Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0

Fortinet NSE7_EFW-7.0 Premium Access     Download Demo    
Page: 1 / 5
Total 163 questions

Refer to the exhibit, which shows a partial routing table.

Assuming all the appropriate firewall policies are configured, what two changes would an administrator need to make if they wanted to send traffic from a client directly connected to port3, to a server directly connected to port4? (Choose two.)

A.

Configure route leaking between VRF 12 and VRF 21.

B.

Disable auto-asic-offload as this is not supported between VRF instances.

C.

Configure RIPv2 to exchange route information between the VRF instances.

D.

Configure route leaking between port3 and port4.

E.

Enable SNAT on the relevant firewall policies to prevent RPF check drops.

A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

A.

cnid.

B.

username.

C.

password.

D.

dn.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Why did the tunnel not come up?

A.

The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway.

B.

The Diffie-Hellman group does not match on the local and remote gateways.

C.

The proposal ID does not match between local and remote gateways.

D.

The encapsulation method for phase 2 is set to none on local and remote gateways.

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.

Why did the TCL script fail to make any changes to the managed device?

A.

The TCL command run_cmd has not been created.

B.

The TCL script must start with tinclude <>.

C.

Incomplete commands are ignored in TCL scripts.

D.

Changes to an interface configuration can be made only by a CLI script.

Which two statements about application-layer test commands are true? (Choose two.)

A.

Some of them display real-time application debugs.

B.

Some of them can be used to restart an application.

C.

Some of them display statistics and configuration information about a feature or process.

D.

Some of them only display output, after you run the diagnose debug console enable command.

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A.

The local router's BGP state is Established with the 10.125.0.60 peer.

B.

Since the counters were last reset; the 10.200.3.1 peer has never been down.

C.

The local router has received a total of three BGP prefixes from all peers.

D.

The local router has not established a TCP session with 100.64.3.1.

Refer to the exhibit, which shows the output of a diagnose command.

What can be concluded about the debug output in this scenario?

A.

Servers with a negative TZ value are less preferred for rating requests.

B.

There is a natural correlation between the value in the Packets field and the value in the Weight field.

C.

FortiGate used 64.26.151.37 as the initial server to validate its contract.

D.

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.

Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

A.

It has a higher priority value than the default route using port1.

B.

It is disabled in the FortiGate configuration.

C.

It has a lower priority value than the default route using port1.

D.

It has a higher distance than the default route using port1.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

A.

In the phase 1 network configuration, set the IKE version to 2.

B.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

C.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

D.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

A.

Reduce the session time to live.

B.

Increase the TCP session timers.

C.

Increase the FortiGuard cache time to live.

D.

Reduce the maximum file size to inspect.