Pass NSE7_EFW-7.0 Exam with Updated NSE7_EFW-7.0 Exam Dumps PDF 2023 [Q43-Q60]

Rate this post

Pass NSE7_EFW-7.0 Exam with Updated NSE7_EFW-7.0 Exam Dumps PDF 2023

NSE7_EFW-7.0 Exam Dumps – Free Demo & 365 Day Updates

QUESTION 43
A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab”
Based on the output, what FortiGate LDAP setting is configured incorrectly?

cnid.

username.

password.

dn.

QUESTION 44
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.
The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1
diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

Phase1; IKE mode configuration; XAuth; phase 2.

Phase1; XAuth; IKE mode configuration; phase2.

Phase1; XAuth; phase 2; IKE mode configuration.

Phase1; IKE mode configuration; phase 2; XAuth.

QUESTION 45
View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1.
The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

The session would remain in the session table, and its traffic would still egress from port1.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

The session would remain in the session table, and its traffic would start to egress from port2.

The session would be deleted, so the client would need to start a new session.

QUESTION 46
Which two statements about an auxiliary session are true? (Choose two.)

With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.

With the auxiliary session setting enabled, two sessions will be created in case of routing change.

With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.

With the auxiliary session disabled, only auxiliary sessions will be offloaded.

QUESTION 47
Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24 .
Which configuration change will make the local peer advertise this prefix?

Enable the redistribution of connected routers into BGP.

Enable the redistribution of static routers into BGP.

Disable the setting network-import-check.

Enable the setting ebgp-multipath.

QUESTION 48
Refer to the exhibit, which contains the output of get system ha status.

Which two statements about the output are true? (Choose two.)

The slave configuration is synchronized with the master.

port7 is used as the HA heartbeat on all devices in the cluster.

Primary is selected based on the priority configured under config system ha.

The HA management IP is 169.254.0.2.

QUESTION 49
What is the purpose of an internal segmentation firewall (ISFW)?

It inspects incoming traffic to protect services in the corporate DMZ.

It is the first line of defense at the network perimeter.

It splits the network into multiple security segments to minimize the impact of breaches.

It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

QUESTION 50
Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output .
Why isn’t there any output?

The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

The log-filter setting is set incorrectly. The VPN’s traffic does not match this filter.

The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.

The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

QUESTION 51
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3
ipsengine exit log”
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr19 09:57:26 2017
code = 11, reason: manual
What is the status of IPS on this FortiGate?

IPS engine memory consumption has exceeded the model-specific predefined value.

IPS daemon experienced a crash.

There are communication problems between the IPS engine and the management database.

All IPS-related features have been disabled in FortiGate’s configuration.

QUESTION 52
Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

The port4 interface is connected to the OSPF backbone area.

The local FortiGate has been elected as the OSPF backup designated router.

There are at least 5 OSPF routers connected to the port4 network.

Two OSPF routers are down in the port4 network.

QUESTION 53
Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but failed to apply any changes to the managed device after being executed.
Why did the TCL script fail to make any changes to the managed device?

Changes in an interface configuration can only be done by CLI script.

The TCL script must start with #include <>.

Incomplete commands are ignored in TCL scripts.

The TCL command run_cmd has not been created.

QUESTION 54
Refer to the exhibit, which contains the debug output of diagnose dvm device list.

Which two statements about the output shown in the exhibit are correct? (Choose two.)

ADOMs are disabled on the FortiManager

The FortiGate configuration is in sync with latest running revision history.

There are pending device-level changes yet to be installed on Local-FortiGate.

The policy package has been modified for Local-FortiGate.

QUESTION 55
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the ‘diagnose debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems .
What should the administrator check? (Choose two.)

The user student must not be listed in the CA’s ignore user list.

The user student must belong to one or more of the monitored user groups.

The student workstation’s IP subnet must be listed in the CA’s trusted list.

At least one of the student’s user groups must be allowed by a FortiGate firewall policy.

QUESTION 56
Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

Finance and banking

General organization.

Business.

Information technology.

QUESTION 57
View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate’s inspection of this session?

FortiGate applied proxy-based inspection.

FortiGate forwarded this session without any inspection.

FortiGate applied flow-based inspection.

FortiGate applied explicit proxy-based inspection.

QUESTION 58
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website.
The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

The connectivity between the FortiGate unit and the DNS server.

The connectivity between the client workstations and the DNS server.

That DNS traffic from client workstations is allowed by the explicit web proxy policies.

That DNS service is enabled in the explicit web proxy interface.

QUESTION 59
Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

The local FortiGate OSPF router ID is 0.0.0.4.

Port4 is connected to the OSPF backbone area.

In the network connected to port4, two OSPF routers are down.

The local FortiGate is the backup designated router.

QUESTION 60
An administrator is running the following sniffer in a FortiGate:
diagnose sniffer packet any “host 10.0.2.10” 2
What information is included in the output of the sniffer? (Choose two.)

Ethernet headers.

IP payload.

IP headers.

Port names.

Loading …