NSE7_EFW Online Practice Questions and Answers

Which of the following tasks are automated using the Install Wizard on FortiManager? (Choose two.)

A. Preview pending configuration changes for managed devices.

B. Add devices to FortiManager.

C. Import policy packages from managed devices.

D. Install configuration changes to managed devices.

E. Import interface mappings from managed devices.

A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

A. Firewall monitor.

B. Policy monitor.

C. Logs.

D. Crashlogs.

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Why didn't the tunnel come up?

A. IKE mode configuration is not enabled in the remote IPsec gateway.

B. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.

C. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.

D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B. SIP ALG supports SIP HA failover; SIP helper does not.

C. SIP ALG supports SIP over IPv6; SIP helper does not.

D. SIP ALG can create expected sessions for media traffic; SIP helper does not.

E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted." What does the log mean?

A. There is not enough available memory in the system to create a new entry in the NAT port table.

B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.

C. FortiGate does not have any available NAT port for a new connection.

D. The limit for the maximum number of entries in the NAT port table has been reached.

View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

A. The administrator has reallocated the cache memory to a separate process.

B. There are no users making web requests.

C. The FortiGuard web filter cache is disabled in the FortiGate's configuration.

D. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A. 10.0.1.240

B. One of the public FortiGuard distribution servers

C. 10.0.1.244

D. 10.0.1.242

Examine the output of the `diagnose ips anomaly list' command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

A. Those whose traffic matches a DoS policy.

B. Those whose traffic matches an IPS sensor.

C. Those whose traffic exceeded a threshold of a matching DoS policy.

D. Those whose traffic was detected as an anomaly by an IPS sensor.

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?

A. FortiGate uses the Issued To: field in the server's certificate.

B. FortiGate switches to the full SSL inspection method to decrypt the data.

C. FortiGate blocks the request without any further inspection.

D. FortiGate uses the requested URL from the user's web browser.

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

A. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

B. FortiGate limits the total number of simultaneous explicit web proxy users.

C. FortiGate limits the number of simultaneous sessions per explicit web proxy user. The limit CAN be modified by the administrator.

D. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

View the exhibit, which contains the output of get sys ha status, and then answer the question below. Which statements are correct regarding the output? (Choose two.)

A. The slave configuration is not synchronized with the master.

B. The HA management IP is 169.254.0.2.

C. Master is selected because it is the only device in the cluster.

D. port 7 is used the HA heartbeat on all devices in the cluster.

View the IPS exit log, and then answer the question below.

# diagnose test application ipsmonitor 3

ipsengine exit log"

pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017

code = 11, reason: manual

What is the status of IPS on this FortiGate?

A. IPS engine memory consumption has exceeded the model-specific predefined value.

B. IPS daemon experienced a crash.

C. There are communication problems between the IPS engine and the management database.

D. All IPS-related features have been disabled in FortiGate's configuration.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question

below.

ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7....

ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430

ike 0: in

BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C000000010000000100

0000300101000

ike 0:RemoteSite:4: initiator: aggressive mode get 1st response... ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100

ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7

ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727)

ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3

ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000

ike 0:RemoteSite:4: received peer identifier FQDN `remore'

ike 0:RemoteSite:4: negotiation result

ike 0:RemoteSite:4: proposal id = 1:

ike 0:RemoteSite:4: protocol id = ISAKMP:

ike 0:RemoteSite:4: trans_id = KEY_IKE.

ike 0:RemoteSite:4: encapsulation = IKE/none

ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key 璴en=128 ike 0:RemoteSite:4:

type=OAKLEY_HASH_ALG, val=SHA.

ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY.

ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024.

ike 0:RemoteSite:4: ISAKMP SA lifetime=86400

ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16:

B25B6C9384D8BDB24E3DA3DC90CF5E73

ike 0:RemoteSite:4: PSK authentication succeeded

ike 0:RemoteSite:4: authentication OK

ike 0:RemoteSite:4: add INITIAL-CONTACT

ike 0:RemoteSite:4: enc

BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F

ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12 ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140,

id=baf47d0988e9237f/2 ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fda Which statements about this debug output are correct? (Choose two.)

A. The remote gateway IP address is 10.0.0.1.

B. It shows a phase 1 negotiation.

C. The negotiation is using AES128 encryption with CBC hash.

D. The initiator has provided remote as its IPsec peer ID.

Examine the following partial output from two system debug commands; then answer the question below.

Which of the following statements are true regarding the above outputs? (Choose two.)

A. The unit is running a 32-bit FortiOS

B. The unit is in kernel conserve mode

C. The Cached value is always the Active value plus the Inactive value

D. Kernel indirectly accesses the low memory (LowTotal) through memory paging

Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

A. Diagnose debug application radius -1.

B. Diagnose debug application fnbamd -1.

C. Diagnose authd console -log enable.

D. Diagnose radius console -log enable.