Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0

Fortinet NSE7_EFW-7.0 Premium Access     Download Demo    
Page: 4 / 5
Total 163 questions

Which statement about protocol options is true?

A.

Protocol options allows administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

B.

Protocol options allows administrators the ability to configure the Any setting for all enabled protocols which provides the most efficient use of system resources.

C.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

D.

Protocol options allows administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

View the exhibit, which contains the output of a diagnose command, and the answer the question below.

Which statements are true regarding the Weight value?

A.

Its initial value is calculated based on the round trip delay (RTT).

B.

Its initial value is statically set to 10.

C.

Its value is incremented with each packet lost.

D.

It determines which FortiGuard server is used for license validation.

What are two functions of automation stitches? (Choose two.)

A.

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.

B.

An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

C.

Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

D.

An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

Refer to the exhibits.

Which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovered that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must administrator make to fix the issue? (Choose two.)

A.

Use different pre-shared keys on both VPNs

B.

Enable Mode Config on both VPNs.

C.

Set up specific peer IDs on both VPNs.

D.

Change to aggressive mode on both VPNs.

Refer to the exhibit, which shows the output of a diagnose command

What can you conclude from the RTT value?

A.

Its value represents the time it takes to receive a response after a rating request is sent to a particular server.

B.

Its value is incremented with each packet lost.

C.

It determines which FortiGuard server is used for license validation.

D.

Its initial value is statically set to 10.

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

A.

FortiGate uses CN information from the Subject field in the server’s certificate.

B.

FortiGate switches to the full SSL inspection method to decrypt the data.

C.

FortiGate blocks the request without any further inspection.

D.

FortiGate uses the requested URL from the user’s web browser.

Refer to the exhibit, which shows the output of a debug command.

What can be concluded from the debug command output?

A.

The OSPF router with the ID 0.0.0.69 has its OSPF priority set to 0.

B.

The local FortiGate has a different MTU value from the OSPF router with ID 0.0.0.2, based on the state information.

C.

There are more than two OSPF routers on the wan2 network.

D.

The interface ToRemote is a broadcast OSPF network.

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

A.

Router ID.

B.

OSPF interface area.

C.

OSPF interface cost.

D.

OSPF interface MTU.

E.

Interface subnet mask.

Refer to the exhibit, which shows the output of a BGP debug command.

What can be concluded about the router in this scenario?

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.

B.

The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

A.

It was created by the FortiGate kernel to allow push updates from FotiGuard.

B.

It is for management traffic terminating at the FortiGate.

C.

It is for traffic originated from the FortiGate.

D.

It was created by a session helper or ALG.