Fortinet NSE7_EFW-6.4 Fortinet NSE 7 – Enterprise Firewall 6.4 Online Training
Fortinet NSE7_EFW-6.4 Online Training
The questions for NSE7_EFW-6.4 were last updated at Nov 22,2024.
- Exam Code: NSE7_EFW-6.4
- Exam Name: Fortinet NSE 7 - Enterprise Firewall 6.4
- Certification Provider: Fortinet
- Latest update: Nov 22,2024
Refer to the exhibit, which shows a partial routing table.
Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)
- A . Source IP address: 10.1.0.10. Destination IP address: 10.64.1.52
- B . Source IPaddress: 10.72.3.52. Destination IP address: 10.1.0.254
- C . Source IPaddress: 10.10.4.24, Destination IPaddress: 10.72.3.20
- D . Source IPaddress: 10.73.9.10, Destination IPaddress: 10.72.3.15
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?
- A . The administrator must increase webfilter-timeout.
- B . The administrator must disable webfilter-force-off.
- C . The administrator must change protocol to TCP.
- D . The administrator must enable fortiguard-anycast.
View the exhibit, which contains the output of a diagnose command, and then answer the question below.
What statements are correct regarding the output? (Choose two.)
- A . This is an expected session created by a session helper.
- B . Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
- C . Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
- D . This is an expected session created by an application control profile.
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
- A . BGP state of the peer 10.125.0.60 is Established.
- B . BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
- C . Local BGP peer has not received an OpenConfirm from 10.200.3.1.
- D . The local BGP peer has received a total of 3 BGP prefixes.
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network .
What HA setting must be changed in one of the HA clusters to fix the problem?
- A . Group ID.
- B . Group name.
- C . Session pickup.
- D . Gratuitous ARPs.
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.
Which of the following statements about the exhibit are true? (Choose two.)
- A . For the peer 10.125.0.60, the BGP state of is Established.
- B . The local BGP peer has received a total of three BGP prefixes.
- C . Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.
- D . The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.
Examine the IPsec configuration shown in the exhibit; then answer the question below.
An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output .
Why isn’t there any output?
- A . The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
- B . The log-filter setting is set incorrectly. The VPN’s traffic does not match this filter.
- C . The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
- D . The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?
- A . Diagnose debug application radius -1.
- B . Diagnose debug application fnbamd -1.
- C . Diagnose authd console Clog enable.
- D . Diagnose radius console Clog enable.
View the exhibit, which contains the output of get sys ha status, and then answer the question below.
Which statements are correct regarding the output? (Choose two.)
- A . The slave configuration is not synchronized with the master.
- B . The HA management IP is 169.254.0.2.
- C . Master is selected because it is the only device in the cluster.
- D . port 7 is used the HA heartbeat on all devices in the cluster.
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)
- A . A process crash.
- B . Configuration changes.
- C . Changes in the status of any of the FortiGuard licenses.
- D . System entering to and leaving from the proxy conserve mode.
Latest NSE7_EFW-6.4 Dumps Valid Version with 102 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
c