Fortinet nse7-efw-6-4 practice test

Fortinet NSE 7 - Enterprise Firewall 6.4 Exam

Last exam update: Jul 20 ,2024
Page 1 out of 7. Viewing questions 1-15 out of 115

Question 1

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

  • A. The local FortiGate OSPF router ID is 0.0.0.4.
  • B. Port4 is connected to the OSPF backbone area.
  • C. In the network connected to port4, two OSPF routers are down.
  • D. The local FortiGate is the backup designated router.
Answer:

A, B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Area 0.0.0.0 is the backbone area.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

  • A. Phase 2 authentication is set to sha1 on both sides.
  • B. Anti-replay is disabled.
  • C. Hub2Spoke1 is a policy-based VPN.
  • D. Hub2Spoke1 is configured on interface wan2.
Answer:

A, D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

  • A. Installing configuration changes to managed devices
  • B. Importing interface mappings from managed devices
  • C. Adding devices to FortiManager
  • D. Previewing pending configuration changes for managed devices
Answer:

A, D

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://docs.fortinet.com/document/fortimanager/6.2.0/administration-
guide/668612/using-the-install-wizard-to-install-device-settings-only

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4


Refer to the exhibit, which contains the output of get system ha status.
Which two statements about the output are true? (Choose two.)

  • A. The slave configuration is synchronized with the master.
  • B. port7 is used as the HA heartbeat on all devices in the cluster.
  • C. Master is selected based on the priority configured under config system ha.
  • D. The HA management IP is 169.254.0.2.
Answer:

BC

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but failed to apply any changes to
the managed device after being executed.
Why did the TCL script fail to make any changes to the managed device?

  • A. Changes in an interface configuration can only be done by CLI script.
  • B. The TCL script must start with #include <>.
  • C. Incomplete commands are ignored in TCL scripts.
  • D. The TCL command run_cmd has not been created.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter
web requests when the client browser does not provide the server name indication (SNI) extension?

  • A. FortiGate uses the requested URL from the user’s web browser.
  • B. FortiGate uses the CN information from the Subject field in the server certificate.
  • C. FortiGate blocks the request without any further inspection.
  • D. FortiGate switches to the full SSL inspection method to decrypt the data.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which two conditions must be met for a statistic route to be active in the routing table? (Choose
two.)

  • A. The link health monitor (if configured) is up.
  • B. There is no other route, to the same destination, with a higher distance.
  • C. The outgoing interface is up.
  • D. The next-hop IP address is up.
Answer:

A,C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

  • A. The local router has received a total of three BGP prefixes from all peers.
  • B. The local router has not established a TCP session with 100.64.3.1.
  • C. Since the counters were last reset, the 10.200.3.1 peer has never been down.
  • D. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

  • A. This session cannot be synced with the slave unit.
  • B. The inspection of this session has been offloaded to the slave unit.
  • C. The master unit is processing this traffic.
  • D. This session is for HA heartbeat traffic.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What is the diagnose test application ipsmonitor 99 command used for?

  • A. To enable IPS bypass mode
  • B. To provide information regarding IPS sessions
  • C. To disable the IPS engine
  • D. To restart all IPS engines and monitors
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

  • A. Anti-replay is enabled.
  • B. DPD is disabled.
  • C. Remote gateway IP is 10.200.4.1.
  • D. Quick mode selectors are disabled.
Answer:

A,C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which two configuration settings change the behavior for content-inspected traffic while FortiGate is
in conserve mode? (Choose two.)

  • A. IPS failopen
  • B. mem failopen
  • C. AV failopen
  • D. UTM failopen
Answer:

A,C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

View the exhibit, which contains the output of a BGP debug command, and then answer the question
below.

Which of the following statements about the exhibit are true? (Choose two.)

  • A. The local router's BGP state is Established with the 10.125.0.60 peer.
  • B. Since the counters were last reset; the 10.200.3.1 peer has never been down.
  • C. The local router has received a total of three BGP prefixes from all peers.
  • D. The local router has not established a TCP session with 100.64.3.1.
Answer:

A,D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

View the exhibit, which contains the output of a debug command, and then answer the question
below.

Which one of the following statements about this FortiGate is correct?

  • A. It is currently in system conserve mode because of high CPU usage.
  • B. It is currently in extreme conserve mode because of high memory usage.
  • C. It is currently in proxy conserve mode because of high memory usage.
  • D. It is currently in memory conserve mode because of high memory usage.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

  • A. It has a higher priority value than the default route using port1.
  • B. It is disabled in the FortiGate configuration.
  • C. It has a lower priority value than the default route using port1.
  • D. It has a higher distance than the default route using port1.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2