Fortinet nse7-efw-6-4 practice test
Fortinet NSE 7 - Enterprise Firewall 6.4 Exam
Question 1
Which two statements about an auxiliary session are true? (Choose two.)
- A. With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.
- B. With the auxiliary session setting enabled, two sessions will be created in case of routing change.
- C. With the auxiliary session setting disabled, for each traffic path, FortiGate will use the same auxiliary session.
- D. With the auxiliary session disabled, only auxiliary sessions will be offloaded.
Answer:
C, D
Reference:
https://docs.fortinet.com/document/fortigate/7.0.1/administration-
guide/14295/controlling-return-path-with-auxiliary-session
Question 2
Which two statements about the Security Fabric are true? (Choose two.)
- A. Only the root FortiGate collects network information and forwards it to FortiAnalyzer.
- B. FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.
- C. All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity.
- D. Branch FortiGate devices must be configured first.
Answer:
B, C
Reference:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/327890/deploying-
security-fabric
Question 3
Which two statements about bulk configuration changes made using FortiManager CLI scripts are
correct? (Choose two.)
- A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.
- B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
- C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.
- D. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.
Answer:
A, B
Reference:
https://docs.fortinet.com/document/fortimanager/6.2.1/administration-guide/71780/cli-
scripts
Question 4
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover,
the administrator notices that some of the switches in the network continue to send traffic to the
former primary device. The administrator decides to enable the setting link-failed-signal to fix the
problem.
Which statement about this setting is true?
- A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
- B. It sends a link failed signal to all connected devices.
- C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.
- D. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.
Answer:
D
Reference:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40860&sliceId=1
Question 5
Which two statements about OCVPN are true? (Choose two.)
- A. Only root vdom supports OCVPN.
- B. OCVPN supports static and dynamic IPs in WAN interface.
- C. OCVPN offers only Hub-Spoke VPNs.
- D. FortiGate devices under different FortiCare accounts can be used to form OCVPN.
Answer:
A, B
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/977344/one-click-vpn-ocvpn
https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/496884/overlay-controller-vpn-
ocvpn
Question 6
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?
- A. auto-discovery-shortcut
- B. auto-discovery-forwarder
- C. auto-discovery-sender
- D. auto-discovery-receiver
Answer:
C
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/320160/example-advpn-
configuration
Question 7
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured
a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that
is passing through the policy.
What must the administrator change to fix the issue?
- A. The administrator must increase webfilter-timeout.
- B. The administrator must disable webfilter-force-off.
- C. The administrator must change protocol to TCP.
- D. The administrator must enable fortiguard-anycast.
Answer:
D
Reference:
https://docs.fortinet.com/document/fortigate/6.4.5/cli-reference/109620/config-system-
fortiguard
Question 8
Refer to the exhibit, which contains the debug output of diagnose dvm device list.
Which two statements about the output shown in the exhibit are correct? (Choose two.)
- A. ADOMs are disabled on the FortiManager
- B. The FortiGate configuration is in sync with latest running revision history.
- C. There are pending device-level changes yet to be installed on Local-FortiGate.
- D. The policy package has been modified for Local-FortiGate.
Answer:
B, C
Reference:
https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade-guide/959309/cli-
example-of-diagnose-dvm-device-list
Question 9
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)
- A. The remote gateway IP address is 10.0.0.1.
- B. The initiator provided remote as its IPsec peer ID.
- C. It shows a phase 1 negotiation.
- D. The negotiation is using AES128 encryption with CBC hash.
Answer:
B, C
Question 10
Refer to the exhibit, which contains the partial output of a diagnose command.
Based on the output, which two statements are correct? (Choose two.)
- A. Anti-replay is enabled
- B. The remote gateway IP is 10.200.4.1.
- C. DPD is disabled.
- D. Quick mode selectors are disabled.
Answer:
A, B