NSE7 Online Practice Questions and Answers

Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

A. Finance and banking

B. General organization.

C. Business.

D. Information technology.

The logs in a FSSO collector agent (CA) are showing the following error:

failed to connect to registry: PIKA1026 (192.168.12.232)

What can be the reason for this error?

A. The CA cannot resolve the name of the workstation.

B. The FortiGate cannot resolve the name of the workstation.

C. The remote registry service is not running in the workstation 192.168.12.232.

D. The CA cannot reach the FortiGate with the IP address 192.168.12.232.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn't the tunnel come up?

A. The pre-shared keys do not match.

B. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.

C. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B. SIP ALG supports SIP HA failover; SIP helper does not.

C. SIP ALG supports SIP over IPv6; SIP helper does not.

D. SIP ALG can create expected sessions for media traffic; SIP helper does not.

E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

A FortiGate device has the following LDAP configuration: The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

A. cnid.

B. username.

C. password.

D. dn.

Examine the following partial output from two system debug commands; then answer the question below.

Which of the following statements are true regarding the above outputs? (Choose two.)

A. The unit is running a 32-bit FortiOS

B. The unit is in kernel conserve mode

C. The Cached value is always the Active value plus the Inactive value

D. Kernel indirectly accesses the low memory (LowTotal) through memory paging

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

A. Neighbor range

B. Route reflector

C. Next-hop-self

D. Neighbor group

Examine the output of the `get router info ospf neighbor' command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

A. The interface ToRemote is OSPF network type point-to-point.

B. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.

C. The local FortiGate is the backup designated router for the wan1 network.

D. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1 network.

View the exhibit, which contains a session entry, and then answer the question below.

Which statement is correct regarding this session?

A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.

B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.

C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.

D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Examine the output of the `diagnose ips anomaly list' command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

A. Those whose traffic matches a DoS policy.

B. Those whose traffic matches an IPS sensor.

C. Those whose traffic exceeded a threshold of a matching DoS policy.

D. Those whose traffic was detected as an anomaly by an IPS sensor.