NSE7_EFW-7.0 Online Practice Questions and Answers

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

A. TCP half open.

B. TCP half close.

C. TCP time wait.

D. TCP session time to live.

View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A. 10.0.1.240

B. One of the public FortiGuard distribution servers

C. 10.0.1.244

D. 10.0.1.242

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands to an SSH session on FortiGate: diagnose vpn ike log-filter dst-addr4 10.0.10.1 diagnose debug application ike -1 However, the IKE real-time debug does not show any output. Why?

A. The administrator must also run the command diagnose debug enable.

B. The administrator must enable the following real-time debug: diagnose debug application ipsec -1.

C. The log-filter setting is incorrect. The VPN traffic does not match this filter.

D. The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

A. There are two sessions that have not been removed in case of any out-of-order packets that arrive.

B. There are 166 TCP sessions waiting to complete the three-way handshake.

C. 162 sessions have been deleted because of memory page exhaustion.

D. All the sessions in the session table are TCP sessions.

Refer to the exhibit, which shows the output of a debug command.

What can be concluded from the debug command output?

A. The OSPF router with the ID 0.0.0.69 has its OSPF priority set to 0.

B. The local FortiGate has a different MTU value from the OSPF router with ID 0.0.0.2, based on the state information.

C. There are more than two OSPF routers on the wan2 network.

D. The interface ToRemote is a broadcast OSPF network.

Which statement about NGFW policy-based application filtering is true?

A. After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

B. The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

C. After IPS identifies the application, it adds an entry to a dynamic ISDB table.

D. FortiGate will drop all packets until the application can be identified.

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

A. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

B. Redirection of HTTP to HTTPS administrative access is disabled.

C. HTTP administrative access is configured with a port number different than 80.

D. The packet is denied because of reverse path forwarding check.

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn't the tunnel come up?

A. The pre-shared keys do not match.

B. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration.

C. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

D. The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

In which two states is a given session categorized as ephemeral? (Choose two.)

A. A TCP session waiting for FIN ACK

B. A UDP session with packets sent and received

C. A UDP session with only one packet received

D. A TCP session waiting for the SYN ACK

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

A. Phase 2 authentication is set to sha1 on both sides.

B. Anti-replay is disabled.

C. Hub2Spoke1 is a policy-based VPN.

D. Hub2Spoke1 is configured on interface wan2.