Thomasjake1
Uploaded on Jan 20, 2021
Category
Education
Fortinet NSE7_EFW-6.0 Dumps has affectively changed the style students prepare. Highly qualified and experts have offered their help. So, this trustworthy guide is a result of their united efforts. There is no particular place for a study where you can get a cashback guarantee for your achievement on the first attempt. Not only this, but we have come with exclusive and successful help.Fortinet NSE 7 - Enterprise Firewall 6.0 Exam Questions and answers are the masterpieces of our experts who are continually upgrading the stuff according to the latest exam format. If you are interested in learning from here and passing your IT exam at the first attempt, then download Fortinet NSE7_EFW-6.0 Online Test Engine at discounted rates. You can preview the exam guide with our free demo version. Now practice on our online practice test under experts' supervision and go for sure success. It's time to visit Fortinet NSE7_EFW-6.0 passexam4sure.com and get a free demo version. VIST:https://www.passexam4sure.com/fortinet/nse7-efw-6-0-exam-dumps.html
Category
Education
How Can I Prepare My Fortinet NSE7_EFW-6.0 Exam?
Fortinet
NSE7 _ EFW -6 .0 Ex am
Fortinet NSE 7- Enterprise Firewall 6.0 Exam
Questions & Answers
Demo
Page2
Version:8.0
Question:1
ExaminetheIPsecconfigurationshownintheexhibit;thenanswerthequestionbelow.
Anadministrator wantstomonitor theVPNbyenablingtheIKEreal timedebugusingthese
commands:
Page3
diagnosevpnikelog-filtersrc-addr410.0.10.1
diagnosedebugapplicationike-1
diagnosedebugenable
TheVPNis currentlyup, thereis notrafficcrossingthetunnel andDPDpackets arebeing
interchangedbetweenbothIPsecgateways.However,theIKEreal timedebugdoesNOTshowany
output.Whyisn’tthereanyoutput?
A.TheIKErealtimeshowsthephases1and2negotiationsonly.Itdoesnotshowanymoreoutput
oncethetunnelisup.
B.Thelog-filtersettingissetincorrectly.TheVPN’strafficdoesnotmatchthisfilter.
C. TheIKEreal timedebugshowsthephase1negotiationonly. Forinformationafterthat, the
administratormustusetheIPsecrealtimedebuginstead:diagnosedebugapplicationipsec-1.
D.TheIKErealtimedebugshowserrormessagesonly.Ifitdoesnotprovideanyoutput,itindicates
thatthetunnelisoperatingnormally.
Answer:B
Question:2
WhichofthefollowingstatementsaretrueregardingtheSIPsessionhelperandtheSIPapplication
layergateway(ALG)?(Choosethree.)
A.SIPsessionhelperrunsinthekernel;SIPALGrunsasauserspaceprocess.
B.SIPALGsupportsSIPHAfailover;SIPhelperdoesnot.
C.SIPALGsupportsSIPoverIPv6;SIPhelperdoesnot.
D.SIPALGcancreateexpectedsessionsformediatraffic;SIPhelperdoesnot.
E.SIPhelpersupportsSIPoverTCPandUDP;SIPALGsupportsonlySIPoverUDP.
Answer:B,C,D
Question:3
AFortiGatedevicehasthefollowingLDAPconfiguration:
Page4
Theadministratorexecutedthe‘dsquery’commandintheWindowsLDApserver10.0.1.10,andgot
thefollowingoutput:
>dsqueryuser–samidadministrator
“CN=Administrator,CN=Users,DC=trainingAD,DC=training,DC=lab”
Basedontheoutput,whatFortiGateLDAPsettingisconfiguredincorrectly?
A.cnid.
B.username.
C.password.
D.dn.
Answer:B
Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516
Question:4
AcorporatenetworkallowsInternetAccesstoFSSOusersonly.TheFSSOuserstudentdoesnothave
InternetaccessaftersuccessfullyloggedintotheWindowsADnetwork.Theoutputofthe‘diagnose
debugauthdfssolist’commanddoesnotshowstudentasanactiveFSSOuser.OtherFSSOuserscan
accesstheInternetwithoutproblems.Whatshouldtheadministratorcheck?(Choosetwo.)
A.TheuserstudentmustnotbelistedintheCA’signoreuserlist.
B.Theuserstudentmustbelongtooneormoreofthemonitoredusergroups.
C.Thestudentworkstation’sIPsubnetmustbelistedintheCA’strustedlist.
D.Atleastoneofthestudent’susergroupsmustbeallowedbyaFortiGatefirewallpolicy.
Answer:A,D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828
Question:5
Page5
AnadministratorhasdecreasedalltheTCPsessiontimerstooptimizetheFortiGatememoryusage.
However, after thechanges, onenetwork applicationstartedtohaveproblems. Duringthe
troubleshooting,theadministratornoticedthattheFortiGatedeletesthesessionsaftertheclients
sendtheSYNpackets,andbeforethearrivaloftheSYN/ACKs.WhentheSYN/ACKpacketsarriveto
theFortiGate,theunithasalreadydeletedtherespectivesessions.WhichTCPsessiontimermustbe
increasedtofixthisproblem?
A.TCPhalfopen.
B.TCPhalfclose.
C.TCPtimewait.
D.TCPsessiontimetolive.
Answer:A
Explanation:
http://docs-
legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&fil
e=CLI_get_Commands.58.25.html
Thetcp-halfopen-timer controlsfor howlong, after aSYNpacket, asessionwithout SYN/ACK
remainsinthetable.
Thetcp-halfclose-timer controls for howlong, after aFINpacket, asessionwithout FIN/ACK
remainsinthetable.
Thetcp-timewait-timercontrolsforhowlong, afteraFIN/ACKpacket, asessionremainsinthe
table. Aclosedsessionremainsinthesessiontableforafewsecondsmoretoallowanyout-of-
sequencepacket.
Question:6
AnadministratorisrunningthefollowingsnifferinaFortiGate:
diagnosesnifferpacketany“host10.0.2.10”2
Whatinformationisincludedintheoutputofthesniffer?(Choosetwo.)
A.Ethernetheaders.
B.IPpayload.
C.IPheaders.
D.Portnames.
Answer:B,C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=11186
Question:7
Examinethepartialoutputfromtwowebfilterdebugcommands;thenanswerthequestionbelow:
Page6
Basedontheaboveoutputs, whichis theFortiGuardwebfilter categoryfor thewebsite
www.fgt99.com?
A.Financeandbanking
B.Generalorganization.
C.Business.
D.Informationtechnology.
Answer:C
Question:8
Examinetheoutputof the‘getrouterinfoospf interface’ commandshownintheexhibit; then
answerthequestionbelow.
Page7
Whichstatementsaretrueregardingtheaboveoutput?(Choosetwo.)
A.Theport4interfaceisconnectedtotheOSPFbackbonearea.
B.ThelocalFortiGatehasbeenelectedastheOSPFbackupdesignatedrouter.
C.Thereareatleast5OSPFroutersconnectedtotheport4network.
D.TwoOSPFroutersaredownintheport4network.
Answer:A,C
Explanation:
onBROADCASTnetworkthereare4neighbors, amongwhich1*DR+1*BDR. Soour FGhas4
neighbors,butcreateadjacencyonlywith2(withDRandBDR).2neighborsDRother(notdown).
Comments