NSE7_EFW-6.4 Online Practice Questions and Answers

Which statement about NGFW policy-based application filtering is true?

A. After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

B. The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

C. After IPS identifies the application, it adds an entry to a dynamic ISDB table.

D. FortiGate will drop all packets until the application can be identified.

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link- failed-signal to fix the problem.

Which statement about this setting is true?

A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

B. It sends a link failed signal to all connected devices.

C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.

D. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.

An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn't the script make any changes to the managed device?

A. Commands that start with the # sign are not executed.

B. CLI scripts will add objects only if they are referenced by policies.

C. Incomplete commands are ignored in CLI scripts.

D. Static routes can only be added using TCL scripts.

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link- failed-signal to fix the problem. Which statement is correct regarding this command?

A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

C. Sends a link failed signal to all connected devices.

D. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

A. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.

B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.

C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.

D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?

A. TCP half open.

B. TCP half close.

C. TCP time wait.

D. TCP session time to live.

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

A. The connectivity between the FortiGate unit and the DNS server.

B. The connectivity between the client workstations and the DNS server.

C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.

D. That DNS service is enabled in the explicit web proxy interface.

Refer to the exhibit, which contains the debug output of diagnose dvm device list.

Which two statements about the output shown in the exhibit are correct? (Choose two.)

A. ADOMs are disabled on the FortiManager

B. The FortiGate configuration is in sync with latest running revision history.

C. There are pending device-level changes yet to be installed on Local-FortiGate.

D. The policy package has been modified for Local-FortiGate.

What is the purpose of an internal segmentation firewall (ISFW)?

A. It inspects incoming traffic to protect services in the corporate DMZ.

B. It is the first line of defense at the network perimeter.

C. It splits the network into multiple security segments to minimize the impact of breaches.

D. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

A. Preview pending configuration changes for managed devices.

B. Add devices to FortiManager.

C. Import policy packages from managed devices.

D. Install configuration changes to managed devices.

E. Import interface mappings from managed devices.