Free NSE7_EFW-6.2 Exam Braindumps (page: 2)

Page 2 of 24

A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

  1. Both session have the local flag on.
  2. The destination IP addresses of both sessions are IP addresses assigned to FortiGate'sinterfaces.
  3. One session has the proxy flag on, the other one does not.
  4. One of the sessions has the IPaddress of port2 as the source IP address.

Answer(s): A,D



What does the dirty flag mean in a FortiGate session?

  1. Traffic has been blocked by the antivirus inspection.
  2. The next packet must be re-evaluated against the firewall policies.
  3. The session must be removed from the former primaryunit after an HA failover.
  4. Traffic has been identified as from an application that is not allowed.

Answer(s): B

Explanation:

https://kb.fortinet.com/kb/viewContent.do?externalId=FD40119&sliceId=1



View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.
The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

  1. Change phase 1encryption to AESCBC and authentication to SHA128.
  2. Change phase 1 encryption to 3DES and authentication to CBC.
  3. Change phase 1 encryption to AES128 and authentication to SHA512.
  4. Change phase 1 encryption to 3DES and authentication to SHA256.

Answer(s): C



What is the purpose of an internal segmentation firewall (ISFW)?

  1. It inspects incoming traffic to protect services in the corporate DMZ.
  2. It is the first line of defense at the network perimeter.
  3. It splits the network into multiple security segments to minimize the impact of breaches.
  4. It is an all-in-one security appliance that is placed at remotesites to extend the enterprise network.

Answer(s): C

Explanation:

ISFW splits your network into multiple security segments. They serve as a breach containers from attacks that come from inside.



Page 2 of 24



Post your Comments and Discuss Fortinet NSE7_EFW-6.2 exam with other Community members:

FortiCareful commented on December 05, 2024
The exam prep material was very helpful in targeting the areas of the exam that I needed to concentrate on. I passed my exam easily.
UNITED STATES
upvote