NSE7_EFW-6.4 Online Practice Questions and Answers

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

A. The remote gateway IP address is 10.0.0.1.

B. The initiator provided remote as its IPsec peer ID.

C. It shows a phase 1 negotiation.

D. The negotiation is using AES128 encryption with CBC hash.

Examine the following partial outputs from two routing debug commands; then answer the question below:

Why the default route using port2 is not displayed in the output of the second command?

A. It has a lower priority than the default route using port1.

B. It has a higher priority than the default route using port1.

C. It has a higher distance than the default route using port1.

D. It is disabled in the FortiGate configuration.

An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

A. diagnose sniffer packet any `udp port 500'

B. diagnose sniffer packet any `udp port 4500'

C. diagnose sniffer packet any `esp'

D. diagnose sniffer packet any `udp port 500 or udp port 4500'

Which of the following statements are correct regarding application layer test commands? (Choose two.)

A. They are used to filter real-time debugs.

B. They display real-time application debugs.

C. Some of them display statistics and configuration information about a feature or process.

D. Some of them can be used to restart an application.

View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

A. It is currently in system conserve mode because of high CPU usage.

B. It is currently in FD conserve mode.

C. It is currently in kernel conserve mode because of high memory usage.

D. It is currently in system conserve mode because of high memory usage.

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

A. The local FortiGate OSPF router ID is 0.0.0.4.

B. Port4 is connected to the OSPF backbone area.

C. In the network connected to port4, two OSPF routers are down.

D. The local FortiGate is the backup designated router.

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

A. Neighbor range

B. Route reflector

C. Next-hop-self

D. Neighbor group

When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?

A. FortiGate uses the requested URL from the user's web browser.

B. FortiGate uses the CN information from the Subject field in the server certificate.

C. FortiGate blocks the request without any further inspection.

D. FortiGate switches to the full SSL inspection method to decrypt the data.

An administrator added the following Ipsec VPN to a FortiGate configuration: configvpn ipsec phasel -interface edit "RemoteSite" set type dynamic set interface "portl" set mode main set psksecret ENC LCVkCiK2E2PhVUzZe next end config vpn ipsec phase2-interface edit "RemoteSite" set phasel name "RemoteSite" set proposal 3des-sha256 next end However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while

attempting the Ipsec connection. The output is shown in the exhibit.

What is causing the IPsec problem in the phase 1 ?

A. The incoming IPsec connection is matching the wrong VPN configuration

B. The phrase-1 mode must be changed to aggressive

C. The pre-shared key is wrong

D. NAT-T settings do not match

Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)

A. The link health monitor (if configured) is up.

B. There is no other route, to the same destination, with a higher distance.

C. The outgoing interface is up.

D. The next-hop IP address is up.