DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

Fortinet Exam Preparation with Latest NSE7_EFW-7.2 Exam Questions

Fortinet's NSE7_EFW-7.2 exam is a challenging test that assesses your expertise in Fortinet's Enterprise Firewall solutions. To pass successfully, you need comprehensive exam preparation with reliable study materials and exam resources. SPOTO offers a wide range of exam questions and answers, test questions, and mock exams that cover the entire exam syllabus. These exam questions are meticulously crafted by industry experts to simulate the real exam environment, ensuring you're well-equipped to tackle the actual test. With SPOTO's exam preparation resources, you can identify your strengths and weaknesses, focus on areas that need improvement, and gain confidence in your ability to excel in the NSE7_EFW-7.2 exam. Don't leave your success to chance – leverage SPOTO's proven exam resources and increase your chances of passing the Fortinet NSE7_EFW-7.2 exam on your first attempt.
Take other online exams
Question #1
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
A. PS will scan every byte in every session
B. ortiGate will spawn IPS engine instances based on the system load
C. ew packets will be passed through without inspection if the IPS socket buffer runs out of memory
D. PS will use the faster matching algorithm which is only available for units with more than 4 GB memory
View answer
Correct Answer: B
Question #2
View the exhibit, which contains the output of a debug command, and then answer the question below.What statement is correct about this FortiGate?
A. t is currently in system conserve mode because of high CPU usage
B. t is currently in FD conserve mode
C. t is currently in kernel conserve mode because of high memory usage
D. t iscurrently in system conserve mode because of high memory usage
View answer
Correct Answer: D
Question #3
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.Which of the following statements about the exhibit are true? (Choose two.)
A. t has a higher priority value than the default route using port1
B. t isdisabled in the FortiGate configuration
C. t has a lower priority value than the default route using port1
D. t has a higher distance than the default route using port1
View answer
Correct Answer: AD
Question #4
Examine the following partial output from a sniffer command; then answer the question below.What is the meaning of the packetsdropped counter at the end of the sniffer?
A. umber of packets that didn't match the sniffer filter
B. umber of total packets dropped by the FortiGate
C. umber of packets that matched the sniffer filter and were dropped by the FortiGate
D. umber ofpackets that matched the sniffer filter but could not be captured by the sniffer
View answer
Correct Answer: D
Question #5
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
A. eighbor range
B. oute reflector
C. ext-hop-self
D. eighbor group
View answer
Correct Answer: B
Question #6
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. Theadministrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:What should the administrator check to fix the problem?
A. hange phase 1encryption to AESCBC and authentication to SHA128
B. hange phase 1 encryption to 3DES and authentication to CBC
C. hange phase 1 encryption to AES128 and authentication to SHA512
D. hange phase 1 encryption to 3DES and authentication to SHA256
View answer
Correct Answer: A
Question #7
Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)
A. nti-reply is enabled
B. PD is disabled
C. uick mode selectors are disabled
D. emote gateway IP is 10
View answer
Correct Answer: CDE
Question #8
Examine the following partial outputs from two routing debug commands; then answer the question below: Why the default route using port2 is not displayed in the output of the second command?
A. edir
B. irty
C. ynced
D. ds
View answer
Correct Answer: C
Question #9
An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2What information is included in the output of the sniffer? (Choose two.)
A. inance and banking
B. eneral organization
C. usiness
D. nformation technology
View answer
Correct Answer: BC
Question #10
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?
A. orces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs
B. ends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover
C. ends a link failed signal to all connected devices
D. isables all the non-heartbeat interfaces in all the HA members for two seconds after a failover
View answer
Correct Answer: A
Question #11
Examine the output of the `get router info bgp summary' command shown in the exhibit; then answer the question below.Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?
A. he local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet
B. he TCP session for the BGP connection to 10
C. he local peer has received the BGP prefixed from the remote peer
D. he local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet
View answer
Correct Answer: B
Question #12
View the IPS exit log, and then answer the question below.# diagnose test application ipsmonitor 3ipsengine exit log"pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017code = 11, reason: manualWhat is the status of IPS on this FortiGate?
A. PS engine memory consumption has exceeded the model-specific predefined value
B. PS daemon experienced a crash
C. here are communication problems between the IPS engine and the management database
D. ll IPS-related features have been disabled in FortiGate's configuration
View answer
Correct Answer: D
Question #13
In which two states is a given session categorized as ephemeral? (Choose two.)
A. A TCP session waiting for FIN ACK
B. A TCP session waiting to complete the three-way handshake
C. A UDP session with packets sent and received
D. A UDP session with only one packet received
View answer
Correct Answer: AC
Question #14
Examine the output from the `diagnose vpn tunnel list' command shown inthe exhibit; then answer the question below.Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
A. iagnose sniffer packet any `port 500'
B. iagnose sniffer packet any `esp'
C. iagnose sniffer packet any `host10
D. iagnose sniffer packet any `port 4500'
View answer
Correct Answer: D
Question #15
The logs in a FSSO collector agent (CA) are showing the following error:failed to connect to registry: PIKA1026 (192.168.12.232)What can be the reason for this error?
A. he CA cannot resolve the name of the workstation
B. he FortiGate cannot resolve the name of the workstation
C. he remote registry service is not running in the workstation 192
D. he CA cannot reach the FortiGate with the IP address 192
View answer
Correct Answer: C
Question #16
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)
A. t has a lower priority than the default route using port1
B. t has a higher priority than the default route using port1
C. t has a higher distance than the default route using port1
D. t is disabled in the FortiGate configuration
View answer
Correct Answer: AD
Question #17
When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?
A. KEmode configuration is not enabled in the remote IPsec gateway
B. he remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration
C. he remote gateway's Phase-1 configuration does not match the local gateway's phase-1configuration
D. ne IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode
View answer
Correct Answer: A
Question #18
A FortiGate device hasthe following LDAP configuration:The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:>dsquery user ­samid administrator"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"Based on the output, what FortiGate LDAP setting is configured incorrectly?
A. nid
B. sername
C. assword
D. n
View answer
Correct Answer: B
Question #19
Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.Which statement is true regarding the session in the exhibit?
A. t was created by the FortiGate kernel to allow push updates from FotiGuard
B. t is for management traffic terminating at the FortiGate
C. t is for traffic originated from the FortiGate
D. t was created by a session helper or ALG
View answer
Correct Answer: D
Question #20
Refer to the exhibit, which contains a partial BGP combination.You want to configure a loopback as the OGP source.Which two parameters must you set in the BGP configuration? (Choose two)
A. erity Mai the speed and duplex settings match between me FortiGate interfaces and the connected switch ports
B. onfigure set link -failed signal enable under-config system ha on both Cluster members
C. onfigure remote Iink monitoring to detect an issue in the forwarding path
D. onfigure set send-garp-on-failover enables under config system ha on both cluster members
View answer
Correct Answer: AD
Question #21
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:What should the administrator check to fix the problem?
A. iagnose debug application radius -1
B. iagnose debug application fnbamd -1
C. iagnose authd console –log enable
D. iagnose radius console –log enable
View answer
Correct Answer: A
Question #22
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. FortiManager will respond to update requests only from a managed device
B. FortiManager can download and maintain local copies of FortiGuard databases
C. FortiManager does not support web filter rating requests
D. FortiManager supports only FortiGuard push update to managed devices
View answer
Correct Answer: B
Question #23
Refer to the exhibit.which contains a partial configuration of the global system. What can you conclude from this output?
A. Ps and CPs are enabled
B. nly CPs arc disabled
C. nly NPs are disabled
D. Ps and CPs arc disabled
View answer
Correct Answer: A
Question #24
Which of the following conditions must be met fora static route to be active in the routing table? (Choose three.)
A. he CA cannot resolve the name of the workstation
B. he FortiGate cannot resolve the name of the workstation
C. he remote registry service is not running in the workstation 192
D. he CA cannot reach the FortiGate with the IP address192
View answer
Correct Answer: CDE
Question #25
What does the dirty flag mean in a FortiGate session?
A. etermines the optimal number of IPS engines required based on system load
B. ownloads signatures on demand from FDS based on scanning requirements
C. etermines when it is secure enough to stop scanning session traffic
D. hoose a matching algorithm based on available memory and the type of inspection being performed
View answer
Correct Answer: B
Question #26
Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)
A. Importing firewall address objects from managed devices
B. Importing interface mappings from managed devices
C. Importing static and dynamic route configurations from managed devices
D. Importing devices to FortiManager
View answer
Correct Answer: AC
Question #27
Anadministrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this probl
A. t is currently in system conserve mode because of high CPU usage
B. t is currently in extreme conserve mode because of high memory usage
C. t is currently in proxy conserve mode because of high memory usage
D. t is currently in memory conserve mode because of high memory usage
View answer
Correct Answer: A
Question #28
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.Which statements about this debug output are correct? (Choose two.)
A. ortiGate uses CN information from the Subject field in the server’s certificate
B. ortiGate switches to the full SSL inspection method to decrypt the data
C. ortiGate blocks the request without any further inspection
D. ortiGate uses the requested URL from the user’s web browser
View answer
Correct Answer: BD
Question #29
Which statement about protocol options is true?
A. Protocol options allows administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols
B. Protocol options allows administrators the ability to configure the Any setting for all enabled protocols which provides the most efficient use of system resources
C. Protocol options allow administrators to configure a maximum number of sessions for each configured protocol
D. Protocol options allows administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on
View answer
Correct Answer: D
Question #30
Refer to the exhibit, which contains the partial output of a diagnose command.Based on the output, which two statements arecorrect? (Choose two.)
A. KE mode configuration is not enabled in the remote IPsec gateway
B. heremote gateway's Phase-2 configuration does not match the local gateway's phase- 2 configuration
C. he remote gateway's Phase-1 configuration does not match the local gateway's phase- 1 configuration
D. ne IPsec gateway is using main mode, while theother IPsec gateway is using aggressive mode
View answer
Correct Answer: AC
Question #31
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?
A. iagnose sniffer packet any ‘udp port 500’
B. iagnose sniffer packet any ‘udp port 4500’
C. iagnose sniffer packet any ‘esp’
D. iagnose sniffer packet any ‘udp port 500 or udp port 4500’
View answer
Correct Answer: C
Question #32
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.Which IP addresses are included in the output of this command?
A. hose whose traffic matches a DoS policy
B. hose whose traffic matches an IPS sensor
C. hose whose traffic exceeded a threshold of a matching DoS policy
D. hose whose traffic was detected as an anomaly by an IPS sensor
View answer
Correct Answer: A
Question #33
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.Which statements are correct regarding the output shown? (Choose two.)
A. t is currently in system conserve mode because of high CPU usage
B. t is currently in FD conserve mode
C. t is currently in kernel conserve mode because of high memory usage
D. t is currently in system conserve mode because of high memory usage
View answer
Correct Answer: AC
Question #34
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. he requested URL belongs to category ID 255
B. he server hostname Is training, fortinet
C. ortiGate found the requested URL in its local cache
D. his web request was inspected using the ftgd-allow web filler profile
View answer
Correct Answer: A
Question #35
Examine the following partial outputs from two routing debug commands; then answer the QUESTION below:Why the default route using port2 is not displayed in the output of the second command?
A. t has a lower priority than the default route using port1
B. t has a higher priority than the default route using port1
C. t has a higher distance than the defaultroute using port1
D. t is disabled in the FortiGate configuration
View answer
Correct Answer: C
Question #36
Which ADVPN configuration must be configured using a script on fortiManager, when using VPN Manager to manage fortiGate VPN tunnels?
A. he router are in the number to match the remote peer
B. ou must change the AS number to match the remote peer
C. GP is attempting to establish a TCP connection with the BGP peer
D. he bfd configuration to set to enable
View answer
Correct Answer: A
Question #37
An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2What information is included in the output of the sniffer? (Choose two.)
A. inance and banking
B. eneral organization
C. usiness
D. nformation technology
View answer
Correct Answer: BC
Question #38
Exhibit.Refer to the exhibit, which shows a partial touting tableWhat two concisions can you draw from the corresponding FortiGate configuration? (Choose two.)
A. nable AD-VPN in IPsec phase 1
B. isable add-route on hub
C. onfigure IP addresses on IPsec virtual interlaces
D. et protected network to all
View answer
Correct Answer: BD
Question #39
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?
A. edir
B. irty
C. ynced
D. ds
View answer
Correct Answer: C
Question #40
View these partial outputs from two routing debug commands:Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
A. oth port1 and port2
B. ort3
C. ort1
D. ort2
View answer
Correct Answer: C
Question #41
Refer to the exhibit, which contains the output of a BGP debug command.Which statement about the exhibit is true?
A. he local router has received a total of three BGPprefixes from all peers
B. he local router has not established a TCP session with 100
C. ince the counters were last reset, the 10
D. he local router BGP state is OpenConfirm with the 10
View answer
Correct Answer: B
Question #42
What events are recorded in the crashlogs of a FortiGate device? (Choose two.)
A. t has a lower priority than the default route using port1
B. t has a higher priority than the default route using port1
C. t has a higher distance than the default route using port1
D. t is disabled in the FortiGate configuration
View answer
Correct Answer: AD
Question #43
How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)
A. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history
B. When run on the Device Database, changes are applied directly to the managed FortiGate device
C. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation
D. When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device
View answer
Correct Answer: AD
Question #44
Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.Which statement is true regarding the session in the exhibit?
A. t was created by the FortiGate kernel to allow push updates from FotiGuard
B. t is for management traffic terminating at the FortiGate
C. t is for traffic originated from the FortiGate
D. t was created by a session helper or ALG
View answer
Correct Answer: D
Question #45
Refer to the exhibit, which contains partial outputs from two routing debug commands. Why is the port2 default route not in the second command's output?
A. ortiGate applied proxy-based inspection
B. ortiGate forwarded this session without any inspection
C. ortiGate applied flow-based inspection
D. ortiGate applied explicitproxy-based inspection
View answer
Correct Answer: D
Question #46
Refer to the exhibit, which shows a partial routing table.Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)
A. ource IP address
B. ource IPaddress
C. ource IPaddress
D. ource IPaddress
View answer
Correct Answer: AB
Question #47
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.Which statement about this setting is true?
A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover
B. It sends a link failed signal to all connected devices
C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover
D. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs
View answer
Correct Answer: D
Question #48
Examine the IPsec configuration shown in the exhibit; then answer the question below.An administrator wants to monitor the VPN by enabling theIKE real time debug using these commands:diagnose vpn ike log-filter src-addr4 10.0.10.1diagnose debug application ike -1diagnose debug enableThe VPN is currently up, there is no traffic crossing the tunnel and DPD packets are beinginterchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?
A. he IKE real time shows the phases 1 and 2 negotiations only
B. he log-filter setting is set incorrectly
C. he IKE real time debug shows the phase 1 negotiation only
D. he IKE real time debug shows error messages only
View answer
Correct Answer: B
Question #49
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. he requested URL belongs to category ID 255
B. he server hostname Is training, fortinet
C. ortiGate found the requested URL in its local cache
D. his web request was inspected using the ftgd-allow web filler profile
View answer
Correct Answer: A
Question #50
Which two statements about FortiManager are true when it is deployed as a local FDS? (Choose two.)
A. It caches available firmware updates for unmanaged devices
B. It provides VM license validation services
C. It can be configured as an update server, or a rating server, but not both
D. It supports rating requests from both managed and unmanaged devices
View answer
Correct Answer: AB
Question #51
Refer to the exhibit, which contains the output of a BGP debug command.Which statement about the exhibit is true?
A. he local router has received a total of three BGP prefixes from all peers
B. he local router has not established a TCP session with 100
C. ince the counters were last reset, the 10
D. he local router BGP state is OpenConfirm with the 10
View answer
Correct Answer: B
Question #52
Refer to the exhibit, which shows a session entry.Which statement about this session is true?
A. It is an ICMP session from 10
B. Return traffic to the initiator is sent to 10
C. It is an ICMP session from 10
D. Return traffic to the initiator is sent to 10
View answer
Correct Answer: B
Question #53
Refer to the exhibit, which shows the output of a web filtering diagnose command.
A. The FortiGuard web filter cache is disabled in the FortiGate configuration
B. There are no users making web requests
C. FortiGate is using flow-based inspection, which does not use the cache
D. The administrator has reallocated the cache memory to a separate process
View answer
Correct Answer: A
Question #54
What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
A. CP half open
B. CP half close
C. CP time wait
D. CP session time to live
View answer
Correct Answer: ABC
Question #55
View the following FortiGate configuration.All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching thatuser’s session?
A. he session would remain in the session table, and its traffic would still egress from port1
B. he session would remain in the session table, but its traffic would now egress from both port1 and port2
C. he session would remain in the session table, and its traffic would start to egress from port2
D. he session would be deleted, so the client would need to start a new session
View answer
Correct Answer: A
Question #56
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)
A. oth port1 and port2
B. ort3
C. ort1
D. ort2
View answer
Correct Answer: AB
Question #57
View the central management configuration shown in the exhibit, and then answer the question below.Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
A. 0
B. ne of the public FortiGuard distribution servers
C. 0
D. 0
View answer
Correct Answer: B
Question #58
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.Which statements are correct regarding the output shown? (Choose two.)
A. t is currently in system conserve mode because of high CPU usage
B. t is currently in FD conserve mode
C. t is currently in kernel conserve mode because of high memory usage
D. t is currently in system conserve mode because of high memory usage
View answer
Correct Answer: AC
Question #59
Refer to the exhibits, which show the configuration on FortiGate and partial session information.
A. The session would remain in the session table, and its traffic would still egress from port1
B. The session would be deleted, and the client would need to start a new session
C. The session would remain in the session table, and its traffic would start to egress from port2
D. The session would remain in the session table, but its traffic would now egress from both port1 and port2
View answer
Correct Answer: A
Question #60
Refer to the exhibit, which shows the output of diagnose sys session stat.
A. All the sessions in the session table are TCP sessions
B. No sessions have been deleted because of memory page exhaustion
C. There are 0 ephemeral sessions
D. There are 166 TCP sessions waiting to complete the three-way handshake
View answer
Correct Answer: BC
Question #61
Refer to the exhibit, which shows the output of a diagnose commandWhat can you conclude from the RTT value?
A. Its value represents the time it takes to receive a response after a rating request is sent to a particular server
B. Its value is incremented with each packet lost
C. It determines which FortiGuard server is used for license validation
D. Its initial value is statically set to 10
View answer
Correct Answer: A
Question #62
In which two ways does fortiManager function when it is deployed as a local FDS? (Choose two)
A. t can be configured as an update server a rating server or both
B. t provides VM license validation services
C. t supports rating requests from non-FortiGate devices
D. t caches available firmware updates for unmanaged devices
View answer
Correct Answer: AD
Question #63
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.Which of the following statements about the exhibit are true? (Choose two.)
A. he administrator has reallocated the cache memory to a separate process
B. here are no users making web requests
C. he FortiGuard web filter cache is disabled in the FortiGate’s configuration
D. ortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection
View answer
Correct Answer: AD
Question #64
The logs in a FSSO collector agent (CA) are showing the following error:failed to connect to registry: PIKA1026 (192.168.12.232)What can be the reason for this error?
A. he CA cannot resolve the name of the workstation
B. he FortiGate cannot resolve the name of the workstation
C. he remote registry service is not running in the workstation 192
D. he CA cannot reach the FortiGate with the IP address 192
View answer
Correct Answer: C
Question #65
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.Why didn’t the tunnel come up?
A. KE mode configuration is not enabled in the remote IPsec gateway
B. he remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration
C. he remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration
D. ne IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode
View answer
Correct Answer: C
Question #66
What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?
A. v-failopen
B. em-failopen
C. tm-failopen
D. ps-failopen
View answer
Correct Answer: A
Question #67
View the exhibit, which contains the output of a debug command, and then answer the question below.Which one of the following statements about this FortiGate is correct?
A. ortiManager can download and maintain local copies of FortiGuard databases
B. ortiManager supports only FortiGuard push to managed devices
C. ortiManager will respond to update requests only if they originate from a managed device
D. ortiManager does not support rating requests
View answer
Correct Answer: D
Question #68
What does the dirty flag mean in a FortiGate session?
A. etermines the optimal number of IPS engines required based on system load
B. ownloads signatures on demand from FDS based on scanning requirements
C. etermines when it is secure enough to stop scanning session traffic
D. hoose a matching algorithm based on available memory and the type of inspection being performed
View answer
Correct Answer: B
Question #69
When does a RADIUS server send an Access-Challenge packet?
A. he server does not have the user credentials yet
B. he server requires more information from the user, such as the token code for two-factor authentication
C. he user credentials are wrong
D. he user account is not found in the server
View answer
Correct Answer: B
Question #70
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link- failed-signal to fix the problem. Which statement is correct regarding this command?
A. orces the former primary device to shut down all its non-heartbeat interfaces forone second while the failover occurs
B. ends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover
C. ends a link failed signal to all connected devices
D. isables all the non-heartbeat interfaces in all the HA members for two seconds after a failover
View answer
Correct Answer: A
Question #71
Which statement describes IPS adaptive scanning?
A. Downloads signatures on demand from FDS based on scanning requirements
B. Determines when it is secure enough to stop scanning session traffic
C. Determines the optimal number of IPS engines required based on system load
D. Choose a matching algorithm based on the type of inspection being performed
View answer
Correct Answer: B
Question #72
AFortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)
A. raffic has been blocked by the antivirus inspection
B. he next packet must be re-evaluated against the firewall policies
C. he session must be removed from the former primary unit after an HA failover
D. raffic has been identified as from an application that is not allowed
View answer
Correct Answer: AD
Question #73
Refer to the exhibit, which shows the output of a BGP debug command.What can be concluded about the router in this scenario?
A. The router 100
B. The State/PfxRcd for neighbor 100
C. All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4
D. The BGP session with peer 10
View answer
Correct Answer: D
Question #74
View the exhibit, which contains an entry in the session table, and then answer the question below.Which one of the following statements is true regarding FortiGate’s inspection of this session?
A. ortiGate applied proxy-based inspection
B. ortiGate forwarded this session without any inspection
C. ortiGate applied flow-based inspection
D. ortiGate applied explicit proxy-based inspection
View answer
Correct Answer: A
Question #75
Which of the following statements are true regardingthe SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)
A. roup ID
B. roup name
C. ession pickup
D. ratuitous ARPs
View answer
Correct Answer: BCD
Question #76
An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.Based on the output in the exhibit, what can cause this authentication problem?
A. he session would remain in the session table, and its traffic would still egress from port1
B. he session would remain in the session table, but its traffic would now egress fromboth port1 and port2
C. he session would remain in the session table, and its traffic would start to egress from port2
D. he session would be deleted, so the client would need to start a new session
View answer
Correct Answer: A
Question #77
Refer to the exhibit, which shows the output of diagnose sys session list.If the HA ID for the primary device is 0, what will happen if the primary fails and the secondary becomes the primary?
A. Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server
B. The secondary device has this session synchronized; however, because application control is applied, the session will be marked dirty and have to be re-evaluated after failover
C. The session state will be preserved but the kernel will need to re-evaluate the session due to NAT being applied
D. The session will be removed from the session table of the secondary device due to the presence of allowed error packets, which will force the client to restart the session with the server
View answer
Correct Answer: A
Question #78
What does the dirty flag mean in a FortiGate session?
A. The next packet must be re-evaluated against the firewall policies
B. Traffic has been identified as coming from an application that is not allowed
C. Traffic has been blocked by the antivirus inspection
D. The session must be removed from the former primary unit after an HA failover
View answer
Correct Answer: A
Question #79
View these partial outputs from two routing debug commands:Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
A. oth port1 and port2
B. ort3
C. ort1
D. ort2
View answer
Correct Answer: C
Question #80
View the exhibit, which contains the output of a debug command, and then answer the question below.Which of the following statements about the exhibit are true? (Choose two.)
A. ortiManager can download and maintain local copies of FortiGuard databases
B. ortiManager supports only FortiGuard push to managed devices
C. ortiManager will respond to update requests only if they originate from a managed device
D. ortiManager does not support rating requests
View answer
Correct Answer: BC
Question #81
Examine the following partial output from a sniffer command; then answer the question below.What is the meaning of the packets dropped counter at the end of the sniffer?
A. he connectivity between the FortiGate unit and the DNS server
B. he connectivity between the client workstations and the DNS server
C. hat DNS traffic from client workstations is allowed by the explicit web proxy policies
D. hat DNS service is enabled in the explicit web proxy interface
View answer
Correct Answer: D
Question #82
View the exhibit, which contains the output of a diagnose command, and the answer the question below.Which statements are true regarding the Weight value?
A. ts initial value is calculated based on theround trip delay (RTT)
B. ts initial value is statically set to 10
C. ts value is incremented with each packet lost
D. t determines which FortiGuard server is used for license validation
View answer
Correct Answer: C
Question #83
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.Which statements are true regarding the output in the exhibit? (Choose two.)
A. umber of packets that didn’t match the sniffer filter
B. umber of total packets dropped by the FortiGate
C. umber of packets that matched the sniffer filter and were dropped by the FortiGate
D. umber of packets that matched the sniffer filter but could not be captured by the sniffer
View answer
Correct Answer: AC
Question #84
Which of the following statements are correct regardingapplication layer test commands? (Choose two.)
A. he IP address recorded in the logon event for the user STUDENT
B. he DNS name resolution for the workstation name INTERNAL2
C. he source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2
D. he reserve DNS lookup forthe IP address 192
View answer
Correct Answer: CD
Question #85
An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?
A. ortiGate uses CN information from the Subject field in the server's certificate
B. ortiGate switches to the full SSL inspection method to decrypt the data
C. ortiGate blocks the request without any further inspection
D. ortiGate uses the requested URL from the user's web browser
View answer
Correct Answer: C
Question #86
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.Which statements are correct regarding the output shown? (Choose two.)
A. edir
B. irty
C. ynced
D. ds
View answer
Correct Answer: AC
Question #87
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.Why didn’t the script make any changes to the managed device?
A. ommands that start with the # sign are not executed
B. LI scripts will add objects only if they are referenced by policies
C. ncomplete commands are ignored in CLI scripts
D. tatic routes can only be added using TCL scripts
View answer
Correct Answer: A
Question #88
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
A. eighbor range
B. oute reflector
C. ext-hop-self
D. eighbor group
View answer
Correct Answer: B
Question #89
Exhibit.Refer to the exhibit, which shows information about an OSPF interlaceWhat two conclusions can you draw from this command output? (Choose two.)
A. Ps and CPs are enabled
B. nly CPs arc disabled
C. nly NPs are disabled
D. Ps and CPs arc disabled
View answer
Correct Answer: AD
Question #90
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)
A. his session is for HA heartbeat traffic
B. his session is synced with the slave unit
C. he inspection of this session has been offloaded to the slave unit
D. his session cannot be synced with the slave unit
View answer
Correct Answer: BD
Question #91
Refer to the exhibit, which shows a routing table.What two options can you configure in OSPF to block the advertisement of the 10.1.10.0 prefix? (Choose two.)
A. emove the 16
B. onfigure a distribute-list-out
C. onfigure a route-map out
D. isable Redistribute Connected
View answer
Correct Answer: BC
Question #92
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
A. iagnose sniffer packet any ‘port 500’
B. iagnose sniffer packet any ‘esp’
C. iagnose sniffer packet any ‘host 10
D. iagnose sniffer packet any ‘port 4500’
View answer
Correct Answer: D
Question #93
When does a RADIUS server send an Access-Challenge packet?
A. he server does not have the user credentials yet
B. he server requires more information from the user, such as the token code for two-factor authentication
C. he user credentials are wrong
D. he user account is not found in the server
View answer
Correct Answer: B
Question #94
What does the dirty flag mean in a FortiGate session?
A. hange phase 1encryption to AESCBC and authentication to SHA128
B. hange phase 1 encryption to 3DES and authentication to CBC
C. hange phase 1 encryption to AES128 and authentication to SHA512
D. hange phase 1 encryption to 3DES and authentication to SHA256
View answer
Correct Answer: B
Question #95
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
A. iagnose sniffer packet any ‘port 500’
B. iagnose sniffer packet any ‘esp’
C. iagnose sniffer packet any ‘host 10
D. iagnose sniffer packet any ‘port 4500’
View answer
Correct Answer: D
Question #96
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
A. PS engine memory consumption has exceeded the model-specific predefined value
B. PS daemon experienced a crash
C. here are communication problems between the IPS engine and the management database
D. ll IPS-related features have been disabled in FortiGate’s configuration
View answer
Correct Answer: AD
Question #97
Refer to the exhibit, which contains a partial output of an IKE real-time debug.
A. auto-discovery-receiver
B. auto-discovery-forwarder
C. auto-discovery-sender
D. auto-discovery-shortcut
View answer
Correct Answer: B
Question #98
Refer to the exhibit, which shows the output of a diagnose command.What can be concluded about the debug output in this scenario?
A. Servers with a negative TZ value are less preferred for rating requests
B. There is a natural correlation between the value in the Packets field and the value in the Weight field
C. FortiGate used 64
D. The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121
View answer
Correct Answer: D
Question #99
View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?Which of the following statements is true regarding this output?
A. t inspects incoming traffic to protect services in the corporate DMZ
B. t is the first line of defense at the network perimeter
C. t splits the network into multiple security segments to minimize the impact of breaches
D. t is an all-in-one security appliance that is placed at remote sites to extend the enterprise network
View answer
Correct Answer: C
Question #100
View the global IPS configuration, and then answer the question below.Which of the following statements is true regarding this configuration?
A. PS will scan every byte in every session
B. ortiGate will spawn IPS engine instances based on the system load
C. ew packets will be passed through without inspection if the IPS socket buffer runs out of memory
D. PS will use the faster matching algorithm which is only available for units with more than 4 GB memory
View answer
Correct Answer: A
Question #101
View the exhibit, which contains the output of a diagnose command, and then answer the question below.Which statements are true regarding the output in the exhibit? (Choose two.)
A. raffic has been blocked by the antivirus inspection
B. he next packet must be re-evaluated against the firewall policies
C. he session must be removed from the former primary unit after an HA failover
D. raffic has been identified as from an application that is not allowed
View answer
Correct Answer: AD
Question #102
Which of the following statements are correct regarding application layer test commands? (Choose two.)
A. v-failopen
B. em-failopen
C. tm-failopen
D. ps-failopen
View answer
Correct Answer: CD

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.