Fortinet
NSE7_EFW-6.2
Fortinet NSE 7 - Enterprise Firewall 6.2
QUESTION & ANSWERS
https://www.certsexpert.com/NSE7_EFW-6.2-pdf-questions.html
�QUESTION 1
Refer to the exhibit, which contains the output of a BGP debug command.
Which statement about the exhibit is true?
A. The local router has received a total of three BGP prefixes from all peers.
B. The local router has not established a TCP session with 100.64.3.1.
C. Since the counters were last reset, the 10.200.3.1 peer has never been down.
D. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
Correct Answer: B
QUESTION 2
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3
ipsengine exit log”
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?
A. IPS engine memory consumption has exceeded the model-specific predefined value.
B. IPS daemon experienced a crash.
C. There are communication problems between the IPS engine and the management database.
D. All IPS-related features have been disabled in FortiGate’s configuration.
Correct Answer: D
Explanation/Reference:
The command diagnose test application ipsmonitor includes many options that are useful for
troubleshooting purposes.Option 3 displays the log entries generated every time an IPS engine
process stopped. There are various reasons why these logs are generated:Manual: Because of the
configuration, IPS no longer needs to run (that is, all IPS-releated features have been disabled)
https://www.certsexpert.com/NSE7_EFW-6.2-pdf-questions.html
�QUESTION 3
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover,
the
administrator noticed that some of the switches in the network continue to send traffic to the former
primary
unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which
statement is
correct regarding this command?
A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second
while the failover occurs.
B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is
reachable through a new master after a failover.
C. Sends a link failed signal to all connected devices.
D. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
Correct Answer: A
QUESTION 4
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the
question below.
Which statement are true regarding the output in the exhibit? (Choose two.)
A. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
B. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's
time zone.
C. FortiGate will send the FortiGuard queries to the server with highest weight.
D. A server's round trip delay (RTT) is not used to calculate its weight.
https://www.certsexpert.com/NSE7_EFW-6.2-pdf-questions.html
�Correct Answer: B,C
QUESTION 5
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the
question below.
Why didn’t the tunnel come up?
A. The pre-shared keys do not match.
B. The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2
configuration.
C. The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1
configuration.
D. The remote gateway is using aggressive mode and the local gateway is configured to use man
mode.
Correct Answer: C
QUESTION 6
View the exhibit, which contains a session entry, and then answer the question below.
https://www.certsexpert.com/NSE7_EFW-6.2-pdf-questions.html
�Which statement is correct regarding this session?
A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.
C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.
Correct Answer: A
QUESTION 7
Examine the following routing table and BGP configuration; then answer the question below.
TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which
configuration change will make the local peer advertise this prefix?
A. Enable the redistribution of connected routers into BGP.
B. Enable the redistribution of static routers into BGP.
https://www.certsexpert.com/NSE7_EFW-6.2-pdf-questions.html
�C. Disable the setting network-import-check.
D. Enable the setting ebgp-multipath.
Correct Answer: C
QUESTION 8
Which statements about bulk configuration changes using FortiManager CLI scripts are correct?
(Choose two.)
A. When executed on the Policy Package, ADOM database, changes are applied directly to the
managed FortiGate.
B. When executed on the Device Database, you must use the installation wizard to apply the
changes to the managed FortiGate.
C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating
a new revision history.
D. When executed on the Remote FortiGate directly, administrators do not have the option to review
the changes prior to installation.
Correct Answer: B,D
Explanation/Reference:
CLI scripts can be run in three different ways:Device Database: By default, a script is executed on the
device database. It is recommend you run the changes on the device database (default setting), as
this
allows you to check what configuration changes you will send to the managed device. Once scripts
are
run on the device database, you can install these changes to a managed device using the installation
wizard.
Policy Package, ADOM database: If a script contains changes related to ADOM level objects and
policies, you can change the default selection to run on Policy Package, ADOM database and can then
be installed using the installation wizard.
Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don’t
need to install these changes using the installation wizard. As the changes are directly installed on
the
managed device, no option is provided to verify and check the configuration changes through
FortiManager prior to executing it.
QUESTION 9
A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit
web proxy
https://www.certsexpert.com/NSE7_EFW-6.2-pdf-questions.html
�is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT
enabled. An
internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true
regarding
the two entries in the FortiGate session table related with this traffic? (Choose two.)
A. Both session have the local flag on.
B. The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.
C. One session has the proxy flag on, the other one does not.
D. One of the sessions has the IP address of port2 as the source IP address.
Correct Answer: A,D
https://www.certsexpert.com/NSE7_EFW-6.2-pdf-questions.html
