Fortinet NSE 7 - Enterprise Firewall 6.0 (NSE7_EFW-6.0) Free Practice Test

Question 1

Examine the output from the 'diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

A. diagnose sniffer packet any 'esp'

B. diagnose sniffer packet any 'host 10.0.10.10'

C. diagnose sniffer packet any 'port 4500'

D. diagnose sniffer packet any 'port 500'

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

A. It is an ICMP session from 10.1.10.10 to 10.200.5.1.

B. It is an ICMP session from 10.1.10.10 to 10.200.1.1.

C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.

D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Correct Answer: B

Question 3

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A. The local router has received a total of three BGP prefixes from all peers.

B. Since the counters were last reset; the 10.200.3.1 peer has never been down.

C. The local router has not established a TCP session with 100.64.3.1.

D. The local router's BGP state is Established with the 10.125.0.60 peer.

Correct Answer: C,D

Question 4

Examine the output of the 'get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

A. The local BGP peer has received a total of 3 BGP prefixes.

B. BGP state of the peer 10.125.0.60 is Established.

C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.

D. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.

Correct Answer: B,C

Question 5

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

A. Phase1; IKE mode configuration; phase 2; XAuth.

B. Phase1; XAuth; phase 2; IKE mode configuration.

C. Phase1; IKE mode configuration; XAuth; phase 2.

D. Phase1; XAuth; IKE mode configuration; phase2.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

A. TCP half open.

B. TCP half close.

C. TCP time wait.

D. TCP session time to live.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

View the exhibit, which contains the output of a real-time debug, and then answer the question below.

Which of the following statements is true regarding this output? (Choose two.)

A. The requested URL belongs to category ID 52.

B. FortiGate found the requested URL in its local cache.

C. This web request was inspected using the root web filter profile.

D. The web request was allowed by FortiGate.

Correct Answer: A,B

Question 8

Examine the output of the 'get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

B. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

C. The local peer has received the BGP prefixed from the remote peer.

D. The TCP session for the BGP connection to 10.200.3.1 is down.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

A. port2

B. Both port1 and port2

C. port1

D. port3

Correct Answer: B

Question 10

Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

A. Enable the redistribution of static routers into BGP.

B. Disable the setting network-import-check.

C. Enable the setting ebgp-multipath.

D. Enable the redistribution of connected routers into BGP.

Correct Answer: B

Welcome to TestSimulate

Fortinet NSE 7 - Enterprise Firewall 6.0 (NSE7_EFW-6.0) Free Practice Test