Actual Fortinet NSE7_EFW-6.4 Free Exam Questions Online

NEW QUESTION 1
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. General organization.
• C. Business.
• D. Information technology.

Answer: C

NEW QUESTION 2
The CLI command set intelligent-mode <enable | disable> controls the IPS engine’s adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

• A. Determines the optimal number of IPS engines required based on system load.
• B. Downloads signatures on demand from FDS based on scanning requirements.
• C. Determines when it is secure enough to stop scanning session traffic.
• D. Choose a matching algorithm based on available memory and the type of inspection being performed.

Answer: C

Explanation:
Configuring IPS intelligenceStarting with FortiOS 5.2, intelligent-mode is a new adaptive detection method. This command is enabled the default and it means that the IPS engine will perform adaptive scanning so that, for some traffic, the FortiGate can quickly finish scanning and offload the traffic to NPU or kernel. It is a balanced method which could cover all known exploits. When disabled, the IPS engine scans every single byte. config ips globalset intelligent-mode {enable|disable}end

NEW QUESTION 3
Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

• A. This session cannot be synced with the slave unit.
• B. The inspection of this session has been offloaded to the slave unit.
• C. The master unit is processing this traffic.
• D. This session is for HA heartbeat traffic.

Answer: C

NEW QUESTION 4
Which two statements about an auxiliary session are true? (Choose two.)

• A. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
• B. With the auxiliary session setting enabled, two sessions will be created in case of routing change.
• C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.
• D. With the auxiliary session disabled, only auxiliary sessions will be offloaded.

Answer: CD

NEW QUESTION 5
Refer to exhibit, which contains the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

• A. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.
• B. The TCP session to 10.200.3.1 has not completed the 3-way handshake.
• C. The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.
• D. The local router has received the BGP prefixes from the remote peer.

Answer: B

Explanation:
BGP neighbor states and how they change:• Idle: Initial state• Connect: Waiting for a successful three-way TCP connection• Active: Unable to establish the TCP session• OpenSent: Waiting for an OPEN message from the peer• OpenConfirm: Waiting for the keepalive message from the peer• Established: Peers have successfully exchanged OPEN and keepalive messages

NEW QUESTION 6
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

• A. Firewall monitor.
• B. Policy monitor.
• C. Logs.
• D. Crashlogs.

Answer: CD

NEW QUESTION 7
Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but failed to apply any changes to the managed device after being executed.
Why did the TCL script fail to make any changes to the managed device?

• A. Changes in an interface configuration can only be done by CLI script.
• B. The TCL script must start with #include <>.
• C. Incomplete commands are ignored in TCL scripts.
• D. The TCL command run_cmd has not been created.

Answer: D

NEW QUESTION 8
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A. diagnose sniffer packet any ‘port 500’
• B. diagnose sniffer packet any ‘esp’
• C. diagnose sniffer packet any ‘host 10.0.10.10’
• D. diagnose sniffer packet any ‘port 4500’

Answer: D

Explanation:
NAT-T is enabled. natt: mode=silentProtocol ESP is used. ESP is encapsulated in UDP port 4500 when NAT-T is enabled.

NEW QUESTION 9
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP state of the peer 10.125.0.60 is Established.
• B. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
• C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
• D. The local BGP peer has received a total of 3 BGP prefixes.

Answer: AC

NEW QUESTION 10
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

• A. TCP half open.
• B. TCP half close.
• C. TCP time wait.
• D. TCP session time to live.

Answer: A

Explanation:
http://docs-legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/common/html/wwhe
lp.htm?context=fgt&file=CLI_get_Commands.58.25.html
The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACKremains in the table.
The tcp-halfclose-timer controls for how long, after a FIN packet, a session without FIN/ACKremains in the table.
The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in thetable. A closed session remains in the session table for a few seconds more to allow any out-of-sequence packet.

NEW QUESTION 11
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit?

• A. redir.
• B. dirty.
• C. synced
• D. nds.

Answer: C

Explanation:
The synced sessions have the ‘synced’ flag. The command ‘diag sys session list’ can be used to see the sessions on the member, with the associated flags.

NEW QUESTION 12
Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

• A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.
• B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
• C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.
• D. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.

Answer: AB

NEW QUESTION 13
An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2
What information is included in the output of the sniffer? (Choose two.)

• A. Ethernet headers.
• B. IP payload.
• C. IP headers.
• D. Port names.

Answer: BC

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=11186

NEW QUESTION 14
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

• A. Phase1; IKE mode configuration; XAuth; phase 2.
• B. Phase1; XAuth; IKE mode configuration; phase2.
• C. Phase1; XAuth; phase 2; IKE mode configuration.
• D. Phase1; IKE mode configuration; phase 2; XAuth.

Answer: B

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet

NEW QUESTION 15
An administrator added the following Ipsec VPN to a FortiGate configuration:
configvpn ipsec phasel -interface edit "RemoteSite"
set type dynamic
set interface "portl" set mode main
set psksecret ENC LCVkCiK2E2PhVUzZe next
end
config vpn ipsec phase2-interface edit "RemoteSite"
set phasel name "RemoteSite" set proposal 3des-sha256
next end
However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.


What is causing the IPsec problem in the phase 1 ?

• A. The incoming IPsec connection is matching the wrong VPN configuration
• B. The phrase-1 mode must be changed to aggressive
• C. The pre-shared key is wrong
• D. NAT-T settings do not match

Answer: C

NEW QUESTION 16
When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

• A. FortiGate uses CN information from the Subject field in the server’s certificate.
• B. FortiGate switches to the full SSL inspection method to decrypt the data.
• C. FortiGate blocks the request without any further inspection.
• D. FortiGate uses the requested URL from the user’s web browser.

Answer: A

NEW QUESTION 17
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?

• A. FortiGate uses the requested URL from the user’s web browser.
• B. FortiGate uses the CN information from the Subject field in the server certificate.
• C. FortiGate blocks the request without any further inspection.
• D. FortiGate switches to the full SSL inspection method to decrypt the data.

Answer: B

NEW QUESTION 18
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

• A. There are 0 ephemeral sessions.
• B. All the sessions in the session table are TCP sessions.
• C. No sessions have been deleted because of memory pages exhaustion.
• D. There are 166 TCP sessions waiting to complete the three-way handshake.

Answer: AC

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40578

NEW QUESTION 19
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn’t the tunnel come up?

• A. The pre-shared keys do not match.
• B. The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.
• C. The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.
• D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Answer: C

NEW QUESTION 20
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1)
tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2)
tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2
Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

• A. port!
• B. port2.
• C. Both portl and port2.
• D. port3.

Answer: B

NEW QUESTION 21
......