Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE7_SDW-6.4

Fortinet NSE7_SDW-6.4 Exam Practice Questions (P. 5)

  • Full Access (81 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Refer to the exhibit.

Which statement about the trace evaluation by FortiGate is true?
  1. A
    Packets exceeding the configured maximum concurrent connection limit are denied by the per-IP shaper.
  2. B
    The packet exceeded the configured bandwidth and was dropped based on the priority configuration.
  3. C
    The packet exceeded the configured maximum bandwidth and was dropped by the shared shaper.
  4. D
    Packets exceeding the configured concurrent connection limit are dropped based on the priority configuration.

Correct Answer:
A

Question #22
Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces?
(Choose two.)
  1. A
    Specify a unique peer ID for each dial-up VPN interface.
  2. B
    Use different proposals are used between the interfaces.
  3. C
    Configure the IKE mode to be aggressive mode.
  4. D
    Use unique Diffie Hellman groups on each VPN interface.

Correct Answer:
BD

Question #23
Refer to exhibits.


Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.
The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.
Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?
  1. A
    The guaranteed-10mbps option must be selected as the per-IP shaper option.
  2. B
    The guaranteed-10mbps option must be selected as the reverse shaper option.
  3. C
    A new firewall policy must be created and SD-WAN must be selected as the incoming interface.
  4. D
    The reverse shaper option must be enabled and a traffic shaper must be selected.

Correct Answer:
B

Question #24
Refer to the exhibit.

What must you configure to enable ADVPN?
  1. A
    ADVPN should only be enabled on unmanaged FortiGate devices.
  2. B
    Each VPN device has a unique pre-shared key configured separately on phase one.
  3. C
    The protected subnets should be set to address object to all (0.0.0.0/0).
  4. D
    On the hub VPN, only the device needs additional phase one settings.

Correct Answer:
B

Question #25
Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)
  1. A
    A peer ID is included in the first packet from the initiator, along with suggested security policies.
  2. B
    XAuth is enabled as an additional level of authentication, which requires a username and password.
  3. C
    A total of six packets are exchanged between an initiator and a responder instead of three packets.
  4. D
    The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Correct Answer:
BC

Previous Questions Next Questions

All Pages