Download Fortinet NSE 7 - Enterprise Firewall 6.2.NSE7_EFW-6.2.CertDumps.2020-11-22.101q.vcex

Vendor: Fortinet
Exam Code: NSE7_EFW-6.2
Exam Name: Fortinet NSE 7 - Enterprise Firewall 6.2
Date: Nov 22, 2020
File Size: 16 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:
   
What should the administrator check to fix the problem?
  1. The connectivity between the FortiGate unit and the DNS server.
  2. The connectivity between the client workstations and the DNS server.
  3. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
  4. That DNS service is enabled in the explicit web proxy interface.  
Correct answer: A
Question 2
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?
  1. TCP half open.
  2. TCP half close.
  3. TCP time wait.
  4. TCP session time to live.
Correct answer: A
Explanation:
http://docs-legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&file=CLI_get_Commands.58.25.html The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACKremains in the table. The tcp-halfclose-timer controls for how long, after a FIN packet, a session without FIN/ACKremains in the table. The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in thetable. A closed session remains in the session table for a few seconds more to allow any out-of-sequence packet.
http://docs-legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&file=CLI_get_Commands.58.25.html 
The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACKremains in the table. 
The tcp-halfclose-timer controls for how long, after a FIN packet, a session without FIN/ACKremains in the table. 
The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in thetable. A closed session remains in the session table for a few seconds more to allow any out-of-sequence packet.
Question 3
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below. 
# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB. 
What should the administrator check?
  1. The IP address recorded in the logon event for the user STUDENT.
  2. The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.  
  3. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.
  4. The reserve DNS lookup forthe IP address 192.168.3.1.
Correct answer: C
Question 4
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)
  1. A process crash.
  2. Configuration changes.
  3. Changes in the status of any of the FortiGuard licenses.
  4. System entering to and leaving from the proxy conserve mode. 
Correct answer: AD
Explanation:
diagnose debug crashlog read 275: 2014-08-05 13:03:53 proxy=acceptor service=imap session fail mode=activated276: 2014-08-0513:03:53 proxy=acceptor service=ftp session fail mode=activated277: 2014-08-05 13:03:53proxy=acceptor service=nntp session fail mode=activated278: 2014-08-06 11:05:47 service=kernelconserve=on free=”45034 pages” red=”45874 pages” msg=”Kernel279: 2014-08-06 11:05:47 entersconserve mode”280: 2014-08-06 13:07:16 service=kernel conserve=exit free=”86704 pages”green=”68811 pages”281: 2014-08-06 13:07:16 msg=”Kernel leaves conserve mode”282: 2014-08-0613:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201283: 2014-08-06 13:07:16marginexit=302
diagnose debug crashlog read 
275: 2014-08-05 13:03:53 proxy=acceptor service=imap session fail mode=activated276: 2014-08-05
13:03:53 proxy=acceptor service=ftp session fail mode=activated277: 2014-08-05 13:03:53
proxy=acceptor service=nntp session fail mode=activated278: 2014-08-06 11:05:47 service=kernel
conserve=on free=”45034 pages” red=”45874 pages” msg=”Kernel279: 2014-08-06 11:05:47 enters
conserve mode”280: 2014-08-06 13:07:16 service=kernel conserve=exit free=”86704 pages”
green=”68811 pages”281: 2014-08-06 13:07:16 msg=”Kernel leaves conserve mode”282: 2014-08-06
13:07:16 proxy=imd sysconserve=exited total=1008 free=349 marginenter=201283: 2014-08-06 13:07:16
marginexit=302
Question 5
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?
  1. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
  2. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.  
  3. Sends a link failed signal to all connected devices.
  4. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
Correct answer: A
Question 6
View the global IPS configuration, and then answer the question below. 
   
Which of the following statements is true regarding this configuration?
  1. IPS will scan every byte in every session.
  2. FortiGate will spawn IPS engine instances based on the system load.
  3. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.
  4. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.
Correct answer: A
Question 7
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?
  1. 1
  2. 2
  3. 3
  4. 4
Correct answer: B
Question 8
Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)
  1. The next-hop IP address is up.
  2. There is no other route, to the same destination, with a higher distance.
  3. The link health monitor (if configured) is up.
  4. The next-hop IP address belongs to one of the outgoing interface subnets.
  5. The outgoing interface is up.
Correct answer: CDE
Explanation:
A configured static route only goes to routing table from routing database when all the following are met :The outgoing interface is up There is no other matching route with a lower distance The link health monitor (if configured) is successful The next-hop IP address belongs to one of the outgoing interface subnets 
A configured static route only goes to routing table from routing database when all the following are met :
  • The outgoing interface is up 
  • There is no other matching route with a lower distance 
  • The link health monitor (if configured) is successful 
  • The next-hop IP address belongs to one of the outgoing interface subnets 
Question 9
View the IPS exit log, and then answer the question below. 
# diagnose test application ipsmonitor 3 
ipsengine exit log” 
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?
  1. IPS engine memory consumption has exceeded the model-specific predefined value.
  2. IPS daemon experienced a crash.
  3. There are communication problems between the IPS engine and the management database.
  4. All IPS-related features have been disabled in FortiGate’s configuration.
Correct answer: D
Explanation:
The command diagnose test application ipsmonitor includes many options that are useful for troubleshooting purposes.Option 3 displays the log entries generated every time an IPS engine process stopped. There are various reasons why these logs are generated:Manual: Because of the configuration, IPS no longer needs to run (that is, all IPS-releated features have been disabled)
The command diagnose test application ipsmonitor includes many options that are useful for troubleshooting purposes.Option 3 displays the log entries generated every time an IPS engine process stopped. There are various reasons why these logs are generated:Manual: Because of the configuration, IPS no longer needs to run (that is, all IPS-releated features have been disabled)
Question 10
View the exhibit, which contains the output of a diagnose command, and then answer the question below. 
   
Which statements are true regarding the output in the exhibit? (Choose two.)
  1. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
  2. Servers with the D flag are considered to be down.
  3. Servers with a negative TZ value are experiencing a service outage.
  4. FortiGate used 209.222.147.3 as the initial server to validate its contract.
Correct answer: AD
Explanation:
A – because flag is Failed so fortigate will check if server is available every 15 minD-state is I , contact to validate contract info
A – because flag is Failed so fortigate will check if server is available every 15 minD-state is I , contact to validate contract info
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!