NSE7_EFW-6.4 Online Practice Questions and Answers
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)
A. The remote gateway IP address is 10.0.0.1.
B. The initiator provided remote as its IPsec peer ID.
C. It shows a phase 1 negotiation.
D. The negotiation is using AES128 encryption with CBC hash.
Examine the IPsec configuration shown in the exhibit; then answer the question below.
An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands: diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged
between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?
A. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
B. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.
C. The IKE real time debug shows the phase 1 negotiation only. For information after that, the
administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.
Why didn't the script make any changes to the managed device?
A. Commands that start with the # sign are not executed.
B. CLI scripts will add objects only if they are referenced by policies.
C. Incomplete commands are ignored in CLI scripts.
D. Static routes can only be added using TCL scripts.
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.
The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:
However, the IKE real time debug does not show any output. Why?
A. The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.
B. The log-filter setting was set incorrectly. The VPN's traffic does not match this filter.
C. The debug shows only error messages. If there is no output, then the tunnel is operating normally.
D. The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.
View the IPS exit log, and then answer the question below.
# diagnose test application ipsmonitor 3 ipsengine exit log"
pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017 code = 11, reason: manual What is the status of IPS on this FortiGate?
A. IPS engine memory consumption has exceeded the model-specific predefined value.
B. IPS daemon experienced a crash.
C. There are communication problems between the IPS engine and the management database.
D. All IPS-related features have been disabled in FortiGate's configuration.
Refer to the exhibit, which contains partial outputs from two routing debug commands.
Why is the port2 default route not in the second command's output?
A. It has a higher priority value than the default route using port1.
B. It is disabled in the FortiGate configuration.
C. It has a lower priority value than the default route using port1.
D. It has a higher distance than the default route using port1.
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
A. Neighbor range
B. Route reflector
C. Next-hop-self
D. Neighbor group
View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?
Which of the following statements is true regarding this output?
A. The requested URL belongs to category ID 255.
B. The server hostname Is training, fortinet.com.
C. FortiGate found the requested URL in its local cache.
D. This web request was inspected using the ftgd-allow web filler profile.
Why select/choose certbus.com?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
Copyright © 2004-2025 certbus.com, All Rights Reserved.