NSE7_EFW-7.0 Online Practice Questions and Answers

You have configured FortiManager as a local FDS to provide FortiGate AV and IPS updates, but FortiGate devices are not receiving updates to their AV signature databases, IPS engines, or IPS signature databases. Which two settings need to be verified for these features to function? (Choose two.)

A. FortiGate needs to have the server list entry for FortiManager set to server-type update under config system central-management.

B. FortiManager needs to be the license validation server for FortiGate devices trying to retrieve updated AV and IPS packages.

C. Service access needs to be enabled on FortiManager under System Settings > Network.

D. FortiGate needs to have include-default-servers disabled under config system central- management.

Refer to the exhibit, which contains the output of the diagnose vpn tunnel list. Which command will capture ESP traffic for the VPN named DialUp_0?

A. diagnose sniffer packet any `esp and host 10.200.3.2'

B. diagnose sniffer packet any `ip proto 50'

C. diagnose sniffer packet any `host 10.0.10.10'

D. diagnose sniffer packet any `port 4500'

View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

A. FortiGate will exempt the connection based on the Web Content Filter configuration.

B. FortiGate will block the connection based on the URL Filter configuration.

C. FortiGate will allow the connection based on the FortiGuard category based filter configuration.

D. FortiGate will block the connection as an invalid URL.

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to test session failover between the two service provider connections.

What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

A. Configure set snat-route-change enable.

B. Change the priority of the port2 static route to 5.

C. Change the priority of the port1 static route to 11.

D. unset snat-route-change to return it to the default setting.

Examine the output of the `diagnose ips anomaly list' command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

A. Those whose traffic matches a DoS policy.

B. Those whose traffic matches an IPS sensor.

C. Those whose traffic exceeded a threshold of a matching DoS policy.

D. Those whose traffic was detected as an anomaly by an IPS sensor.

View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

A. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

B. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

C. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

D. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

Refer to the exhibit, which shows the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

A. The local router has a different AS number than the remote peer.

B. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the openConfirm yet.

C. The local router initiated the BGP session to 10.200.3.1 but did not receive a response.

D. The router 10.200.3.1 has authentication configured for BGP and the local router does not.

Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

A. set av-failopen off

B. set av-failopen pass

C. set fail-open enable

D. set ips fail-open disable

A FortiGate device has the following LDAP configuration:

The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user -samid administrator

"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"

Based on the output, what FortiGate LDAP setting is configured incorrectly?

A. cnid.

B. username.

C. password.

D. dn.

Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

A. IPS failopen

B. mem failopen

C. AV failopen D. UTM failopen