Fortinet NSE 7 - Enterprise Firewall 6.4 (NSE7_EFW-6.4) Free Practice Test

Question 1

Refer to the exhibit, which shows a partial routing table.

Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)

A. Source IPaddress: 10.72.3.52. Destination IP address: 10.1.0.254

B. Source IP address: 10.1.0.10. Destination IP address: 10.64.1.52

C. Source IPaddress: 10.10.4.24, Destination IPaddress: 10.72.3.20

D. Source IPaddress: 10.73.9.10, Destination IPaddress: 10.72.3.15

Correct Answer: A,B

Question 2

View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?

A. The session would remain in the session table, and its traffic would still egress from port1.

B. The session would remain in the session table, and its traffic would start to egress from port2.

C. The session would remain in the session table, but its traffic would now egress from both port1 and port2.

D. The session would be deleted, so the client would need to start a new session.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?

A. FortiGate uses the requested URL from the user's web browser.

B. FortiGate switches to the full SSL inspection method to decrypt the data.

C. FortiGate uses the CN information from the Subject field in the server certificate.

D. FortiGate blocks the request without any further inspection.

Correct Answer: C

Question 4

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

A. The local FortiGate is the backup designated router.

B. Port4 is connected to the OSPF backbone area.

C. In the network connected to port4, two OSPF routers are down.

D. The local FortiGate OSPF router ID is 0.0.0.4.

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

What does the dirty flag mean in a FortiGate session?

A. The session must be removed from the former primary unit after an HA failover.

B. The next packet must be re-evaluated against the firewall policies.

C. Traffic has been identified as from an application that is not allowed.

D. Traffic has been blocked by the antivirus inspection.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Which statement about NGFW policy-based application filtering is true?

A. FortiGate will drop all packets until the application can be identified.

B. After IPS identifies the application, it adds an entry to a dynamic ISDB table.

C. The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

D. After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

Correct Answer: A

Question 7

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

A. Only the DR receives link state information from non-DR routers.

B. FortiGate first checks the OSPF ID to elect a DR.

C. Non-DR and non-BDR routers will form full adjacencies to DR and BDR only.

D. BDR is responsible for forwarding link state information from one router to another.

Correct Answer: C

Welcome to TestSimulate

Fortinet NSE 7 - Enterprise Firewall 6.4 (NSE7_EFW-6.4) Free Practice Test