DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass the Fortinet NSE7 Exam Easily with Updated NSE7_EFW-7.2 Practice Questions

Preparing for the Fortinet NSE7_EFW-7.2 exam requires a comprehensive study plan, and SPOTO provides valuable resources to assist you in your preparation journey. Their collection of exam questions and answers is specifically tailored to mimic the real exam scenario, allowing you to practice effectively and gain confidence. By engaging with SPOTO's test questions, you can assess your understanding of key concepts and identify areas that need improvement. Their study materials offer thorough coverage of the exam syllabus, equipping you with the knowledge and skills needed to pass the exam successfully. SPOTO offers exam resources such as tips, strategies, and mock exams to enhance your preparation further. Participating in mock exams helps you simulate the actual exam environment, improving your time management and exam-taking strategies. With SPOTO's support, you can prepare efficiently and increase your chances of passing the NSE7_EFW-7.2 exam with flying colors.
Take other online exams

Question #1
Exhibit.Refer to the exhibit, which shows information about an OSPF interlaceWhat two conclusions can you draw from this command output? (Choose two.)
A. he port3 network has more man one OSPF router
B. he OSPF routers are in the area ID of 0
C. he interfaces of the OSPF routers match the MTU value that is configured as 1500
D. GFW-1 is the designated router
View answer
Correct Answer: AD
Question #2
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:What should the administrator check to fix the problem?
A. he connectivity between the FortiGate unit and the DNS server
B. he connectivity between the client workstations and the DNS server
C. hat DNS traffic from client workstations isallowed by the explicit web proxy policies
D. hat DNS service is enabled in the explicit web proxy interface
View answer
Correct Answer: A
Question #3
View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?
A. t inspects incoming traffic to protect services in the corporate DMZ
B. t is the first line of defense at the network perimeter
C. t splits the network into multiple security segments to minimize the impact of breaches
D. t is an all-in-one security appliance that is placed at remotesites to extend the enterprise network
View answer
Correct Answer: C
Question #4
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
A. nable the redistribution of connected routers into BGP
B. nable the redistribution of static routers into BGP
C. isable the setting network-import-check
D. nable the setting ebgp-multipath
View answer
Correct Answer: CD
Question #5
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.Why didn’t the tunnel come up?
A. he pre-shared keys do not match
B. he remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration
C. he remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration
D. he remote gateway is using aggressive mode and the local gateway is configured to use man mode
View answer
Correct Answer: C
Question #6
Examine the output of the `get router info ospf neighbor' command shown in the exhibit; then answer the question below.Which statements are true regarding the output in the exhibit? (Choose two.)
A. ser student is not found in the LDAP server
B. ser student is using a wrong password
C. he FortiGate has been configured with the wrong password for the LDAP administrator
D. he FortiGate has been configured with the wrong authentication schema
View answer
Correct Answer: AC
Question #7
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.Which one of the following statements explains why the cache statistics are all zeros?
A. uto-discovery-sender
B. uto-discovery-forwarder
C. uto-discovery-shortcut
D. uto-discovery-receiver
View answer
Correct Answer: C
Question #8
Refer to the exhibit, which shows the output of diagnose sys session stat.Which statement about the output shown in the exhibit is correct?
A. There are two sessions that have not been removed in case of any out-of-order packets that arrive
B. There are 166 TCP sessions waiting to complete the three-way handshake
C. 162 sessions have been deleted because of memory page exhaustion
D. All the sessions in the session table are TCP sessions
View answer
Correct Answer: B
Question #9
An administrator wants to capture ESP traffic between two Fortigate devices using the built-in sniffer.If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?
A. diagnose sniffer packet any ?€?esp?€?
B. diagnose sniffer packet any ?€?udp port 4500?€?
C. diagnose sniffer packet any ?€?tcp port 500 or tcp port 4500?€?
D. diagnose sniffer packet any ?€?udp port 500?€?
View answer
Correct Answer: A
Question #10
Examine the following routing table and BGP configuration; then answer the question below.The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?
A. CP half open
B. CP half close
C. CP time wait
D. CP session time to live
View answer
Correct Answer: C
Question #11
Examine the following traffic log; then answer the question below.date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."What does the log mean?
A. here is not enough available memory in the system to create a new entry inthe NAT port table
B. he limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached
C. ortiGate does not have any available NAT port for a new connection
D. he limit for the maximum number of entries in the NAT port table has been reached
View answer
Correct Answer: B
Question #12
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below.Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
A. PS will scan every byte in every session
B. ortiGate will spawn IPS engine instances based on the system load
C. ew packets will be passed through without inspection if the IPS socket buffer runs out of memory
D. PS will use the faster matching algorithm which is only available for units with more than 4 GB memory
View answer
Correct Answer: B
Question #13
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?
A. ortiGate will exempt the connection based on the Web Content Filter configuration
B. ortiGate will block the connection based on the URL Filter configuration
C. ortiGate will allow the connection based on the FortiGuard category based filter configuration
D. ortiGate will block the connection as an invalid URL
View answer
Correct Answer: B
Question #14
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does notprovide the server name indication (SNI) extension?
A. ortiGate uses the requested URL from the user's web browser
B. ortiGate uses the CN information from the Subject field in the server certificate
C. ortiGate blocks the request without any furtherinspection
D. ortiGate switches to the full SSL inspection method to decrypt the data
View answer
Correct Answer: B
Question #15
Examine the output of the `diagnose sys session list expectation' command shown in the exhibit; than answer the question below.Which statement is true regarding the session in the exhibit?
A. t was created by the FortiGate kernel to allow push updates from FotiGuard
B. t is for managementtraffic terminating at the FortiGate
C. t is for traffic originated from the FortiGate
D. t was created by a session helper or ALG
View answer
Correct Answer: D
Question #16
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.Why didn’t the tunnel come up?
A. KE mode configuration is not enabled in the remote IPsec gateway
B. he remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration
C. he remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration
D. ne IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode
View answer
Correct Answer: C
Question #17
View the following FortiGate configuration.All traffic to theInternet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?
A. he session would remain in the session table, and its traffic would still egress from port1
B. he session would remain in the session table, but its traffic would now egress from both port1 and port2
C. he session would remain in thesession table, and its traffic would start to egress from port2
D. he session would be deleted, so the client would need to start a new session
View answer
Correct Answer: A
Question #18
View the exhibit, which contains theoutput of get sys ha status, and then answer the question below.Which statements are correct regarding the output? (Choose two.)
A. ortiManager can download and maintain local copies of FortiGuard databases
B. ortiManager supports only FortiGuard push to managed devices
C. ortiManager will respond to update requests only if they originate from a managed device
D. ortiManager does not support rating requests
View answer
Correct Answer: AD
Question #19
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)
A. nid
B. sername
C. assword
D. n
View answer
Correct Answer: BCD
Question #20
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:What should the administrator check to fix the problem?
A. iagnose debug application radius -1
B. iagnose debug application fnbamd -1
C. iagnose authd console –log enable
D. iagnose radius console –log enable
View answer
Correct Answer: A
Question #21
View the exhibit, which contains the output of a diagnose command, and then answer the question below.Which statements are true regarding the output in the exhibit? (Choose two.)
A. raffic has been blocked by the antivirus inspection
B. he next packet must be re-evaluated against the firewall policies
C. he session must be removed from the former primary unit after an HA failover
D. raffic has been identified as from an application that is not allowed
View answer
Correct Answer: AD
Question #22
A FortiGate has two default routes:All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?
A. he session would be deleted, and the client would need to start a new session
B. he session would remain in the session table, and its traffic would start to egress from port2
C. he session would remain in the session table, but its traffic would now egress from both port1 and port2
D. he session would remain in the session table, and its traffic would still egress from port1
View answer
Correct Answer: D
Question #23
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
A. eighbor range
B. oute reflector
C. ext-hop-self
D. eighbor group
View answer
Correct Answer: B
Question #24
View the exhibit, which contains the output of a debug command, and then answer the question below.Which of the following statements about the exhibit are true? (Choose two.)
A. ortiManager can download and maintain local copies of FortiGuard databases
B. ortiManager supports only FortiGuard push to managed devices
C. ortiManager will respond to update requests only if they originate from a managed device
D. ortiManager does not support rating requests
View answer
Correct Answer: BC
Question #25
Refer to exhibit, which contains the output of a BGP debug command.Which statement explains why the state of the 10.200.3.1 peer is Connect?
A. he local router is receiving BGP keepalives from theremote peer, but the local peer has not received the OpenConfirm yet
B. he TCP session to 10
C. he local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet
D. he local router has received the BGP prefixes from the remote peer
View answer
Correct Answer: B
Question #26
View the exhibit, which contains the output of a debug command, and then answer the question below.What statement is correct about this FortiGate?
A. t iscurrently in system conserve mode because of high CPU usage
B. t is currently in FD conserve mode
C. t is currently in kernel conserve mode because of high memory usage
D. t is currently in system conserve mode because of high memory usage
View answer
Correct Answer: D
Question #27
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
A. PS engine memory consumption has exceeded the model-specific predefined value
B. PS daemon experienced a crash
C. here are communication problems between the IPS engine and the management database
D. ll IPS-related features have been disabled in FortiGate’s configuration
View answer
Correct Answer: AD
Question #28
View the exhibit, which contains a session entry, and then answer the question below.Which statement is correct regarding this session?
A. t is an ICMP session from 10
B. t is an ICMP session from 10
C. t is a TCP session in ESTABLISHED state from 10
D. t is a TCP session in CLOSE_WAIT state from 10
View answer
Correct Answer: B
Question #29
Refer to the exhibit, which contains the output of a debug command.
A. It is currently in memory conserve mode because of high memory usage
B. It is currently in extreme conserve mode because of high memory usage
C. It is currently in system conserve mode because of high CPU usage
D. It is currently in proxy conserve mode because of high memory usage
View answer
Correct Answer: A
Question #30
Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; thenanswer the question below.Which statements are true regarding the output in the exhibit? (Choose two.) Refer to the exhibit, which shows the output of a debug command.Which statement about the output is true?
A. heOSPF routers with the IDs 0
B. he OSPF router with the ID 0
C. he local FortiGate is the designated router for the wan1 network
D. he interface ToRemote is a point-to-point OSPF network
View answer
Correct Answer: D
Question #31
A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)
A. raffic has been blocked by the antivirus inspection
B. he next packet must be re-evaluated against the firewall policies
C. he session must be removed from the former primaryunit after an HA failover
D. raffic has been identified as from an application that is not allowed
View answer
Correct Answer: AD
Question #32
Refer to the exhibit, which shows a central management configuration.Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage?
A. Public FortiGuard servers
B. 10
C. 10
D. 10
View answer
Correct Answer: A
Question #33
Examine the following partial outputs from two routing debug commands; then answer the question below: Why the default route using port2 is not displayed in the output of the second command?
A. edir
B. irty
C. ynced
D. ds
View answer
Correct Answer: C
Question #34
Refer to the exhibit, which shows a partial routing table.
A. Source IP address: 10
B. Source IP address: 10
C. Source IP address: 10
D. Source IP address: 10
View answer
Correct Answer: BD
Question #35
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this prob
A. CP half open
B. CP half close
C. CP time wait
D. CP session time to live
View answer
Correct Answer: A
Question #36
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?
A. he local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet
B. he TCP session for the BGP connection to 10
C. he local peer has received the BGP prefixed from the remote peer
D. he local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet
View answer
Correct Answer: B
Question #37
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.Why didn’t the script make any changes to the managed device?
A. ommands that start with the # sign are not executed
B. LI scripts will add objects only if they are referenced by policies
C. ncomplete commands are ignored in CLI scripts
D. tatic routes can only be added using TCL scripts
View answer
Correct Answer: A
Question #38
View the exhibit, which contains an entry in the session table, and then answer the question below.Which one of the following statements is true regarding FortiGate’s inspection of this session?
A. ortiGate applied proxy-based inspection
B. ortiGate forwarded this session without any inspection
C. ortiGate applied flow-based inspection
D. ortiGate applied explicit proxy-based inspection
View answer
Correct Answer: A
Question #39
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?
A. iagnose sniffer packet any ‘udp port 500’
B. iagnose sniffer packet any ‘udp port 4500’
C. iagnose sniffer packet any ‘esp’
D. iagnose sniffer packet any ‘udp port 500 or udp port 4500’
View answer
Correct Answer: C
Question #40
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.Based on the output, which of the following statements is correct?
A. nti-reply is enabled
B. PD is disabled
C. uick mode selectors are disabled
D. emote gateway IP is 10
View answer
Correct Answer: A
Question #41
Which two statements about an auxiliary session are true? (Choose two.)
A. With the auxiliary session setting disabled, only auxiliary sessions are offloaded
B. With the auxiliary session setting enabled, two sessions are created in case of routing change
C. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor
D. With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session
View answer
Correct Answer: BC
Question #42
Refer to the exhibit, which contains partial outputs from two routing debug commands.Why is the port2 default route not in the second command's output?
A. t has a higher priority value than the default route using port1
B. t is disabled in the FortiGate configuration
C. t has a lowerpriority value than the default route using port1
D. t has a higher distance than the default route using port1
View answer
Correct Answer: D
Question #43
The logs in a FSSO collector agent (CA) are showing the following error:failed to connect to registry: PIKA1026 (192.168.12.232)What can be the reason for this error?
A. he CA cannot resolve the name of the workstation
B. he FortiGate cannot resolve the name of the workstation
C. he remote registry service is not running in the workstation 192
D. he CA cannot reach the FortiGate with the IP address 192
View answer
Correct Answer: C
Question #44
View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?Which of the following statements is true regarding this output?
A. t inspects incoming traffic to protect services in the corporate DMZ
B. t is the first line of defense at the network perimeter
C. t splits the network into multiple security segments to minimize the impact of breaches
D. t is an all-in-one security appliance that is placed at remote sites to extend the enterprise network
View answer
Correct Answer: C
Question #45
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.Which of the following statements about the exhibit are true? (Choose two.)
A. he administrator has reallocated the cache memory to a separate process
B. here are no users making web requests
C. he FortiGuard web filter cache is disabled in the FortiGate’s configuration
D. ortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection
View answer
Correct Answer: AD
Question #46
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:-diagnose debug application ike-1-diagnose debug enableIn which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
A. roup ID
B. roup name
C. ession pickup
D. ratuitous ARPs
View answer
Correct Answer: B
Question #47
Examine the output ofthe `get router info bgp summary' command shown in the exhibit; then answer the question below.Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?
A. he local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet
B. he TCP session for the BGP connection to 10
C. he local peer has received the BGP prefixed from the remote peer
D. he local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet
View answer
Correct Answer: B
Question #48
Examine the IPsec configuration shown in the exhibit; then answer the question below.An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:-diagnose vpn ike log-filter src-addr4 10.0.10.1-diagnose debug application ike -1-diagnose debug enableThe VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?
A. he IKE real time shows the phases 1 and 2 negotiations only
B. he log-filter setting is set incorrectly
C. he IKE real time debug shows the phase 1 negotiation only
D. he IKE real time debug shows error messages only
View answer
Correct Answer: B
Question #49
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.Why didn’t the tunnel come up?
A. he pre-shared keys do not match
B. he remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration
C. he remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration
D. he remote gateway is using aggressive mode and the local gateway is configured to use man mode
View answer
Correct Answer: C
Question #50
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.Which IP addresses are included in the output of this command?
A. hose whose traffic matches a DoS policy
B. hose whose traffic matches an IPS sensor
C. hose whose traffic exceeded a threshold of a matching DoS policy
D. hose whose traffic was detected as an anomaly by an IPS sensor
View answer
Correct Answer: A
Question #51
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this prob
A. CP half open
B. CP half close
C. CP time wait
D. CP session time to live
View answer
Correct Answer: A
Question #52
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.Why didn't the tunnel come up?
A. he pre-shared keys do not match
B. he remote gateway's phase 2configuration does not match the local gateway's phase 2 configuration
C. he remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration
D. he remote gateway is using aggressive mode and the local gateway is configured to use man mode
View answer
Correct Answer: C
Question #53
Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)
A. his session is for HA heartbeat traffic
B. his session is synced with the slave unit
C. he inspection of this session has been offloaded to the slave unit
D. his session cannot be synced with the slave unit
View answer
Correct Answer: BD
Question #54
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.Which statements are true regarding the output in the exhibit? (Choose two.)
A. umber of packets that didn’t match the sniffer filter
B. umber of total packets dropped by the FortiGate
C. umber of packets that matched the sniffer filter and were dropped by the FortiGate
D. umber of packets that matched the sniffer filter but could not be captured by the sniffer
View answer
Correct Answer: AC
Question #55
A FortiGate has two default routes:All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?
A. he session would be deleted, and the client would need to start a new session
B. he session would remain in the session table, and its traffic would start to egress from port2
C. he session would remain in the session table, but its traffic would now egress from both port1 and port2
D. he session would remain in the session table, and its traffic would still egress from port1
View answer
Correct Answer: D
Question #56
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.Which one of the following statements explains why the cache statistics are all zeros?
A. uto-discovery-sender
B. uto-discovery-forwarder
C. uto-discovery-shortcut
D. uto-discovery-receiver
View answer
Correct Answer: C
Question #57
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
A. OSPF peer IDs match
B. IP addresses are in the same subnet
C. Hello and dead intervals match
D. OSPF IP MTUs match
E. OSPF costs match
View answer
Correct Answer: BCD
Question #58
What configuration changes can reduce the memory utilization in aFortiGate? (Choose two.)
A. ortiGate limits the number of simultaneous sessions per explicit web proxy user
B. ortiGate limits the total number of simultaneous explicit web proxy users
C. ortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
D. ortiGate limits the number of workstations that authenticate using thesame web proxy user credentials
View answer
Correct Answer: AD
Question #59
Examine the IPsec configuration shown in the exhibit; then answer the question below.An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:-diagnose vpn ike log-filter src-addr4 10.0.10.1-diagnose debug application ike -1-diagnose debug enableThe VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?
A. he IKE real time shows the phases 1 and 2 negotiations only
B. he log-filter setting is set incorrectly
C. he IKE real time debug shows the phase 1 negotiation only
D. he IKE real time debug shows error messages only
View answer
Correct Answer: B
Question #60
Refer to the exhibit, which contains the output of a diagnose command.
A. It determines which FortiGuard server is used for license validation
B. Its initial value is statically set to 10
C. Its value is incremented with each packet lost
D. Its initial value is calculated based on the round trip delay (RTT)
View answer
Correct Answer: C
Question #61
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.Which statements about this debug output are correct? (Choose two.)
A. ortiGate uses CN information from the Subject field in the server’s certificate
B. ortiGate switches to the full SSL inspection method to decrypt the data
C. ortiGate blocks the request without any further inspection
D. ortiGate uses the requested URL from the user’s web browser
View answer
Correct Answer: BD
Question #62
Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?
A. Set protected network to all
B. Enable AD-VPN in IPsec phase 1
C. Configure IP addresses on IPsec virtual interfaces
D. Disable add-route on hub
View answer
Correct Answer: C
Question #63
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the `diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)
A. ortiGate limits the number of simultaneous sessions per explicit web proxy user
B. ortiGate limits the total number of simultaneous explicit web proxy users
C. ortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
D. ortiGate limits the number of workstations that authenticate using the same web proxy usercredentials
View answer
Correct Answer: AD
Question #64
Which two statements about metadata variables are true? (Choose two.)
A. he access is blocked based on the Content Filter configuration
B. he access is allowed based on the FortiGuard Category Based Filter configuration
C. he access is blocked based on the URL Filter configuration
D. he access is hocked if the local or the public FortiGuard server does not reply
View answer
Correct Answer: BD
Question #65
View the following FortiGate configuration.All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching thatuser’s session?
A. he session would remain in the session table, and its traffic would still egress from port1
B. he session would remain in the session table, but its traffic would now egress from both port1 and port2
C. he session would remain in the session table, and its traffic would start to egress from port2
D. he session would be deleted, so the client would need to start a new session
View answer
Correct Answer: A
Question #66
Refer to the exhibit, which contains partial output from an IKE real-time debug.
A. The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration
B. The pre-shared keys do not match
C. The remote gateway is configured to use aggressive mode and the local gateway is configured to use main mode
D. The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration
View answer
Correct Answer: A
Question #67
An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)
A. hase1; IKE mode configuration; XAuth; phase 2
B. hase1; XAuth; IKE mode configuration; phase2
C. hase1; XAuth; phase 2; IKE mode configuration
D. hase1; IKE mode configuration; phase 2; XAuth
View answer
Correct Answer: BDE
Question #68
An administrator is running the following sniffer in a FortiGate:diagnose sniffer packet any "host 10.0.2.10" 2What information is included in the output of the sniffer? (Choose two.)
A. ession would remain in the session table and its traffic would keep using port1 as the outgoing interface
B. ession would remain in the session table and its traffic would start using port2 as the outgoing interface
C. ession would be deleted, so the client would need to start a new session
D. ession would remain in the session table and its traffic would be shared between port1 and port2
View answer
Correct Answer: BC
Question #69
Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; thenanswer the question below.Which statements are true regarding the output in the exhibit? (Choose two.) Refer to the exhibit, which shows the output of a debug command.Which statement about the output is true?
A. heOSPF routers with the IDs 0
B. he OSPF router with the ID 0
C. he local FortiGate is the designated router for the wan1 network
D. he interface ToRemote is a point-to-point OSPF network
View answer
Correct Answer: D
Question #70
An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)
A. hase1; IKE mode configuration; XAuth; phase 2
B. hase1; XAuth; IKE mode configuration; phase2
C. hase1; XAuth; phase 2; IKE mode configuration
D. hase1; IKE mode configuration; phase 2; XAuth
View answer
Correct Answer: BDE
Question #71
Refer to the exhibit, which contains the output of diagnose sys session list.If the HA ID for the primary unit is zero (0), which statement about the output is true?
A. his session cannot be synced with the slave unit
B. he inspection of this session has been offloaded to the slave unit
C. he master unit is processing this traffic
D. his session is for HA heartbeat traffic
View answer
Correct Answer: C
Question #72
Which two tasks are automated using theInstall Wizard on FortiManager? (Choose two.)
A. t is currently in system conserve mode because of high CPU usage
B. t is currently in extreme conserve mode because of high memory usage
C. t is currently in proxy conserve mode because of high memory usage
D. t is currently in memory conserve mode because of high memory usage
View answer
Correct Answer: AD
Question #73
Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)
A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device
B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation
C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history
D. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device
View answer
Correct Answer: AB
Question #74
View the central management configuration shown in the exhibit, and then answer the question below.Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
A. 0
B. ne of the public FortiGuard distribution servers
C. 0
D. 0
View answer
Correct Answer: B
Question #75
Refer to the exhibit, which contains partial output from an IKE real-time debug.Why did the tunnel not come up?
A. The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway
B. The Diffie-Hellman group does not match on the local and remote gateways
C. The proposal ID does not match between local and remote gateways
D. The encapsulation method for phase 2 is set to none on local and remote gateways
View answer
Correct Answer: B
Question #76
Refer to the exhibit, which shows a session table entry.
A. FortiGate forwarded this session without any inspection
B. FortiGate applied proxy-based inspection
C. FortiGate applied flow-based NGFW policy-based inspection
D. FortiGate applied flow-based inspection
View answer
Correct Answer: B
Question #77
A FortiGate device has thefollowing LDAP configuration: The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:>dsquery user ­samid administrator"CN=Administrator, CN=Users, DC=trainingAD, DC=training,DC=lab"Based on the output, what FortiGate LDAP setting is configured incorrectly?
A. nid
B. sername
C. assword
D. n
View answer
Correct Answer: B
Question #78
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
A. eighbor range
B. oute reflector
C. ext-hop-self
D. eighbor group
View answer
Correct Answer: B
Question #79
An administrator has created a VPN community within VPN Manager on FortiManager. They also added gateways to the VPN community and are now trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces are not listed as available options.What step must the administrator take to resolve this issue?
A. Install the VPN community and gateway configuration to the FortiGate devices, in order for the interfaces to be displayed within Policy & Objects on FortiManager
B. Set up all of the phase 1 settings in the VPN community that they neglected to set up initially
C. Refresh the device status from the Device Manager so that FortiGate will populate the IPsec interfaces
D. Create interface mappings for the IPsec VPN interfaces, before they can be used in a policy
View answer
Correct Answer: D
Question #80
An administrator wants to capture ESP trafficbetween two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?
A. iagnose sniffer packet any `udp port 500'
B. iagnose sniffer packet any `udp port 4500'
C. iagnose sniffer packet any `esp'
D. iagnose sniffer packet any `udp port 500 or udp port 4500'
View answer
Correct Answer: C
Question #81
Refer to the exhibit, which shows the output of diagnose sys session list.
A. This session cannot be synced with the secondary device
B. This session is for HA talk traffic
C. The inspection of this session has been offloaded to the secondary device
D. The master unit is processing this traffic
View answer
Correct Answer: D
Question #82
Refer to the exhibit, which shows the output of a diagnose command.
A. FortiGate will probe 121
B. Servers with a negative TZ value are experiencing a service outage
C. Servers with the D flag are considered to be down
D. FortiGate used 209
View answer
Correct Answer: AD
Question #83
Which statement about memory conserve mode is true?
A. A FortiGate exits conserve mode when the configured memory use threshold reaches yellow
B. A FortiGate starts dropping all the new and old sessions when the configured memory use threshold reaches extreme
C. A FortiGate enters conserve mode when the configured memory use threshold reaches red
D. A FortiGate starts dropping new sessions when the configured memory use thresholds reaches red
View answer
Correct Answer: D
Question #84
Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?
A. FortiGate uses the CN information from the Subject field in the server certificate
B. FortiGate uses the first entry listed in the SAN field in the server certificate
C. FortiGate uses the SNI from the user's web browser
D. FortiGate closes the connection because this represents an invalid SSL/TLS configuration
View answer
Correct Answer: D
Question #85
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:diagnose debug application ike-1diagnose debug enableIn which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
A. hase1; IKE mode configuration; XAuth; phase 2
B. hase1; XAuth; IKE mode configuration; phase2
C. hase1; XAuth; phase 2; IKE mode configuration
D. hase1; IKE mode configuration; phase 2; XAuth
View answer
Correct Answer: B
Question #86
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?
A. orces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs
B. ends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover
C. ends a link failed signal to all connected devices
D. isables all the non-heartbeat interfaces in all the HA members for two seconds after a failover
View answer
Correct Answer: A
Question #87
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?
A. ortiGate will exempt the connection based on the Web Content Filter configuration
B. ortiGate will block the connection based on the URL Filter configuration
C. ortiGate will allow the connection based on the FortiGuard category based filter configuration
D. ortiGate will block the connection as an invalid URL
View answer
Correct Answer: B
Question #88
An administrator cannot connect to the GIU of a FortiGate unit with the IP address10.0.1.254. The administrator runs thedebug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)
A. he connectivity between the FortiGate unit and the DNS server
B. heconnectivity between the client workstations and the DNS server
C. hat DNS traffic from client workstations is allowed by the explicit web proxy policies
D. hat DNS service is enabled in the explicit web proxy interface
View answer
Correct Answer: AC
Question #89
Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)
A. nti-reply is enabled
B. PD is disabled
C. uick mode selectors are disabled
D. emote gateway IP is 10
View answer
Correct Answer: CDE
Question #90
Examine the following partial output from a sniffer command; then answer the question below.What is the meaning of the packets dropped counter at the end of the sniffer?
A. he connectivity between the FortiGate unit and the DNS server
B. he connectivity between the client workstations and the DNS server
C. hat DNS traffic from client workstations is allowed by the explicit web proxy policies
D. hat DNS service is enabled in the explicit web proxy interface
View answer
Correct Answer: D
Question #91
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)
A. nid
B. sername
C. assword
D. n
View answer
Correct Answer: BCD
Question #92
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?
A. he local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet
B. he TCP session for the BGP connection to 10
C. he local peer has received the BGP prefixed from the remote peer
D. he local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet
View answer
Correct Answer: B
Question #93
Which of the following statements are correct regarding application layer test commands? (Choose two.)
A. v-failopen
B. em-failopen
C. tm-failopen
D. ps-failopen
View answer
Correct Answer: CD
Question #94
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:-diagnose debug application ike-1-diagnose debug enableIn which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
A. roup ID
B. roup name
C. ession pickup
D. ratuitous ARPs
View answer
Correct Answer: B
Question #95
Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)
A. he link health monitor (if configured) is up
B. here is no other route, to the same destination, with a higher distance
C. he outgoing interface is up
D. he next-hop IP address is up
View answer
Correct Answer: AC
Question #96
An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?
A. erity Mai the speed and duplex settings match between me FortiGate interfaces and the connected switch ports
B. onfigure set link -failed signal enable under-config system ha on both Cluster members
C. onfigure remote Iink monitoring to detect an issue in the forwarding path
D. onfigure set send-garp-on-failover enables under config system ha on both cluster members
View answer
Correct Answer: B
Question #97
What is the diagnose test application ipsmonitor 99 command used for?
A. o enable IPS bypass mode
B. o provide information regarding IPS sessions
C. o disable the IPS engine
D. o restart all IPS engines and monitors
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: