NSE7_EFW-6.2 Online Practice Questions and Answers

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth)

and IKE mode configuration. The administrator has also enabled the IKE real time debug:

diagnose debug application ike-1

diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial-up user is

connecting to the VPN?

A. Phase1; IKE mode configuration; XAuth; phase 2.

B. Phase1; XAuth; IKE mode configuration; phase2.

C. Phase1; XAuth; phase 2; IKE mode configuration.

D. Phase1; IKE mode configuration; phase 2; XAuth.

The logs in a FSSO collector agent (CA) are showing the following error: failed to connect to registry: PIKA1026 (192.168.12.232)

What can be the reason for this error?

A. The CA cannot resolve the name of the workstation.

B. The FortiGate cannot resolve the name of the workstation.

C. The remote registry service is not running in the workstation 192.168.12.232.

D. The CA cannot reach the FortiGate with the IP address 192.168.12.232.

Examine the output of the `get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

B. The TCP session for the BGP connection to 10.200.3.1 is down.

C. The local peer has received the BGP prefixed from the remote peer.

D. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question

below.

Why didn't the tunnel come up?

A. IKE mode configuration is not enabled in the remote IPsec gateway.

B. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.

C. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.

D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

A. cnid.

B. username.

C. password.

D. dn.

View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?

A. The session would remain in the session table, and its traffic would still egress from port1.

B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C. The session would remain in the session table, and its traffic would start to egress from port2.

D. The session would be deleted, so the client would need to start a new session.

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

A. Neighbor range

B. Route reflector

C. Next-hop-self

D. Neighbor group

View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

A. It is currently in system conserve mode because of high CPU usage.

B. It is currently in extreme conserve mode because of high memory usage.

C. It is currently in proxy conserve mode because of high memory usage.

D. It is currently in memory conserve mode because of high memory usage.

Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

A. The local router has received a total of three BGP prefixes from all peers.

B. The local router has not established a TCP session with 100.64.3.1.

C. Since the counters were last reset, the 10.200.3.1 peer has never been down.

D. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.

Refer to the exhibit, which contains the output of get system ha status. Which two statements about the output are true? (Choose two.)

A. The slave configuration is synchronized with the master.

B. port7 is used as the HA heartbeat on all devices in the cluster.

C. Master is selected based on the priority configured under config system ha.

D. The HA management IP is 169.254.0.2.