Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE7_EFW-6.4

Fortinet NSE7_EFW-6.4 Exam Practice Questions (P. 2)

  • Full Access (35 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
Refer to the exhibit, which shows the output of a BGP debug command.

Which statement about the exhibit is true?
  1. A
    The local router has not established a TCP session with 100.64.3.1
  2. B
    The local router BGP state is OpenConfirm with the 10.127.0.75 peer.
  3. C
    Since the counters were last reset, the 100.64.3.1 peer has never been down.
  4. D
    The local router has received a total of three BGP prefixes from all peers.

Correct Answer:
A
Active means it is actively trying to establish a TCP connection using port 179, but has not yet actually established one.

Question #7
Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.
Why did the TCL script fail to make any changes to the managed device?
  1. A
    The TCL script must start with #include <>.
  2. B
    The TCL command run_cmd has not been created.
  3. C
    Changes to an interface configuration can be made only by a CLI script.
  4. D
    Incomplete commands are ignored in TCL scripts.

Correct Answer:
B

Question #8
Refer to the exhibit, which contains the debug output of diagnose dvm device list.

Which two statements about the output shown in the exhibit are correct? (Choose two.)
  1. A
    ADOMs are disabled on the FortiManager
  2. B
    The FortiGate configuration is in sync with latest running revision history.
  3. C
    There are pending device-level changes yet to be installed on Local-FortiGate.
  4. D
    The policy package has been modified for Local-FortiGate.

Correct Answer:
BC
Reference:
https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade-guide/959309/cli-example-of-diagnose-dvm-device-list

Question #9
Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?
  1. A
    The administrator must increase webfilter-timeout.
  2. B
    The administrator must disable webfilter-force-off.
  3. C
    The administrator must change protocol to TCP.
  4. D
    The administrator must enable fortiguard-anycast.

Correct Answer:
D
Reference:
https://docs.fortinet.com/document/fortigate/6.4.5/cli-reference/109620/config-system-fortiguard

Question #10
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
  1. A
    FortiGate uses the CN information from the Subject field in the server certificate.
  2. B
    FortiGate switches to the full SSL inspection method to decrypt the data.
  3. C
    FortiGate uses the requested URL from the user's web browser.
  4. D
    FortiGate blocks the request without any further inspection.

Correct Answer:
A
Reference:
https://checkthefirewall.com/blogs/fortinet/ssl-inspection

Previous Questions Next Questions

All Pages