NSE7_EFW-7.0 Sample Questions Answers

It is an ICMP session from 10.1.10.10 to 10.200.5. 1.

It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

A process crash.

Configuration changes.

Changes in the status of any of the FortiGuard licenses.

System entering to and leaving from the proxy conserve mode.

The remote gateway IP address is 10.0.0.1.

It shows a phase 1 negotiation.

The negotiation is using AES128 encryption with CBC hash.

The initiator has provided remote as its IPsec peer ID.

The unit is running a 32-bit FortiOS

The unit is in kernel conserve mode

The Cached value is always the Active value plus the Inactive value

Kernel indirectly accesses the low memory (LowTotal) through memory paging

HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

Redirection of HTTP to HTTPS administrative access is disabled.

HTTP administrative access is configured with a port number different than 80.

The packet is denied because of reverse path forwarding check.

1

2

3

4

This session is for HA heartbeat traffic.

This session is synced with the slave unit.

The inspection of this session has been offloaded to the slave unit.

This session cannot be synced with the slave unit.

port!

port2.

Both portl and port2.

port3.

The local router's BGP state is Established with the 10.125.0.60 peer.

Since the counters were last reset; the 10.200.3.1 peer has never been down.

The local router has received a total of three BGP prefixes from all peers.

The local router has not established a TCP session with 100.64.3.1.

BGP peers have successfully interchanged Open and Keepalive messages.

Local BGP peer received a prefix for a default route.

The state of the remote BGP peer is OpenConfirm.

The state of the remote BGP peer will go to Connect after it confirms the received prefixes.

FortiGate first checks the OSPF ID to elect a DR.

Non-DR and non-BDR routers will form full adjacencies to DR and BDR only.

BDR is responsible for forwarding link state information from one router to another.

Only the DR receives link state information from non-DR routers.

FortiManager can download and maintain local copies of FortiGuard databases.

FortiManager supports only FortiGuard push to managed devices.

FortiManager will respond to update requests only if they originate from a managed device.

FortiManager does not support rating requests.

Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer.

Only the root FortiGate sends logs to FortiAnalyzer.

Only FortiGate devices with fabric-object-unification set to default will receive and synchronize global CMDB objects sent by the root FortiGate.

FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.

TCP half open.

TCP half close.

TCP time wait.

TCP session time to live.

TheOSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the war. l network.

The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.

The local FortiGate is the designated router for the wan1 network.

The interface ToRemote is a point-to-point OSPF network.

Changes in an interface configuration can only be done by CLI script.

The TCL script must start with #include <>.

Incomplete commands are ignored in TCL scripts.

The TCL command run_cmd has not been created.

IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.

IKE is the standard implementation for IKEv1 and IKE NAT-T is an extension added in IKEv2.

They both use UDP as their transport protocol and the port number is configurable.

They each use their own IP protocol number.

The port2 interface is disabled in the FortiGate configuration.

The port1 default route has a lower distance than the default route using port2.

The port1 default route has a higher priority value than the default route using port2.

The port1 default route has a lower priority value than the default route using port2.

In the phase 1 network configuration, set the IKE version to 2.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

The port4 interface is connected to the OSPF backbone area.

The local FortiGate has been elected as the OSPF backup designated router.

There are at least 5 OSPF routers connected to the port4 network.

Two OSPF routers are down in the port4 network.

Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.

The secondary device has this session synchronized; however, because application control is applied, the session will be marked dirty and have to be re-evaluated after failover.

The session state will be preserved but the kernel will need to re-evaluate the session due to NAT being applied.

The session will be removed from the session table of the secondary device due to the presence of allowed error packets, which will force the client to restart the session with the server.

This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate.

This is an expected session created by the IPS engine.

Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.

Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.

The session would be deleted, and the client would need to start a new session.

The session would remain in the session table, and its traffic would start to egress from port2.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

The session would remain in the session table, and its traffic would still egress from port1.

The administrator must also run the command diagnose debug enable.

The administrator must enable the following real-time debug: diagnose debug application ipsec -1.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

It is currently in system conserve mode because of high CPU usage.

It is currently in FD conserve mode.

It is currently in kernel conserve mode because of high memory usage.

It is currently in system conserve mode because of high memory usage.

The CA cannot resolve the name of the workstation.

The FortiGate cannot resolve the name of the workstation.

The remote registry service is not running in the workstation 192.168.12.232.

The CA cannot reach the FortiGate with the IP address 192.168.12.232.

ADOMs are disabled on the FortiManager

The FortiGate configuration is in sync with latest running revision history.

There are pending device-level changes yet to be installed on Local-FortiGate.

The policy package has been modified for Local-FortiGate.

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.

An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

IKE mode configuration is not enabled in the remote IPsec gateway.

The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.

The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.

One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.

If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

A TCP session waiting for FIN ACK

A UDP session with packets sent and received

A UDP session with only one packet received

A TCP session waiting for the SYN ACK

auto-discovery-sender

auto-discovery-forwarder

auto-discovery-shortcut

auto-discovery-receiver

Set protected network to all

Enable AD-VPN in IPsec phase 1

Configure IP addresses on IPsec virtual interfaces

Disable add-route on hub

The remote gateway IP address is 10.0.0.1.

The initiator provided remote as its IPsec peer ID.

It shows a phase 1 negotiation.

The negotiation is using AES128 encryption with CBC hash.

It inspects incoming traffic to protect services in the corporate DMZ.

It is the first line of defense at the network perimeter.

It splits the network into multiple security segments to minimize the impact of breaches.

It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

They are used to filter real-time debugs.

They display real-time application debugs.

Some of them display statistics and configuration information about a feature or process.

Some of them can be used to restart an application.

To enable IPS bypass mode

To disable the IPS engine

To restart all IPS engines and monitors

To provide information regarding IPS sessions

The slave configuration is not synchronized with the master.

The HA management IP is 169.254.0.2.

Master is selected because it is the only device in the cluster.

port 7 is used the HA heartbeat on all devices in the cluster.

FortiGate applied proxy-based inspection.

FortiGate forwarded this session without any inspection.

FortiGate applied flow-based inspection.

FortiGate applied explicit proxy-based inspection.

User student is not found in the LDAP server.

User student is using a wrong password.

The FortiGate has been configured with the wrong password for the LDAP administrator.

The FortiGate has been configured with the wrong authentication schema.

After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

After IPS identifies the application, it adds an entry to a dynamic ISDB table.

FortiGate will drop all packets until the application can be identified.

Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

Sends a link failed signal to all connected devices.

Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.

The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.

The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.

Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.

redir.

dirty.

synced

nds.

This is an expected session created by a session helper.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.

Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.

This is an expected session created by an application control profile.