

The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

B.

The TCP session for the BGP connection to 10.200.3.1 is down.

C.

The local peer has received the BGP prefixed from the remote peer.

D.

The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

A.

The port4 interface is connected to the OSPF backbone area.

B.

The local FortiGate has been elected as the OSPF backup designated router.

C.

There are at least 5 OSPF routers connected to the port4 network.

D.

Two OSPF routers are down in the port4 network.

Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

A.

If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

B.

If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.

C.

If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.

D.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.