Download Fortinet NSE 7 - Enterprise Firewall 6.4.NSE7_EFW-6.4.VCEplus.2021-11-24.35q.vcex

Vendor: Fortinet
Exam Code: NSE7_EFW-6.4
Exam Name: Fortinet NSE 7 - Enterprise Firewall 6.4
Date: Nov 24, 2021
File Size: 9 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
  1. Installing configuration changes to managed devices
  2. Importing interface mappings from managed devices
  3. Adding devices to FortiManager
  4. Previewing pending configuration changes for managed devices
Correct answer: AD
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/668612/using-the-install-wizard-to-install-device-settings-only     
Reference: https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/668612/using-the-install-wizard-to-install-device-settings-only 
    
Question 2
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.  
    
Based on the output, which two statements are correct? (Choose two.)
  1. Phase 2 authentication is set to sha1 on both sides.
  2. Anti-replay is disabled.
  3. Hub2Spoke1 is a policy-based VPN.
  4. Hub2Spoke1 is configured on interface wan2.
Correct answer: AD
Question 3
Refer to the exhibit, which shows the output of a debug command.  
     
  
Which two statements about the output are true? (Choose two.)
  1. The local FortiGate OSPF router ID is 0.0.0.4.
  2. Port4 is connected to the OSPF backbone area.
  3. In the network connected to port4, two OSPF routers are down.
  4. The local FortiGate is the backup designated router.
Correct answer: AB
Explanation:
Area 0.0.0.0 is the backbone area.
Area 0.0.0.0 is the backbone area.
Question 4
Refer to the exhibit, which contains the partial output of a diagnose command.  
     
  
Based on the output, which two statements are correct? (Choose two.)   
  1. Anti-replay is enabled
  2. The remote gateway IP is 10.200.4.1.
  3. DPD is disabled.
  4. Quick mode selectors are disabled.
Correct answer: AB
Question 5
Refer to the exhibit, which contains partial output from an IKE real-time debug.  
   
  
Which two statements about this debug output are correct? (Choose two.)
  1. The remote gateway IP address is 10.0.0.1.
  2. The initiator provided remote as its IPsec peer ID.
  3. It shows a phase 1 negotiation.
  4. The negotiation is using AES128 encryption with CBC hash.
Correct answer: BC
Question 6
Refer to the exhibit, which shows the output of a BGP debug command.  
   
  
Which statement about the exhibit is true?
  1. The local router has not established a TCP session with 100.64.3.1
  2. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
  3. Since the counters were last reset, the 100.64.3.1 peer has never been down.
  4. The local router has received a total of three BGP prefixes from all peers.
Correct answer: A
Explanation:
Active means it is actively trying to establish a TCP connection using port 179, but has not yet actually established one.
Active means it is actively trying to establish a TCP connection using port 179, but has not yet actually established one.
Question 7
Refer to the exhibit, which contains a TCL script configuration on FortiManager.  
    
  
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.  
Why did the TCL script fail to make any changes to the managed device?
  1. The TCL script must start with #include <>.
  2. The TCL command run_cmd has not been created. 
  3. Changes to an interface configuration can be made only by a CLI script.
  4. Incomplete commands are ignored in TCL scripts.
Correct answer: B
Question 8
Refer to the exhibit, which contains the debug output of diagnose dvm device list.  
    
  
Which two statements about the output shown in the exhibit are correct? (Choose two.)
  1. ADOMs are disabled on the FortiManager
  2. The FortiGate configuration is in sync with latest running revision history.  
  3. There are pending device-level changes yet to be installed on Local-FortiGate.
  4. The policy package has been modified for Local-FortiGate.
Correct answer: BC
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade-guide/959309/cli-example-of-diagnose-dvm-device-list    
Reference: https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade-guide/959309/cli-example-of-diagnose-dvm-device-list 
   
Question 9
Refer to the exhibit, which shows a FortiGate configuration.  
   
  
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.  
What must the administrator change to fix the issue?
  1. The administrator must increase webfilter-timeout.
  2. The administrator must disable webfilter-force-off.
  3. The administrator must change protocol to TCP.
  4. The administrator must enable fortiguard-anycast.
Correct answer: D
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.4.5/cli-reference/109620/config-system-fortiguard     
Reference: https://docs.fortinet.com/document/fortigate/6.4.5/cli-reference/109620/config-system-fortiguard 
    
Question 10
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
  1. FortiGate uses the CN information from the Subject field in the server certificate.
  2. FortiGate switches to the full SSL inspection method to decrypt the data.  
  3. FortiGate uses the requested URL from the user’s web browser.
  4. FortiGate blocks the request without any further inspection.
Correct answer: A
Explanation:
Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection    
Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection 
   
Question 11
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
  1. Installing configuration changes to managed devices
  2. Importing interface mappings from managed devices
  3. Adding devices to FortiManager
  4. Previewing pending configuration changes for managed devices
Correct answer: AD
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/668612/using-the-install-wizard-to-install-device-settings-only     
Reference: https://docs.fortinet.com/document/fortimanager/6.2.0/administration-guide/668612/using-the-install-wizard-to-install-device-settings-only 
    
Question 12
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.  
    
Based on the output, which two statements are correct? (Choose two.)
  1. Phase 2 authentication is set to sha1 on both sides.
  2. Anti-replay is disabled.
  3. Hub2Spoke1 is a policy-based VPN.
  4. Hub2Spoke1 is configured on interface wan2.
Correct answer: AD
Question 13
Refer to the exhibit, which shows the output of a debug command.  
     
  
Which two statements about the output are true? (Choose two.)
  1. The local FortiGate OSPF router ID is 0.0.0.4.
  2. Port4 is connected to the OSPF backbone area.
  3. In the network connected to port4, two OSPF routers are down.
  4. The local FortiGate is the backup designated router.
Correct answer: AB
Explanation:
Area 0.0.0.0 is the backbone area.
Area 0.0.0.0 is the backbone area.
Question 14
Refer to the exhibit, which contains the partial output of a diagnose command.  
     
  
Based on the output, which two statements are correct? (Choose two.)   
  1. Anti-replay is enabled
  2. The remote gateway IP is 10.200.4.1.
  3. DPD is disabled.
  4. Quick mode selectors are disabled.
Correct answer: AB
Question 15
Refer to the exhibit, which contains partial output from an IKE real-time debug.  
   
  
Which two statements about this debug output are correct? (Choose two.)
  1. The remote gateway IP address is 10.0.0.1.
  2. The initiator provided remote as its IPsec peer ID.
  3. It shows a phase 1 negotiation.
  4. The negotiation is using AES128 encryption with CBC hash.
Correct answer: BC
Question 16
Refer to the exhibit, which shows the output of a BGP debug command.  
   
  
Which statement about the exhibit is true?
  1. The local router has not established a TCP session with 100.64.3.1
  2. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
  3. Since the counters were last reset, the 100.64.3.1 peer has never been down.
  4. The local router has received a total of three BGP prefixes from all peers.
Correct answer: A
Explanation:
Active means it is actively trying to establish a TCP connection using port 179, but has not yet actually established one.
Active means it is actively trying to establish a TCP connection using port 179, but has not yet actually established one.
Question 17
Refer to the exhibit, which contains a TCL script configuration on FortiManager.  
    
  
An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.  
Why did the TCL script fail to make any changes to the managed device?
  1. The TCL script must start with #include <>.
  2. The TCL command run_cmd has not been created. 
  3. Changes to an interface configuration can be made only by a CLI script.
  4. Incomplete commands are ignored in TCL scripts.
Correct answer: B
Question 18
Refer to the exhibit, which contains the debug output of diagnose dvm device list.  
    
  
Which two statements about the output shown in the exhibit are correct? (Choose two.)
  1. ADOMs are disabled on the FortiManager
  2. The FortiGate configuration is in sync with latest running revision history.  
  3. There are pending device-level changes yet to be installed on Local-FortiGate.
  4. The policy package has been modified for Local-FortiGate.
Correct answer: BC
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade-guide/959309/cli-example-of-diagnose-dvm-device-list    
Reference: https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade-guide/959309/cli-example-of-diagnose-dvm-device-list 
   
Question 19
Refer to the exhibit, which shows a FortiGate configuration.  
   
  
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.  
What must the administrator change to fix the issue?
  1. The administrator must increase webfilter-timeout.
  2. The administrator must disable webfilter-force-off.
  3. The administrator must change protocol to TCP.
  4. The administrator must enable fortiguard-anycast.
Correct answer: D
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.4.5/cli-reference/109620/config-system-fortiguard     
Reference: https://docs.fortinet.com/document/fortigate/6.4.5/cli-reference/109620/config-system-fortiguard 
    
Question 20
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
  1. FortiGate uses the CN information from the Subject field in the server certificate.
  2. FortiGate switches to the full SSL inspection method to decrypt the data.  
  3. FortiGate uses the requested URL from the user’s web browser.
  4. FortiGate blocks the request without any further inspection.
Correct answer: A
Explanation:
Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection    
Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection 
   
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!