Download Fortinet.CertDumps.NSE7.2018-07-21.1e.41q.vcex

Exam Fortinet Troubleshooting Professional
Number NSE7
File Name Fortinet.CertDumps.NSE7.2018-07-21.1e.41q.vcex
Size 6.07 Mb
Posted August 07, 2018


How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%

Demo Questions

Question 1

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing: 

What should the administrator check to fix the problem?

  • A: The connectivity between the FortiGate unit and the DNS server.
  • B: The connectivity between the client workstations and the DNS server.
  • C: That DNS traffic from client workstations is allowed by the explicit web proxy policies.
  • D: That DNS service is enabled in the explicit web proxy interface.
Question 2

Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

  • A: Diagnose debug application radius -1.
  • B: Diagnose debug application fnbamd -1.
  • C: Diagnose authd console –log enable.
  • D: Diagnose radius console –log enable.
Question 3

Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below. 

Which statement is true regarding the session in the exhibit?

  • A: It was created by the FortiGate kernel to allow push updates from FotiGuard.
  • B: It is for management traffic terminating at the FortiGate.
  • C: It is for traffic originated from the FortiGate.
  • D: It was created by a session helper or ALG.
Question 4

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. 
What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

  • A: Router ID.
  • B: OSPF interface area.
  • C: OSPF interface cost.
  • D: OSPF interface MTU.
  • E: Interface subnet mask.
Question 5

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1 
diagnose debug enable  
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

  • A: Phase1; IKE mode configuration; XAuth; phase 2.
  • B: Phase1; XAuth; IKE mode configuration; phase2.
  • C: Phase1; XAuth; phase 2; IKE mode configuration.
  • D: Phase1; IKE mode configuration; phase 2; XAuth.
Question 6

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. 
This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

  • A: Group ID.
  • B: Group name.
  • C: Session pickup.
  • D: Gratuitous ARPs.
Question 7

Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below. 

Which IP addresses are included in the output of this command?

  • A: Those whose traffic matches a DoS policy.
  • B: Those whose traffic matches an IPS sensor.
  • C: Those whose traffic exceeded a threshold of a matching DoS policy.
  • D: Those whose traffic was detected as an anomaly by an IPS sensor.
Question 8

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below. 

Why didn’t the tunnel come up?

  • A: IKE mode configuration is not enabled in the remote IPsec gateway.
  • B: The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.
  • C: The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.
  • D: One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
Question 9

A FortiGate device has the following LDAP configuration: 

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account: 

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

  • A: cnid.
  • B: username.
  • C: password.
  • D: dn.
Question 10

Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below. 

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

  • A: diagnose sniffer packet any ‘port 500’
  • B: diagnose sniffer packet any ‘esp’
  • C: diagnose sniffer packet any ‘host’
  • D: diagnose sniffer packet any ‘port 4500’