HomeFortinetNetwork Security Expert ProgramNSE7 Enterprise Firewall – FortiOS 5.4 Exam Dumps
July 23, 2019

NSE7 Enterprise Firewall – FortiOS 5.4 Exam Dumps

The NSE 7 Network Security Architect designation identifies a candidate’s advanced skills in deploying, administering, and troubleshooting Fortinet security solutions. Enterprise Firewall – FortiOS 5.4 is one of NSE 7 Certification exam. This exam was marked as NSE7_EFW exam. When you come to DumpsBase for Enterprise Firewall – FortiOS 5.4 dumps, just search NSE7 for the correct materials. DumpsBase offers NSE7 Enterprise Firewall – FortiOS 5.4 Exam Dumps for clearing NSE7_EFW exam successfully. However, NSE7_EFW exam is to be retired on September 21st, 2019, you need to arrange your exam in time.

Free NSE7 Demo Questions Online, Check Before Buying

1. Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:

– diagnose vpn ike log-filter src-addr4 10.0.10.1

– diagnose debug application ike -1

– diagnose debug enable

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways.

However, the IKE real time debug does NOT show any output.

Why isn’t there any output?

 
 
 
 

2. Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

 
 
 
 
 

3. A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and

got the following output:

>dsquery user Csamid administrator

“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab”

Based on the output, what FortiGate LDAP setting is configured incorrectly?

 
 
 
 

4. Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

 
 
 
 

5. A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the ‘diagnose debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems.

What should the administrator check? (Choose two.)

 
 
 
 

6. An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage.

However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions.

Which TCP session timer must be increased to fix this problem?

 
 
 
 

7. An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any “host 10.0.2.10” 2 What information is included in the output of the sniffer? (Choose two.)

 
 
 
 

8. Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

 
 
 
 

9. Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

 
 
 
 

10. Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

 
 
 
 

11. Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

 
 
 
 

12. A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website.

The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

 
 
 
 

13. Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

 
 
 
 

14. Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; than answer the question below.

Which statement is true regarding the session in the exhibit?

 
 
 
 

15. An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link.

What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

 
 
 
 
 

16. An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.

The administrator has also enabled the IKE real time debug:

– diagnose debug application ike-1

– diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

 
 
 
 

17. Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network.

What HA setting must be changed in one of the HA clusters to fix the problem?

 
 
 
 

18. When does a RADIUS server send an Access-Challenge packet?

 
 
 
 

19. The logs in a FSSO collector agent (CA) are showing the following error:

failed to connect to registry: PIKA1026 (192.168.12.232)

What can be the reason for this error?

 
 
 
 

20. Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

 
 
 
 

21. A FortiGate has two default routes:

All Internet traffic is currently using port1.

The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

 
 
 
 

22. What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

 
 
 
 

23. Examine the following partial outputs from two routing debug commands; then answer the question below:

Why the default route using port2 is not displayed in the output of the second command?

 
 
 
 

24. A FortiGate is rebooting unexpectedly without any apparent reason.

What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

 
 
 
 

25. An administrator has enabled HA session synchronization in a HA cluster with two members.

Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit?

 
 
 
 

26. Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

 
 
 
 

27. Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

 
 
 
 

28. Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Why didn’t the tunnel come up?

 
 
 
 

29. A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

 
 
 
 

30. Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

 
 
 
 

31. View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

 
 
 
 

32. View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

 
 
 
 

33. View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

 
 
 
 

34. Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

 
 
 
 

35. Which of the following tasks are automated using the Install Wizard on FortiManager? (Choose two.)

 
 
 
 
 

NSE 7 Enterprise Firewall NSE7_EFW-6.0 Exam Dumps
New NSE 5 Certified NSE5_FAZ-6.0 Exam Dumps
Tags:, ,

Related Posts

About The Author

dumps

From our dumpsbase platform you could search what exams you need then test or practice online by yourself. Download the PDF file if you need directly. Any other questions you can mail [email protected]

Add a Comment

Your email address will not be published. Required fields are marked *