Vivid Fortinet NSE7_EFW-6.0 Actual Exam Online

NEW QUESTION 1
An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

• A. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.
• B. Redirection of HTTP to HTTPS administrative access is disabled.
• C. HTTP administrative access is configured with a port number different than 80.
• D. The packet is denied because of reverse path forwarding check.

Answer: AC

NEW QUESTION 2
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.

Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?

• A. auto-discovery-sender
• B. auto-discovery-forwarder
• C. auto-discovery-shortcut
• D. auto-discovery-receiver

Answer: D

NEW QUESTION 3
View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate’s inspection of this session?

• A. FortiGate applied proxy-based inspection.
• B. FortiGate forwarded this session without any inspection.
• C. FortiGate applied flow-based inspection.
• D. FortiGate applied explicit proxy-based inspection.

Answer: A

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042

NEW QUESTION 4
View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

• A. It is currently in system conserve mode because of high CPU usage.
• B. It is currently in FD conserve mode.
• C. It is currently in kernel conserve mode because of high memory usage.
• D. It is currently in system conserve mode because of high memory usage.

Answer: D

NEW QUESTION 5
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

• A. Phase1; IKE mode configuration; XAuth; phase 2.
• B. Phase1; XAuth; IKE mode configuration; phase2.
• C. Phase1; XAuth; phase 2; IKE mode configuration.
• D. Phase1; IKE mode configuration; phase 2; XAuth.

Answer: B

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet

NEW QUESTION 6
What does the dirty flag mean in a FortiGate session?

• A. Traffic has been blocked by the antivirus inspection.
• B. The next packet must be re-evaluated against the firewall policies.
• C. The session must be removed from the former primary unit after an HA failover.
• D. Traffic has been identified as from an application that is not allowed.

Answer: B

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40119&sliceId=1

NEW QUESTION 7
View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

• A. This is an expected session created by a session helper.
• B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
• C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
• D. This is an expected session created by an application control profile.

Answer: AC

NEW QUESTION 8
Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

• A. It was created by the FortiGate kernel to allow push updates from FotiGuard.
• B. It is for management traffic terminating at the FortiGate.
• C. It is for traffic originated from the FortiGate.
• D. It was created by a session helper or ALG.

Answer: D

NEW QUESTION 9
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

• A. A process crash.
• B. Configuration changes.
• C. Changes in the status of any of the FortiGuard licenses.
• D. System entering to and leaving from the proxy conserve mode.

Answer: AD

Explanation:
diagnose debug crashlog read
275: 2014-08-05 13:03:53 proxy=acceptor service=imap session fail mode=activated276: 2014-08-05
13:03:53 proxy=acceptor service=ftp session fail mode=activated277: 2014-08-05 13:03:53 proxy=acceptor service=nntp session fail mode=activated278: 2014-08-06 11:05:47 service=kernel conserve=on free=”45034 pages” red=”45874 pages” msg=”Kernel279: 2014-08-06 11:05:47 enters conserve mode”280: 2014-08-06 13:07:16 service=kernel conserve=exit free=”86704 pages” green=”68811 pages”281: 2014-08-06 13:07:16 msg=”Kernel leaves conserve mode”282: 2014-08-06
13:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201283: 2014-08-06 13:07:16 marginexit=302

NEW QUESTION 10
In which of the following states is a given session categorized as ephemeral? (Choose two.)

• A. A TCP session waiting to complete the three-way handshake.
• B. A TCP session waiting for FIN ACK.
• C. A UDP session with packets sent and received.
• D. A UDP session with only one packet received.

Answer: BC

NEW QUESTION 11
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. For the peer 10.125.0.60, the BGP state of is Established.
• B. The local BGP peer has received a total of three BGP prefixes.
• C. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.
• D. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Answer: AD

NEW QUESTION 12
View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

• A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
• B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.
• C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
• D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Answer: A

NEW QUESTION 13
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

• A. It is currently in system conserve mode because of high CPU usage.
• B. It is currently in extreme conserve mode because of high memory usage.
• C. It is currently in proxy conserve mode because of high memory usage.
• D. It is currently in memory conserve mode because of high memory usage.

Answer: D

NEW QUESTION 14
What configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

• A. mem-failopen
• B. ips-failopen
• C. utm-failopen
• D. av-failopen

Answer: BD

NEW QUESTION 15
A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

• A. cnid.
• B. username.
• C. password.
• D. dn.

Answer: BC

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=13141

NEW QUESTION 16
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

• A. Finance and banking
• B. General organization.
• C. Business.
• D. Information technology.

Answer: C

NEW QUESTION 17
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

• A. There are 0 ephemeral sessions.
• B. All the sessions in the session table are TCP sessions.
• C. No sessions have been deleted because of memory pages exhaustion.
• D. There are 166 TCP sessions waiting to complete the three-way handshake.

Answer: AC

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40578

NEW QUESTION 18
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is
NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

• A. The IP address recorded in the logon event for the user STUDENT.
• B. The DNS name resolution for the workstation name INTERNAL2. TRAININ
• C. LAB.
• D. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2.TRAININ
• E. LAB.
• F. The reserve DNS lookup forthe IP address 192.168.3.1.

Answer: C

NEW QUESTION 19
What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

• A. IP addresses are in the same subnet.
• B. Hello and dead intervals match.
• C. OSPF IP MTUs match.
• D. OSPF peer IDs match.
• E. OSPF costs match.

Answer: ABC

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-advanced-routing-54/Routing_OSPF/OSPF_Bac

NEW QUESTION 20
The logs in a FSSO collector agent (CA) are showing the following error: failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

• A. The CA cannot resolve the name of the workstation.
• B. The FortiGate cannot resolve the name of the workstation.
• C. The remote registry service is not running in the workstation 192.168.12.232.
• D. The CA cannot reach the FortiGate with the IP address 192.168.12.232.

Answer: C

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD30548

NEW QUESTION 21
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

• A. FortiGate limits the number of simultaneous sessions per explicit web proxy use
• B. This limit CANNOT be modified by the administrator.
• C. FortiGate limits the total number of simultaneous explicit web proxy users.
• D. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
• E. FortiGate limits the number of workstations that authenticate using the same web proxy user credentials.This limit CANNOT be modified by the administrator.

Answer: B

Explanation:
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/web_proxy.htm#Explicit2
The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higher than the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

NEW QUESTION 22
Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. The interface ToRemote is OSPF network type point-to-point.
• B. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.
• C. The local FortiGate is the backup designated router for the wan1 network.
• D. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1 network.

Answer: AC

Explanation:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-13.html

NEW QUESTION 23
......