What Verified NSE7_EFW-6.4 Vce Is

NEW QUESTION 1
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

• A. BGP state of the peer 10.125.0.60 is Established.
• B. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
• C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
• D. The local BGP peer has received a total of 3 BGP prefixes.

Answer: AC

NEW QUESTION 2
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

• A. FortiManager can download and maintain local copies of FortiGuard databases.
• B. FortiManager supports only FortiGuard push to managed devices.
• C. FortiManager will respond to update requests only if they originate from a managed device.
• D. FortiManager does not support rating requests.

Answer: A

NEW QUESTION 3
An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2
What information is included in the output of the sniffer? (Choose two.)

• A. Ethernet headers.
• B. IP payload.
• C. IP headers.
• D. Port names.

Answer: BC

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=11186

NEW QUESTION 4
View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

• A. It is currently in system conserve mode because of high CPU usage.
• B. It is currently in FD conserve mode.
• C. It is currently in kernel conserve mode because of high memory usage.
• D. It is currently in system conserve mode because of high memory usage.

Answer: D

NEW QUESTION 5
Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)

• A. The link health monitor (if configured) is up.
• B. There is no other route, to the same destination, with a higher distance.
• C. The outgoing interface is up.
• D. The next-hop IP address is up.

Answer: AC

NEW QUESTION 6
View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

• A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
• B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.
• C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
• D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Answer: B

NEW QUESTION 7
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A. diagnose sniffer packet any ‘port 500’
• B. diagnose sniffer packet any ‘esp’
• C. diagnose sniffer packet any ‘host 10.0.10.10’
• D. diagnose sniffer packet any ‘port 4500’

Answer: D

Explanation:
NAT-T is enabled. natt: mode=silentProtocol ESP is used. ESP is encapsulated in UDP port 4500 when NAT-T is enabled.

NEW QUESTION 8
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn’t the script make any changes to the managed device?

• A. Commands that start with the # sign are not executed.
• B. CLI scripts will add objects only if they are referenced by policies.
• C. Incomplete commands are ignored in CLI scripts.
• D. Static routes can only be added using TCL scripts.

Answer: A

Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/2400_Sc
A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.

NEW QUESTION 9
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

• A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
• B. SIP ALG supports SIP HA failover; SIP helper does not.
• C. SIP ALG supports SIP over IPv6; SIP helper does not.
• D. SIP ALG can create expected sessions for media traffic; SIP helper does not.
• E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Answer: BCD

NEW QUESTION 10
Which statement about memory conserve mode is true?

• A. A FortiGate exits conserve mode when the configured memory use threshold reaches yellow.
• B. A FortiGate starts dropping all the new and old sessions when the configured memory use threshold reaches extreme.
• C. A FortiGate starts dropping new sessions when the configured memory use threshold reaches red
• D. A FortiGate enters conserve mode when the configured memory use threshold reaches red

Answer: C

NEW QUESTION 11
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?

• A. av-failopen
• B. mem-failopen
• C. utm-failopen
• D. ips-failopen

Answer: A

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Other_Profile_Consideratio

NEW QUESTION 12
View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

• A. This is an expected session created by a session helper.
• B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
• C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
• D. This is an expected session created by an application control profile.

Answer: AC

NEW QUESTION 13
View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration?

• A. IPS will scan every byte in every session.
• B. FortiGate will spawn IPS engine instances based on the system load.
• C. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.
• D. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Answer: A

NEW QUESTION 14
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is
NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

• A. The IP address recorded in the logon event for the user STUDENT.
• B. The DNS name resolution for the workstation name INTERNAL2. TRAININ
• C. LAB.
• D. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2.TRAININ
• E. LAB.
• F. The reserve DNS lookup forthe IP address 192.168.3.1.

Answer: C

NEW QUESTION 15
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

• A. Preview pending configuration changes for managed devices.
• B. Add devices to FortiManager.
• C. Import policy packages from managed devices.
• D. Install configuration changes to managed devices.
• E. Import interface mappings from managed devices.

Answer: AD

Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/1200_ins
There are 4 main wizards:Add Device: is used to add devices to central management and import their configurations.
Install: is used to install configuration changes from Device Manager or Policies & Objects to the managed devices. It allows you to preview the changes and, if the administrator doesn’t agree with the changes, cancel and modify them.
Import policy: is used to import interface mapping, policy database, and objects associated with the managed devices into a policy package under the Policy & Object tab. It runs with the Add Device wizard by default and may be run at any time from the managed device list.
Re-install policy: is used to perform a quick install of the policy package. It doesn’t give the ability to preview the changes that will be installed to the managed device.

NEW QUESTION 16
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.
Which statement about this setting is true?

• A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
• B. It sends a link failed signal to all connected devices.
• C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.
• D. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.

Answer: D

NEW QUESTION 17
Refer to the exhibit, which contains the output of get system ha status.

Which two statements about the output are true? (Choose two.)

• A. The slave configuration is synchronized with the master.
• B. port7 is used as the HA heartbeat on all devices in the cluster.
• C. Master is selected based on the priority configured under config system ha.
• D. The HA management IP is 169.254.0.2.

Answer: BC

NEW QUESTION 18
Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

• A. This session cannot be synced with the slave unit.
• B. The inspection of this session has been offloaded to the slave unit.
• C. The master unit is processing this traffic.
• D. This session is for HA heartbeat traffic.

Answer: C

NEW QUESTION 19
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

• A. Primary unit stops sending HA heartbeat keepalives.
• B. The FortiGuard license for the primary unit is updated.
• C. One of the monitored interfaces in the primary unit is disconnected.
• D. A secondary unit is removed from the HA cluster.

Answer: AC

NEW QUESTION 20
View the exhibit, which contains the output of a real-time debug, and then answer the question below.

Which of the following statements is true regarding this output? (Choose two.)

• A. This web request was inspected using the root web filter profile.
• B. FortiGate found the requested URL in its local cache.
• C. The requested URL belongs to category ID 52.
• D. The web request was allowed by FortiGate.

Answer: BC

NEW QUESTION 21
......