New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0

NSE7_EFW-7.0 Exam Dumps - Fortinet NSE 7 - Enterprise Firewall 7.0

Go to page:
Question # 4

Which statement about IKE and IKE NAT-T is true?

A.

IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.

B.

IKE is the standard implementation for IKEv1 and IKE NAT-T is an extension added in IKEv2.

C.

They both use UDP as their transport protocol and the port number is configurable.

D.

They each use their own IP protocol number.

Full Access
Question # 5

A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

A.

The session would be deleted, and the client would need to start a new session.

B.

The session would remain in the session table, and its traffic would start to egress from port2.

C.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

D.

The session would remain in the session table, and its traffic would still egress from port1.

Full Access
Question # 6

View the IPS exit log, and then answer the question below.

# diagnose test application ipsmonitor 3

ipsengine exit log”

pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017

code = 11, reason: manual

What is the status of IPS on this FortiGate?

A.

IPS engine memory consumption has exceeded the model-specific predefined value.

B.

IPS daemon experienced a crash.

C.

There are communication problems between the IPS engine and the management database.

D.

All IPS-related features have been disabled in FortiGate’s configuration.

Full Access
Question # 7

Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

A.

BGP peers have successfully interchanged Open and Keepalive messages.

B.

Local BGP peer received a prefix for a default route.

C.

The state of the remote BGP peer is OpenConfirm.

D.

The state of the remote BGP peer will go to Connect after it confirms the received prefixes.

Full Access
Question # 8

Which statement about NGFW policy-based application filtering is true?

A.

After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

B.

The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

C.

After IPS identifies the application, it adds an entry to a dynamic ISDB table.

D.

FortiGate will drop all packets until the application can be identified.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps