1 / 11

Free 2021 Update Fortinet NSE7-EFW_6.4 Questions and Answers.pdf

PassQuestion provides the latest Free 2021 Update Fortinet NSE7-EFW_6.4 Questions and Answers that you can use to prepare for the exam on the first attempt.

examquestionsonline
Download Presentation

Free 2021 Update Fortinet NSE7-EFW_6.4 Questions and Answers.pdf

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NSE7_EFW-6.4 Free Questions NSE7_EFW-6.4 Free Questions Fortinet NSE 7 - Enterprise Firewall 6.4 Fortinet NSE 7 - Enterprise Firewall 6.4 https://www.passquestion.com/ https://www.passquestion.com/NSE7_EFW-6.4 NSE7_EFW-6.4.html .html

  2. Question 1 Question 1 In which two states is a given session categorized as ephemeral? (Choose two.) In which two states is a given session categorized as ephemeral? (Choose two.) A. A TCP session waiting to complete the three-way handshake. A. A TCP session waiting to complete the three-way handshake. B. A TCP session waiting for FIN ACK. B. A TCP session waiting for FIN ACK. C. A UDP session with packets sent and received. C. A UDP session with packets sent and received. D. A UDP session with only one packet received. D. A UDP session with only one packet received. Answer: B,C Answer: B,C

  3. Question 2 Question 2 Which of the following statements are true regarding the SIP session helper and the SIP application Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.) layer gateway (ALG)? (Choose three.) A. SIP session helper runs in the kernel; SIP ALG runs as a user space process. A. SIP session helper runs in the kernel; SIP ALG runs as a user space process. B. SIP ALG supports SIP HA failover; SIP helper does not. B. SIP ALG supports SIP HA failover; SIP helper does not. C. SIP ALG supports SIP over IPv6; SIP helper does not. C. SIP ALG supports SIP over IPv6; SIP helper does not. D. SIP ALG can create expected sessions for media traffic; SIP helper does not. D. SIP ALG can create expected sessions for media traffic; SIP helper does not. E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP. E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP. Answer: B,C,D Answer: B,C,D

  4. Question 3 Question 3 Which real time debug should an administrator enable to troubleshoot RADIUS authentication Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems? problems? A. Diagnose debug application radius -1. A. Diagnose debug application radius -1. B. Diagnose debug application fnbamd -1. B. Diagnose debug application fnbamd -1. C. Diagnose authd console –log enable. C. Diagnose authd console –log enable. D. Diagnose radius console –log enable. D. Diagnose radius console –log enable. Answer: B Answer: B

  5. Question 4 Question 4 What does the dirty flag mean in a FortiGate session? What does the dirty flag mean in a FortiGate session? A. Traffic has been blocked by the antivirus inspection. A. Traffic has been blocked by the antivirus inspection. B. The next packet must be re-evaluated against the firewall policies. B. The next packet must be re-evaluated against the firewall policies. C. The session must be removed from the former primary unit after an HA failover. C. The session must be removed from the former primary unit after an HA failover. D. Traffic has been identified as from an application that is not allowed. D. Traffic has been identified as from an application that is not allowed. Answer: B Answer: B

  6. Question 5 Question 5 What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.) What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.) A. IP addresses are in the same subnet. A. IP addresses are in the same subnet. B. Hello and dead intervals match. B. Hello and dead intervals match. C. OSPF IP MTUs match. C. OSPF IP MTUs match. D. OSPF peer IDs match. D. OSPF peer IDs match. E. OSPF costs match. E. OSPF costs match. Answer: A,B,C Answer: A,B,C

  7. Question 6 Question 6 An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2 10.0.2.10” 2 What information is included in the output of the sniffer? (Choose two.) What information is included in the output of the sniffer? (Choose two.) A. Ethernet headers. A. Ethernet headers. B. IP payload. B. IP payload. C. IP headers. C. IP headers. D. Port names. D. Port names. Answer: B,C Answer: B,C

  8. Question 7 Question 7 Which two tasks are automated using the Install Wizard on FortiManager? Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.) (Choose two.) A. Installing configuration changes to managed devices A. Installing configuration changes to managed devices B. Importing interface mappings from managed devices B. Importing interface mappings from managed devices C. Adding devices to FortiManager C. Adding devices to FortiManager D. Previewing pending configuration changes for managed devices D. Previewing pending configuration changes for managed devices Answer: A,D Answer: A,D

  9. Question 8 Question 8 Which two statements about OCVPN are true? (Choose two.) Which two statements about OCVPN are true? (Choose two.) A. Only root vdom supports OCVPN. A. Only root vdom supports OCVPN. B. OCVPN supports static and dynamic IPs in WAN interface. B. OCVPN supports static and dynamic IPs in WAN interface. C. OCVPN offers only Hub-Spoke VPNs. C. OCVPN offers only Hub-Spoke VPNs. D. FortiGate devices under different FortiCare accounts can be used to form OCVPN. D. FortiGate devices under different FortiCare accounts can be used to form OCVPN. Answer: A,B Answer: A,B

  10. Question 9 Question 9 Which two statements about an auxiliary session are true? (Choose two.) Which two statements about an auxiliary session are true? (Choose two.) A. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor. A. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor. B. With the auxiliary session setting enabled, two sessions will be created in case of routing change. B. With the auxiliary session setting enabled, two sessions will be created in case of routing change. C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session. auxiliary session. D. With the auxiliary session disabled, only auxiliary sessions will be offloaded. D. With the auxiliary session disabled, only auxiliary sessions will be offloaded. Answer: C,D Answer: C,D

  11. Question 10 Question 10 Which two configuration settings change the behavior for content-inspected traffic while FortiGate is Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.) in conserve mode? (Choose two.) A. IPS failopen A. IPS failopen B. mem failopen B. mem failopen C. AV failopen C. AV failopen D. UTM failopen D. UTM failopen Answer: A,C Answer: A,C

More Related