A Review Of Free NSE7_EFW-6.2 Braindumps

NEW QUESTION 1
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

• A. FortiManager can download and maintain local copies of FortiGuard databases.
• B. FortiManager supports only FortiGuard push to managed devices.
• C. FortiManager will respond to update requests only if they originate from a managed device.
• D. FortiManager does not support rating requests.

Answer: A

NEW QUESTION 2
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question
below.

Based on the debugoutput, which phase-1 setting is enabled in the configuration of this VPN?

• A. auto-discovery-sender
• B. auto-discovery-forwarder
• C. auto-discovery-shortcut
• D. auto-discovery-receiver

Answer: A

NEW QUESTION 3
When does a RADIUS server send an Access-Challenge packet?

• A. The server does not have the usercredentials yet.
• B. The server requires more information from the user, such as the token code for two-factor authentication.
• C. The user credentials are wrong.
• D. The user account is not found in the server.

Answer: B

NEW QUESTION 4
View the global IPSconfiguration, and then answer the question below.

Which of the following statements is true regarding this configuration?

• A. IPS will scan every byte in every session.
• B. FortiGate will spawn IPS engine instances based on the system load.
• C. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.
• D. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Answer: A

NEW QUESTION 5
View the exhibit, which contains the output of diagnose syssession list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

• A. This session is for HA heartbeat traffic.
• B. This session is synced with the slave unit.
• C. Theinspection of this session has been offloaded to the slave unit.
• D. This session cannot be synced with the slave unit.

Answer: B

NEW QUESTION 6
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the ‘diagnose debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

• A. The user student must not be listed in the CA’s ignore user list.
• B. The user student must belong to one or more of the monitored user groups.
• C. The student workstation’s IP subnet must be listed in the CA’s trusted list.
• D. At least one of the student’s user groups must be allowed by a FortiGate firewall policy.

Answer: AD

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828

NEW QUESTION 7
Which of the following conditions must be met for a static route to be active in therouting table? (Choose three.)

• A. The next-hop IP address is up.
• B. There is no other route, to the same destination, with a higher distance.
• C. The link health monitor (if configured) is up.
• D. The next-hop IP address belongs to one of the outgoing interface subnets.
• E. The outgoing interface is up.

Answer: CDE

Explanation:
A configured static route only goes to routing table from routing database when all the following are met :
The outgoing interface is up
There is no other matching route with a lowerdistance
The link health monitor (if configured) is successful
The next-hop IP address belongs to one of the outgoing interface subnets

NEW QUESTION 8
Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packetsdropped counter at the end of the sniffer?

• A. Number of packets that didn’t match the sniffer filter.
• B. Number of total packets dropped by the FortiGate.
• C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.
• D. Number ofpackets that matched the sniffer filter but could not be captured by the sniffer.

Answer: D

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=11655

NEW QUESTION 9
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

• A. A process crash.
• B. Configuration changes.
• C. Changes in the status of any of the FortiGuard licenses.
• D. System entering to and leaving from the proxy conserve mode.

Answer: AD

Explanation:
diagnose debug crashlog read
275: 2014-08-05 13:03:53 proxy=acceptorservice=imap session fail mode=activated276: 2014-08-05
13:03:53 proxy=acceptor service=ftp session fail mode=activated277: 2014-08-05 13:03:53 proxy=acceptor service=nntp session fail mode=activated278: 2014-08-06 11:05:47 service=kernel conserve=on free=”45034 pages” red=”45874 pages” msg=”Kernel279: 2014-08-06 11:05:47 enters conserve mode”280: 2014-08-06 13:07:16 service=kernel conserve=exit free=”86704 pages” green=”68811 pages”281: 2014-08-06 13:07:16 msg=”Kernel leaves conserve mode”282: 2014-08-06
13:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201283: 2014-08-06 13:07:16 marginexit=302

NEW QUESTION 10
Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

• A. It was created by the FortiGate kernel to allow push updates from FotiGuard.
• B. It is for management traffic terminating at the FortiGate.
• C. It is for traffic originated from the FortiGate.
• D. Itwas created by a session helper or ALG.

Answer: D

NEW QUESTION 11
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3 ipsengine exit log”
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2021 code = 11, reason: manual
What is the status of IPS on this FortiGate?

• A. IPS engine memory consumption has exceeded the model-specific predefined value.
• B. IPS daemon experienced a crash.
• C. There are communication problems between the IPS engine and the management database.
• D. All IPS-related features have been disabled in FortiGate’s configuration.

Answer: D

Explanation:
The command diagnose test application ipsmonitor includes many options that are useful for troubleshooting purposes.Option 3 displays the log entries generated every time an IPS engine process stopped. There are various reasons why these logs are generated:Manual: Because of the configuration, IPS no longer needs to run (that is, all IPS-releated features have been disabled)

NEW QUESTION 12
Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

• A. Enable the redistribution of connected routers into BGP.
• B. Enable the redistribution of static routers into BGP.
• C. Disable the setting network-import-check.
• D. Enable the setting ebgp-multipath.

Answer: C

NEW QUESTION 13
View the exhibit, which contains the output of areal-time debug, and then answer the question below.

Which of the following statements is true regarding this output? (Choose two.)

• A. This web request was inspected using the root web filter profile.
• B. FortiGate found the requested URL in its localcache.
• C. The requested URL belongs to category ID 52.
• D. The web request was allowed by FortiGate.

Answer: BC

NEW QUESTION 14
What configuration changes can reduce the memory utilization in aFortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspect.

Answer: AD

NEW QUESTION 15
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.

Which action will FortiGate take ifa user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

• A. FortiGate will exempt the connection based on the Web Content Filter configuration.
• B. FortiGate will block the connection based on the URL Filterconfiguration.
• C. FortiGate will allow the connection based on the FortiGuard category based filter configuration.
• D. FortiGate will block the connection as an invalid URL.

Answer: B

Explanation:
fortigate does it in order Static URL -> FortiGuard – > Content -> Advanced (java, cookie removal..)so block it in first step

NEW QUESTION 16
An administrator has decreased all the TCP session timers to optimize theFortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

• A. TCP half open.
• B. TCP half close.
• C. TCP time wait.
• D. TCP session time to live.

Answer: A

Explanation:
http://docs-legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/commo
n/html/wwhelp.htm?context=fgt&file=CLI_get_Commands.58.25.html
The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACKremains in the table.
The tcp-halfclose-timer controls for how long, after a FIN packet, asession without FIN/ACKremains in the table.
The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in thetable. A closed session remains in the session table for a few seconds more to allow any out-of-sequence packet.

NEW QUESTION 17
View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

• A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
• B. It isan ICMP session from 10.1.10.10 to 10.200.5.1.
• C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
• D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Answer: A

NEW QUESTION 18
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

• A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.
• B. The TCP session for the BGP connection to 10.200.3.1 is down.
• C. The local peer has received the BGP prefixed from the remote peer.
• D. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Answer: B

Explanation:
http://www.ciscopress.com/articles/article.asp?p=2756480&seqNum=4

NEW QUESTION 19
Which of the followingstatements is true regarding a FortiGate configured as an explicit web proxy?

• A. FortiGate limits the number of simultaneous sessions per explicit web proxy use
• B. This limit CANNOT be modified by the administrator.
• C. FortiGate limits the total number of simultaneous explicit web proxy users.
• D. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
• E. FortiGate limits the number of workstations that authenticate using thesame web proxy user credentials.This limit CANNOT be modified by the administrator.

Answer: B

Explanation:
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/web_proxy.htm#Explicit2
The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higherthan the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

NEW QUESTION 20
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

• A. The debug output shows phases 1 and 2 negotiations onl
• B. Once the tunnel is up, it does not show any more output.
• C. The log-filter setting was setincorrectl
• D. The VPN’s traffic does not match this filter.
• E. The debug shows only error message
• F. If there is no output, then the tunnel is operating normally.
• G. The debug output shows phase 1 negotiation onl
• H. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

Answer: D

NEW QUESTION 21
What is the purpose of an internal segmentation firewall (ISFW)?

• A. It inspects incoming traffic to protect services in the corporate DMZ.
• B. It is the first line of defense at the network perimeter.
• C. It splits the network into multiple security segments to minimize the impact of breaches.
• D. It is an all-in-one security appliance that is placed at remotesites to extend the enterprise network.

Answer: C

Explanation:
ISFW splits your network into multiple security segments. They serve as a breach containers from attacks that come from inside.

NEW QUESTION 22
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?

• A. There is not enough available memory in the system to create a new entry in the NAT port table.
• B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
• C. FortiGate does not have any available NAT port for a new connection.
• D. The limit for the maximum number of entries in the NAT port table has been reached.

Answer: B

NEW QUESTION 23
......