• Home
  • Articles
  • [Sep-2021] Pass Fortinet NSE7_EFW-6.4 Exam in First Attempt Guaranteed! [Q45-Q62]

[Sep-2021] Pass Fortinet NSE7_EFW-6.4 Exam in First Attempt Guaranteed! [Q45-Q62]

Share

[Sep-2021] Pass Fortinet NSE7_EFW-6.4 Exam in First Attempt Guaranteed!

Full NSE7_EFW-6.4 Practice Test and 104 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 45
View theexhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

  • A. For the peer 10.125.0.60, the BGP state of is Established.
  • B. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.
  • C. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.
  • D. The local BGPpeer has received a total of three BGP prefixes.

Answer: A,B

 

NEW QUESTION 46
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

  • A. IPS failopen
  • B. mem failopen
  • C. UTM failopen
  • D. AV failopen

Answer: A,D

 

NEW QUESTION 47
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

  • A. Next-hop-self
  • B. Neighbor range
  • C. Neighbor group
  • D. Route reflector

Answer: D

Explanation:
Explanation
Route reflectors help to reduce the number of IBGP sessions inside an AS. A route reflector forwards the routers learned from one peer to the other peers. If you configure route reflectors, you dont' need to create a full mesh IBGP network. All clients in a cluster only talck to route reflector to get sync routing updates. Route reflectors pass the routing updates to other route reflectors and border routers within the AS.

 

NEW QUESTION 48
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

  • A. Crashlogs.
  • B. Logs.
  • C. Firewall monitor.
  • D. Policy monitor.

Answer: A,B

 

NEW QUESTION 49
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. Theadministrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

  • A. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
  • B. Theconnectivity between the client workstations and the DNS server.
  • C. That DNS service is enabled in the explicit web proxy interface.
  • D. The connectivity between the FortiGate unit and the DNS server.

Answer: D

 

NEW QUESTION 50
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

  • A. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
  • B. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
  • C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
  • D. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.

Answer: A,B

Explanation:
Explanation
CLI scripts can be run in three different ways:Device Database: By default, a script is executed on the device database. It is recommend you run the changes on the device database (default setting), as this allows you to check what configuration changes you will send to the managed device. Once scripts are run on the device database, you can install these changes to a managed device using the installation wizard.
Policy Package, ADOM database: If a script contains changes related to ADOM level objects and policies, you can change the default selection to run on Policy Package, ADOM database and can then be installed using the installation wizard.
Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don't need to install these changes using the installation wizard. As the changes are directly installed on the managed device, no option is provided to verify and check the configuration changes through FortiManager prior to executing it.

 

NEW QUESTION 51
The logs in a FSSO collector agent (CA) are showing the following error:
failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

  • A. The remote registry service is not running in the workstation 192.168.12.232.
  • B. The CA cannot reach the FortiGate with the IP address192.168.12.232.
  • C. The FortiGate cannot resolve the name of the workstation.
  • D. The CA cannot resolve the name of the workstation.

Answer: A

Explanation:
Explanation
https://kb.fortinet.com/kb/documentLink.do?externalID=FD30548

 

NEW QUESTION 52
Which of the following statements is trueregarding a FortiGate configured as an explicit web proxy?

  • A. FortiGate limits the number of workstations that authenticate using the same web proxy usercredentials.
    This limit CANNOT be modified by the administrator.
  • B. FortiGate limits the total number of simultaneous explicit web proxy users.
  • C. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
  • D. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

Answer: B

Explanation:
Explanation
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/web_proxy.htm#Explicit2 The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higherthan the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

 

NEW QUESTION 53
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=00.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2,
[10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

  • A. port2.
  • B. Both portl and port2.
  • C. port3.
  • D. port!

Answer: A

 

NEW QUESTION 54
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list-FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAINI NGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

  • A. The IP address recorded in the logon event for the user STUDENT.
  • B. The reserve DNS lookup forthe IP address 192.168.3.1.
  • C. The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
  • D. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2.
    TRAINING. LAB.

Answer: D

 

NEW QUESTION 55
View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route?(Choose two.)

  • A. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.
  • B. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.
  • C. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.
  • D. Source IP address10.73.9.10, Destination IP address 10.72.3.15.

Answer: A,B

 

NEW QUESTION 56
View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

  • A. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
  • B. This is anexpected session created by a session helper.
  • C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
  • D. This is an expected session created by an application control profile.

Answer: A,B

 

NEW QUESTION 57
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does notprovide the server name indication (SNI) extension?

  • A. FortiGate blocks the request without any furtherinspection.
  • B. FortiGate uses the CN information from the Subject field in the server certificate.
  • C. FortiGate uses the requested URL from the user's web browser.
  • D. FortiGate switches to the full SSL inspection method to decrypt the data.

Answer: B

 

NEW QUESTION 58
View the exhibit, which contains the output of a diagnose command, and the answer the question below.

Which statements are true regarding the Weight value?

  • A. Its value is incremented with each packet lost.
  • B. It determines which FortiGuard server is used for license validation.
  • C. Its initial value is calculated based on the round trip delay (RTT).
  • D. Its initial value is statically set to 10.

Answer: A

 

NEW QUESTION 59
Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

  • A. The local router has received a total of three BGPprefixes from all peers.
  • B. Since the counters were last reset, the 10.200.3.1 peer has never been down.
  • C. The local router has not established a TCP session with 100.64.3.1.
  • D. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.

Answer: C

 

NEW QUESTION 60
Examine thefollowing partial outputs from two routing debug commands; then answer the question below:

Why the default route using port2 is not displayed in the output of the second command?

  • A. It has a higher distance than the default route using port1.
  • B. It has a lower priority than the default route using port1.
  • C. It is disabled in the FortiGate configuration.
  • D. It hasa higher priority than the default route using port1.

Answer: A

Explanation:
Explanation
http://kb.fortinet.com/kb/viewContent.do?externalId=FD32103

 

NEW QUESTION 61
View the exhibit, which contains the partial output of adiagnose command, and then answer the question below.

Based on the output, which of the following statements is correct?

  • A. Anti-reply is enabled.
  • B. Remote gateway IP is 10.200.5.1.
  • C. Quick mode selectors are disabled.
  • D. DPD is disabled.

Answer: A

 

NEW QUESTION 62
......

Get Latest NSE7_EFW-6.4 Dumps Exam Questions in here: https://www.actualpdf.com/NSE7_EFW-6.4_exam-dumps.html

Related Articles

more
Fortinet NSE7_EFW-6.4 Certification Practice Exam