NSE7_EFW-7.0 Online Practice Questions and Answers

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

A. The npu_flag for this tunnel is 03.

B. Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.

C. Anti-replay is enabled.

D. The npu_flag for this tunnel is 02.

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B. SIP ALG supports SIP HA failover; SIP helper does not.

C. SIP ALG supports SIP over IPv6; SIP helper does not.

D. SIP ALG can create expected sessions for media traffic; SIP helper does not.

E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

A. It has a higher priority value than the default route using port1.

B. It is disabled in the FortiGate configuration.

C. It has a lower priority value than the default route using port1.

D. It has a higher distance than the default route using port1.

Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

A. The session would remain in the session table, but its traffic would now egress from both port1 and port2.

B. The session would remain in the session table, and its traffic would egress from port2.

C. The session would be deleted, and the client would need to start a new session.

D. The session would remain in the session table, and its traffic would egress from port1.

Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

A. Anti-replay is enabled

B. The remote gateway IP is 10.200.4.1.

C. DPD is disabled.

D. Quick mode selectors are disabled.

View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

A. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

B. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

C. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

D. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

Which of the following statements are correct regarding application layer test commands? (Choose two.)

A. They are used to filter real-time debugs.

B. They display real-time application debugs.

C. Some of them display statistics and configuration information about a feature or process.

D. Some of them can be used to restart an application.

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:

diagnose debug application ike-1

diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial- up user is connecting to the VPN?

A. Phase1; IKE mode configuration; XAuth; phase 2.

B. Phase1; XAuth; IKE mode configuration; phase2.

C. Phase1; XAuth; phase 2; IKE mode configuration.

D. Phase1; IKE mode configuration; phase 2; XAuth.

View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

However, the IKE real time debug does not show any output. Why?

A. The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.

B. The log-filter setting was set incorrectly. The VPN's traffic does not match this filter.

C. The debug shows only error messages. If there is no output, then the tunnel is operating normally.

D. The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.

B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

D. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.