Labour Day - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-6.4
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers
Note! The NSE7_EFW-6.4 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the NSE7_EFW-7.0 Exam.

NSE7_EFW-6.4 Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Questions 4

Which statement is true regarding File description (FD) conserve mode?

Options:

A.

IPS inspection is affected when FortiGate enters FD conserve mode.

B.

A FortiGate enters FD conserve mode when the amount of available description is less than 5%.

C.

FD conserve mode affects all daemons running on the device.

D.

Restarting the WAD process is required to leave FD conserve mode.

Buy Now
Questions 5

View the following FortiGate configuration.

NSE7_EFW-6.4 Question 5

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

NSE7_EFW-6.4 Question 5

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

Options:

A.

The session would remain in the session table, and its traffic would still egress from port1.

B.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C.

The session would remain in the session table, and its traffic would start to egress from port2.

D.

The session would be deleted, so the client would need to start a new session.

Buy Now
Questions 6

Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

Options:

A.

It caches available firmware updates for unmanaged devices.

B.

It can be configured as an update server, or a rating server, but not both.

C.

It supports rating requests from both managed and unmanaged devices.

D.

It provides VM license validation services.

Buy Now
Questions 7

Refer to the exhibit, which contains the debug output of diagnose dvm device list.

NSE7_EFW-6.4 Question 7

Which two statements about the output shown in the exhibit are correct? (Choose two.)

Options:

A.

ADOMs are disabled on the FortiManager

B.

The FortiGate configuration is in sync with latest running revision history.

C.

There are pending device-level changes yet to be installed on Local-FortiGate.

D.

The policy package has been modified for Local-FortiGate.

Buy Now
Questions 8

Which statement about NGFW policy-based application filtering is true?

Options:

A.

After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

B.

The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

C.

After IPS identifies the application, it adds an entry to a dynamic ISDB table.

D.

FortiGate will drop all packets until the application can be identified.

Buy Now
Questions 9

View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

NSE7_EFW-6.4 Question 9

Which statements are correct regarding the output shown? (Choose two.)

Options:

A.

There are 0 ephemeral sessions.

B.

All the sessions in the session table are TCP sessions.

C.

No sessions have been deleted because of memory pages exhaustion.

D.

There are 166 TCP sessions waiting to complete the three-way handshake.

Buy Now
Questions 10

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

Options:

A.

Primary unit stops sending HA heartbeat keepalives.

B.

The FortiGuard license for the primary unit is updated.

C.

One of the monitored interfaces in the primary unit is disconnected.

D.

A secondary unit is removed from the HA cluster.

Buy Now
Questions 11

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

NSE7_EFW-6.4 Question 11

An administrator has configured the TCL script on FortiManager, but failed to apply any changes to the managed device after being executed.

Why did the TCL script fail to make any changes to the managed device?

Options:

A.

Changes in an interface configuration can only be done by CLI script.

B.

The TCL script must start with #include <>.

C.

Incomplete commands are ignored in TCL scripts.

D.

The TCL command run_cmd has not been created.

Buy Now
Questions 12

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

NSE7_EFW-6.4 Question 12

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

Options:

A.

Change phase 1 encryption to 3DES and authentication to SHA128.

B.

Change phase 1 encryption to AES128 and authentication to SHA512.

C.

Change phase 1 encryption to AESCBC and authentication to SHA2.

D.

Change phase 1 encryption to AES256 and authentication to SHA256.

Buy Now
Questions 13

Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

Options:

A.

The next-hop IP address is up.

B.

There is no other route, to the same destination, with a higher distance.

C.

The link health monitor (if configured) is up.

D.

The next-hop IP address belongs to one of the outgoing interface subnets.

E.

The outgoing interface is up.

Buy Now
Questions 14

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

NSE7_EFW-6.4 Question 14

What should the administrator check to fix the problem?

Options:

A.

The connectivity between the FortiGate unit and the DNS server.

B.

The connectivity between the client workstations and the DNS server.

C.

That DNS traffic from client workstations is allowed by the explicit web proxy policies.

D.

That DNS service is enabled in the explicit web proxy interface.

Buy Now
Questions 15

Examine the following partial output from two system debug commands; then answer the question below.

NSE7_EFW-6.4 Question 15

NSE7_EFW-6.4 Question 15

Which of the following statements are true regarding the above outputs? (Choose two.)

Options:

A.

The unit is running a 32-bit FortiOS

B.

The unit is in kernel conserve mode

C.

The Cached value is always the Active value plus the Inactive value

D.

Kernel indirectly accesses the low memory (LowTotal) through memory paging

Buy Now
Questions 16

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.

# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.

What should the administrator check?

Options:

A.

The IP address recorded in the logon event for the user STUDENT.

B.

The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.

C.

The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.

D.

The reserve DNS lookup forthe IP address 192.168.3.1.

Buy Now
Questions 17

View the exhibit, which contains the output of a debug command, and then answer the question below.

NSE7_EFW-6.4 Question 17

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

In the network on port4, two OSPF routers are down.

B.

Port4 is connected to the OSPF backbone area.

C.

The local FortiGate’s OSPF router ID is 0.0.0.4

D.

The local FortiGate has been elected as the OSPF backup designated router.

Buy Now
Questions 18

Examine the following partial output from a sniffer command; then answer the question below.

NSE7_EFW-6.4 Question 18

What is the meaning of the packets dropped counter at the end of the sniffer?

Options:

A.

Number of packets that didn’t match the sniffer filter.

B.

Number of total packets dropped by the FortiGate.

C.

Number of packets that matched the sniffer filter and were dropped by the FortiGate.

D.

Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Buy Now
Exam Code: NSE7_EFW-6.4
Exam Name: Fortinet NSE 7 - Enterprise Firewall 7.0
Last Update: Dec 1, 2023
Questions: 1
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 02 May 2024