Fortinet NSE7_EFW-6.4 Fortinet NSE 7 – Enterprise Firewall 6.4 Online Training
Fortinet NSE7_EFW-6.4 Online Training
The questions for NSE7_EFW-6.4 were last updated at Nov 22,2024.
- Exam Code: NSE7_EFW-6.4
- Exam Name: Fortinet NSE 7 - Enterprise Firewall 6.4
- Certification Provider: Fortinet
- Latest update: Nov 22,2024
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)
- A . The remote gateway IP address is 10.0.0.1.
- B . The initiator provided remote as its IPsec peer ID.
- C . It shows a phase 1 negotiation.
- D . The negotiation is using AES128 encryption with CBC hash.
A FortiGate has two default routes:
All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:
What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?
- A . The session would be deleted, and the client would need to start a new session.
- B . The session would remain in the session table, and its traffic would start to egress from port2.
- C . The session would remain in the session table, but its traffic would now egress from
both port1 and port2. - D . The session would remain in the session table, and its traffic would still egress from port1.
View the central management configuration shown in the exhibit, and then answer the question below.
Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
- A . 10.0.1.240
- B . One of the public FortiGuard distribution servers
- C . 10.0.1.244
- D . 10.0.1.242
Examine the following partial outputs from two routing debug commands; then answer the question below:
Why the default route using port2 is not displayed in the output of the second command?
- A . It has a lower priority than the default route using port1.
- B . It has a higher priority than the default route using port1.
- C . It has a higher distance than the default route using port1.
- D . It is disabled in the FortiGate configuration.
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.
The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
- A . Phase1; IKE mode configuration; XAuth; phase 2.
- B . Phase1; XAuth; IKE mode configuration; phase2.
- C . Phase1; XAuth; phase 2; IKE mode configuration.
- D . Phase1; IKE mode configuration; phase 2; XAuth.
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?
- A . FortiGate will exempt the connection based on the Web Content Filter configuration.
- B . FortiGate will block the connection based on the URL Filter configuration.
- C . FortiGate will allow the connection based on the FortiGuard category based filter configuration.
- D . FortiGate will block the connection as an invalid URL.
Which statement about NGFW policy-based application filtering is true?
- A . After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.
- B . The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.
- C . After IPS identifies the application, it adds an entry to a dynamic ISDB table.
- D . FortiGate will drop all packets until the application can be identified.
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.
Which statement about this setting is true?
- A . It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
- B . It sends a link failed signal to all connected devices.
- C . It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.
- D . It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:
Which statements are true regarding the output in the exhibit? (Choose two.)
- A . BGP peers have successfully interchanged Open and Keepalive messages.
- B . Local BGP peer received a prefix for a default route.
- C . The state of the remote BGP peer is OpenConfirm.
- D . The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
View the exhibit, which contains the output of a diagnose command, and the answer the question below.
Which statements are true regarding the Weight value?
- A . Its initial value is calculated based on the round trip delay (RTT).
- B . Its initial value is statically set to 10.
- C . Its value is incremented with each packet lost.
- D . It determines which FortiGuard server is used for license validation.
Latest NSE7_EFW-6.4 Dumps Valid Version with 102 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
c