NSE7_EFW-6.2 Online Practice Questions and Answers

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B. SIP ALG supports SIP HA failover; SIP helper does not.

C. SIP ALG supports SIP over IPv6; SIP helper does not.

D. SIP ALG can create expected sessions for media traffic; SIP helper does not.

E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

A. TCP half open.

B. TCP half close.

C. TCP time wait.

D. TCP session time to live.

Examine the output of the `get router info ospf neighbor' command shown in the exhibit; then answer the question below.

Which statements are true regarding the output in the exhibit? (Choose two.)

A. The interface ToRemote is OSPF network type point-to-point.

B. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.

C. The local FortiGate is the backup designated router for the wan1 network.

D. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1 network.

Examine the output of the `get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

B. The TCP session for the BGP connection to 10.200.3.1 is down.

C. The local peer has received the BGP prefixed from the remote peer.

D. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

A. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.

B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.

C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.

D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

A. diagnose sniffer packet any `udp port 500'

B. diagnose sniffer packet any `udp port 4500'

C. diagnose sniffer packet any `esp'

D. diagnose sniffer packet any `udp port 500 or udp port 4500'

What does the dirty flag mean in a FortiGate session?

A. Traffic has been blocked by the antivirus inspection.

B. The next packet must be re-evaluated against the firewall policies.

C. The session must be removed from the former primary unit after an HA failover.

D. Traffic has been identified as from an application that is not allowed.

Examine the following partial outputs from two routing debug commands; then answer the question below. # get router info kernel tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3) # get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2

Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

A. port!

B. port2.

C. Both portl and port2.

D. port3.

Examine the following partial output from two system debug commands; then answer the question below.

Which of the following statements are true regarding the above outputs? (Choose two.)

A. The unit is running a 32-bit FortiOS

B. The unit is in kernel conserve mode

C. The Cached value is always the Active value plus the Inactive value

D. Kernel indirectly accesses the low memory (LowTotal) through memory paging

Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

A. The local router has received a total of three BGP prefixes from all peers.

B. The local router has not established a TCP session with 100.64.3.1.

C. Since the counters were last reset, the 10.200.3.1 peer has never been down.

D. The local router BGP state is OpenConfirm with the 10.127.0.75 peer.