NSE7_EFW-7.0 Exam Dumps - Fortinet NSE 7 - Enterprise Firewall 7.0

Go to page:

Question # 9

Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

Full Access

Question # 10

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

This is an expected session created by a session helper.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

This is an expected session created by an application control profile.

Full Access

Question # 11

A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the â€˜diagnose debug authd fsso listâ€™ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

The user student must not be listed in the CAâ€™s ignore user list.

The user student must belong to one or more of the monitored user groups.

The student workstationâ€™s IP subnet must be listed in the CAâ€™s trusted list.

At least one of the studentâ€™s user groups must be allowed by a FortiGate firewall policy.

Full Access

Question # 12

In which two states is a given session categorized as ephemeral? (Choose two.)

A TCP session waiting for FIN ACK

A UDP session with packets sent and received

A UDP session with only one packet received

A TCP session waiting for the SYN ACK

Full Access

Question # 13

What are two functions of automation stitches? (Choose two.)

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.

An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

Full Access

Question # 14

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

Redirection of HTTP to HTTPS administrative access is disabled.

HTTP administrative access is configured with a port number different than 80.

The packet is denied because of reverse path forwarding check.

Full Access

Question # 15

An administrator added the following Ipsec VPN to a FortiGate configuration:

configvpn ipsec phasel -interface

edit "RemoteSite"

set type dynamic

set interface "portl"

set mode main

set psksecret ENC LCVkCiK2E2PhVUzZe

next

end

config vpn ipsec phase2-interface

edit "RemoteSite"

set phasel name "RemoteSite"

set proposal 3des-sha256

next

end

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.