How Many Questions Of NSE7_EFW-6.2 Answers

NEW QUESTION 1
Examine the output fromthe BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP peers have successfully interchangedOpenandKeepalivemessages.
• B. Local BGP peer received a prefix for a default route.
• C. The state of the remote BGP peer isOpenConfirm.
• D. The state of the remote BGP peer will go toConnectafter it confirms the received prefixes.

Answer: AB

NEW QUESTION 2
Which two tasks are automated using theInstall Wizard on FortiManager? (Choose two.)

• A. Preview pending configuration changes for managed devices.
• B. Add devices to FortiManager.
• C. Import policy packages from managed devices.
• D. Install configuration changes to managed devices.
• E. Import interface mappings from managed devices.

Answer: AD

Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/1200_ins
There are 4 main wizards:Add Device: is used to add devices to central management and import their configurations.
Install: is used to install configuration changes from Device Manager or Policies & Objects to the managed devices. It allows you to preview the changes and, if the administrator doesn’t agree with the changes, cancel and modify them.
Import policy: isused to import interface mapping, policy database, and objects associated with the managed devices into a policy package under the Policy & Object tab. It runs with the Add Device wizard by default and may be run at any time from the managed device list.
Re-install policy: is used to perform a quick install of the policy package. It doesn’t give the ability to preview the changes that will be installed to the managed device.

NEW QUESTION 3
When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

• A. FortiGate uses CN information from the Subject field in the server’s certificate.
• B. FortiGate switches to the full SSL inspection method to decrypt the data.
• C. FortiGate blocks the request without any further inspection.
• D. FortiGate uses the requested URL from the user’s web browser.

Answer: A

NEW QUESTION 4
Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

• A. It caches available firmware updates for unmanaged devices.
• B. It can be configured as an update server, or a rating server, but not both.
• C. It supports rating requests fromboth managed and unmanaged devices.
• D. It provides VM license validation services.

Answer: AD

NEW QUESTION 5
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

• A. Phase1; IKE mode configuration; XAuth; phase 2.
• B. Phase1; XAuth; IKE mode configuration; phase2.
• C. Phase1; XAuth; phase 2; IKE mode configuration.
• D. Phase1; IKE mode configuration; phase 2; XAuth.

Answer: B

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet

NEW QUESTION 6
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

• A. The debug output shows phases 1 and 2 negotiations onl
• B. Once the tunnel is up, it does not show any more output.
• C. The log-filter setting was setincorrectl
• D. The VPN’s traffic does not match this filter.
• E. The debug shows only error message
• F. If there is no output, then the tunnel is operating normally.
• G. The debug output shows phase 1 negotiation onl
• H. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

Answer: D

NEW QUESTION 7
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. The local router's BGP state is Established with the 10.125.0.60 peer.
• B. Since the counters were last reset; the 10.200.3.1 peer has never been down.
• C. The local router has received a total of three BGP prefixes from all peers.
• D. The local router has not established a TCP session with 100.64.3.1.

Answer: AD

NEW QUESTION 8
What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

• A. IP addresses are in the same subnet.
• B. Helloand dead intervals match.
• C. OSPF IP MTUs match.
• D. OSPF peer IDs match.
• E. OSPF costs match.

Answer: ABC

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-advanced-routing-54/Routing_OSPF/OSPF_Bac

NEW QUESTION 9
Which of the following conditions must be met for a static route to be active in therouting table? (Choose three.)

• A. The next-hop IP address is up.
• B. There is no other route, to the same destination, with a higher distance.
• C. The link health monitor (if configured) is up.
• D. The next-hop IP address belongs to one of the outgoing interface subnets.
• E. The outgoing interface is up.

Answer: CDE

Explanation:
A configured static route only goes to routing table from routing database when all the following are met :
The outgoing interface is up
There is no other matching route with a lowerdistance
The link health monitor (if configured) is successful
The next-hop IP address belongs to one of the outgoing interface subnets

NEW QUESTION 10
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network.What HA setting must be changed in one of the HA clusters to fix the problem?

• A. Group ID.
• B. Group name.
• C. Session pickup.
• D. Gratuitous ARPs.

Answer: A

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_failoverVMAC.htm

NEW QUESTION 11
What configuration changes can reduce the memory utilization in aFortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspect.

Answer: AD

NEW QUESTION 12
View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correctregarding the output? (Choose two.)

• A. This is an expected session created by a session helper.
• B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
• C. Traffic in the originaldirection (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
• D. This is an expected session created by an application control profile.

Answer: AC

NEW QUESTION 13
An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2
What information is included in the output of the sniffer? (Choose two.)

• A. Ethernet headers.
• B. IP payload.
• C. IPheaders.
• D. Port names.

Answer: BC

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=11186

NEW QUESTION 14
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?

• A. av-failopen
• B. mem-failopen
• C. utm-failopen
• D. ips-failopen

Answer: A

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Other_Profile_Consideratio

NEW QUESTION 15
When does a RADIUS server send an Access-Challenge packet?

• A. The server does not have the usercredentials yet.
• B. The server requires more information from the user, such as the token code for two-factor authentication.
• C. The user credentials are wrong.
• D. The user account is not found in the server.

Answer: B

NEW QUESTION 16
A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

• A. Session would remain in the session table and its traffic would keep using port1 as the outgoing interface.
• B. Session would remain in the session table and its traffic would start using port2 as the outgoing interface.
• C. Session would be deleted, so the client would need to start a new session.
• D. Session would remain in the session table and its traffic would be shared between port1 and port2.

Answer: A

NEW QUESTION 17
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. In the network onport4, two OSPF routers are down.
• B. Port4 is connected to the OSPF backbone area.
• C. The local FortiGate’s OSPF router ID is 0.0.0.4
• D. The local FortiGate has been elected as the OSPF backup designated router.

Answer: BC

NEW QUESTION 18
The CLI command set intelligent-mode <enable | disable> controls the IPS engine’s adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

• A. Determines the optimal number of IPS engines required based on system load.
• B. Downloads signatures on demand from FDS based on scanning requirements.
• C. Determines when it is secure enough to stop scanning session traffic.
• D. Choose a matching algorithm based on available memory and the type of inspection being performed.

Answer: C

Explanation:
Configuring IPS intelligenceStarting with FortiOS 5.2, intelligent-mode is a new adaptive detection method. This command is enabled the default and it means that the IPS engine will perform adaptive scanning so that, for some traffic, the FortiGate can quickly finish scanning and offload the traffic to NPU or kernel. It is a balanced method which could cover all known exploits. When disabled, the IPS engine scans every single byte.
config ips globalset intelligent-mode {enable|disable}end

NEW QUESTION 19
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statisticsare all zeros?

• A. The administrator has reallocated the cache memory to a separate process.
• B. There are no users making web requests.
• C. The FortiGuard web filter cache is disabled in the FortiGate’s configuration.
• D. FortiGate is using aflow-based web filter and the cache applies only to proxy-based inspection.

Answer: C

NEW QUESTION 20
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

• A. Those whose traffic matches a DoS policy.
• B. Those whose traffic matches an IPS sensor.
• C. Those whose traffic exceeded a threshold of a matching DoS policy.
• D. Those whosetraffic was detected as an anomaly by an IPS sensor.

Answer: A

NEW QUESTION 21
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit?

• A. redir.
• B. dirty.
• C. synced
• D. nds.

Answer: C

Explanation:
The synced sessions have the‘synced’ flag. The command ‘diag sys session list’ can be used to see the sessions on the member, with the associated flags.

NEW QUESTION 22
View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

• A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
• B. It isan ICMP session from 10.1.10.10 to 10.200.5.1.
• C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
• D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Answer: A

NEW QUESTION 23
What is the purpose of an internal segmentation firewall (ISFW)?

• A. It inspects incoming traffic to protect services in the corporate DMZ.
• B. It is the first line of defense at the network perimeter.
• C. It splits the network into multiple security segments to minimize the impact of breaches.
• D. It is an all-in-one security appliance that is placed at remotesites to extend the enterprise network.

Answer: C

Explanation:
ISFW splits your network into multiple security segments. They serve as a breach containers from attacks that come from inside.

NEW QUESTION 24
......