NSE7_EFW-6.0 Online Practice Questions and Answers

View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A. 10.0.1.244

B. Public FortiGuard servers

C. 10.0.1.240

D. 10.0.1.242

View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which one of the following statements about the output is true?

A. This session is for HA heartbeat traffic.

B. This session cannot be synced with the slave unit.

C. The master unit is processing this traffic.

D. The inspection of this session has been offloaded to the slave unit.

View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration? (Choose two.)

A. IPS will scan every byte in every session.

B. IPS acceleration is disabled in this FortiGate device's configuration.

C. New packets requiring IPS inspection will be passed through during conserve mode.

D. FortiGate will spawn IPS engine instances based on the system load.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn't the tunnel come up?

A. The remote gateway is using aggressive mode and the local gateway is configured to use main mode.

B. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

C. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration

D. The pre-shared keys do not match.

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

A. It is currently in system conserve mode because of high CPU usage.

B. It is currently in extreme conserve mode because of high memory usage.

C. It is currently in proxy conserve mode because of high memory usage.

D. It is currently in memory conserve mode because of high memory usage.

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

A. FortiGate used 209.222.147.36 as the initial server to validate its contract.

B. Servers with the D flag are considered to be down.

C. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.

D. Servers with a negative TZ value are experiencing a service outage.

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

A. Port4 is connected to the OSPF backbone area.

B. In the network connected to port4, two OSPF routers are down.

C. The local FortiGate is the backup designated router.

D. The local FortiGate's OSPF router ID is 0.0.0.4.

View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

A. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

B. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

C. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

D. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

What does the dirty flag mean in a FortiGate session?

A. The session must be removed from the former primary unit after an HA failover.

B. Traffic has been identified as from an application that is not allowed.

C. The next packet must be re-evaluated against the firewall policies.

D. Traffic has been blocked by the antivirus inspection.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Which of the following statements about this debug output are correct? (Choose two.)

A. It shows a phase 1 negotiation.

B. The initiator has provided remote as its IPsec peer ID.

C. The negotiation is using AES128 encryption with CBC hash.

D. The remote gateway IP address is 10.0.0.1.