Certbus > Fortinet > Fortinet Certifications > NSE7_EFW-6.4 > NSE7_EFW-6.4 Online Practice Questions and Answers

NSE7_EFW-6.4 Online Practice Questions and Answers

Questions 4

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

A. The remote gateway IP address is 10.0.0.1.

B. The initiator provided remote as its IPsec peer ID.

C. It shows a phase 1 negotiation.

D. The negotiation is using AES128 encryption with CBC hash.

Browse 122 Q&As
Questions 5

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands: diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged

between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?

A. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

B. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.

C. The IKE real time debug shows the phase 1 negotiation only. For information after that, the

administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.

D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Browse 122 Q&As
Questions 6

An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn't the script make any changes to the managed device?

A. Commands that start with the # sign are not executed.

B. CLI scripts will add objects only if they are referenced by policies.

C. Incomplete commands are ignored in CLI scripts.

D. Static routes can only be added using TCL scripts.

Browse 122 Q&As
Questions 7

View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

A. The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.

B. The log-filter setting was set incorrectly. The VPN's traffic does not match this filter.

C. The debug shows only error messages. If there is no output, then the tunnel is operating normally.

D. The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

Browse 122 Q&As
Questions 8

View the IPS exit log, and then answer the question below.

# diagnose test application ipsmonitor 3 ipsengine exit log"

pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017 code = 11, reason: manual What is the status of IPS on this FortiGate?

A. IPS engine memory consumption has exceeded the model-specific predefined value.

B. IPS daemon experienced a crash.

C. There are communication problems between the IPS engine and the management database.

D. All IPS-related features have been disabled in FortiGate's configuration.

Browse 122 Q&As
Questions 9

Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

A. It has a higher priority value than the default route using port1.

B. It is disabled in the FortiGate configuration.

C. It has a lower priority value than the default route using port1.

D. It has a higher distance than the default route using port1.

Browse 122 Q&As
Questions 10

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

A. Neighbor range

B. Route reflector

C. Next-hop-self

D. Neighbor group

Browse 122 Q&As
Questions 11

View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Which of the following statements is true regarding this output?

A. The requested URL belongs to category ID 255.

B. The server hostname Is training, fortinet.com.

C. FortiGate found the requested URL in its local cache.

D. This web request was inspected using the ftgd-allow web filler profile.

Browse 122 Q&As
Exam Code: NSE7_EFW-6.4
Exam Name: Fortinet NSE 7 - Enterprise Firewall 6.4
Last Update: Mar 17, 2025
Questions: 122 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99