Accurate Fortinet NSE7_EFW-7.0 Dump Online

NEW QUESTION 1
Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

• A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.
• B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
• C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.
• D. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.

Answer: AB

NEW QUESTION 2
What does the dirty flag mean in a FortiGate session?

• A. Traffic has been blocked by the antivirus inspection.
• B. The next packet must be re-evaluated against the firewall policies.
• C. The session must be removed from the former primary unit after an HA failover.
• D. Traffic has been identified as from an application that is not allowed.

Answer: B

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40119&sliceId=1

NEW QUESTION 3
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

• A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
• B. SIP ALG supports SIP HA failover; SIP helper does not.
• C. SIP ALG supports SIP over IPv6; SIP helper does not.
• D. SIP ALG can create expected sessions for media traffic; SIP helper does not.
• E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Answer: BCD

NEW QUESTION 4
When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

• A. FortiGate uses CN information from the Subject field in the server’s certificate.
• B. FortiGate switches to the full SSL inspection method to decrypt the data.
• C. FortiGate blocks the request without any further inspection.
• D. FortiGate uses the requested URL from the user’s web browser.

Answer: A

NEW QUESTION 5
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

• A. IPS failopen
• B. mem failopen
• C. AV failopen
• D. UTM failopen

Answer: AC

NEW QUESTION 6
What is the diagnose test application ipsmonitor 99 command used for?

• A. To enable IPS bypass mode
• B. To provide information regarding IPS sessions
• C. To disable the IPS engine
• D. To restart all IPS engines and monitors

Answer: D

NEW QUESTION 7
Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

• A. Number of packets that didn’t match the sniffer filter.
• B. Number of total packets dropped by the FortiGate.
• C. Number of packets that matched the sniffer filter and were dropped by the FortiGate.
• D. Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Answer: D

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=11655

NEW QUESTION 8
Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

• A. The port2 interface is disabled in the FortiGate configuration.
• B. The port1 default route has a lower distance than the default route using port2.
• C. The port1 default route has a higher priority value than the default route using port2.
• D. The port1 default route has a lower priority value than the default route using port2.

Answer: B

NEW QUESTION 9
Which two statements about the Security Fabric are true? (Choose two.)

• A. Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer.
• B. Only the root FortiGate sends logs to FortiAnalyzer.
• C. Only FortiGate devices with fabric-object-unification set to default will receive and synchronize global CMDB objects sent by the root FortiGate.
• D. FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.

Answer: AC

Explanation:
FortiGate's to Root uses FortiTelemetry (TCP-8013) FortiTelemetry is also used for FortiClient communication Root Fortigate to FortiAnalyzer uses API (TCP-443)

NEW QUESTION 10
An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

• A. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.
• B. Redirection of HTTP to HTTPS administrative access is disabled.
• C. HTTP administrative access is configured with a port number different than 80.
• D. The packet is denied because of reverse path forwarding check.

Answer: AC

NEW QUESTION 11
Which statement is true regarding File description (FD) conserve mode?

• A. IPS inspection is affected when FortiGate enters FD conserve mode.
• B. A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
• C. FD conserve mode affects all daemons running on the device.
• D. Restarting the WAD process is required to leave FD conserve mode.

Answer: B

NEW QUESTION 12
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?

• A. The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.
• B. The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.
• C. The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.
• D. Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.

Answer: A

Explanation:
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 99

NEW QUESTION 13
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: B

NEW QUESTION 14
Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

• A. In the phase 1 network configuration, set the IKE version to 2.
• B. In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
• C. In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
• D. In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

Answer: D

Explanation:
https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/238852

NEW QUESTION 15
In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)

• A. It provides VM license validation services.
• B. It supports rating requests from non-FortiGate devices.
• C. It caches available firmware updates for unmanaged devices.
• D. It can be configured as an update server, a rating server, or both.

Answer: AD

NEW QUESTION 16
You have configured FortiManager as a local FDS to provide FortiGate AV and IPS updates, but FortiGate devices are not receiving updates to their AV signature databases, IPS engines, or IPS signature databases.
Which two settings need to be verified for these features to function? (Choose two.)

• A. FortiGate needs to have the server list entry for FortiManager set to server-type update under config system central-management.
• B. FortiManager needs to be the license validation server for FortiGate devices trying to retrieve updated AV and IPS packages.
• C. Service access needs to be enabled on FortiManager under System Settings > Network.
• D. FortiGate needs to have include-default-servers disabled under config system central-management.

Answer: AC

Explanation:
NSE 7.0 Guide page 184-185

NEW QUESTION 17
......