CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_EFW-6.2

Free NSE7_EFW-6.2 Exam Braindumps (page: 6)

Page 6 of 24
PDF with 93 Questions

View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

  1. There are 0 ephemeral sessions.
  2. All the sessions in the session table are TCP sessions.
  3. No sessions have been deleted because of memory pages exhaustion.
  4. There are 166 TCP sessions waiting to complete the three-way handshake.

Answer(s): A,C

Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD40578



An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?

  1. redir.
  2. dirty.
  3. synced
  4. nds.

Answer(s): C

Explanation:

The synced sessions have the`synced' flag. The command `diag sys session list' can be used to see the sessions on the member, with the associated flags.



When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

  1. FortiGate uses CN information from the Subject field in the server's certificate.
  2. FortiGate switches to the full SSL inspection method to decrypt the data.
  3. FortiGate blocks the request without any further inspection.
  4. FortiGate uses the requested URL from the user's web browser.

Answer(s): A



Examine the partial output from the IKE real time debug shown in the exhibit; then answer the

QUESTION
below.
Why didn't the tunnel come up?

  1. IKEmode configuration is not enabled in the remote IPsec gateway.
  2. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
  3. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1configuration.
  4. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Answer(s): C



Page 6 of 24



Post your Comments and Discuss Fortinet NSE7_EFW-6.2 exam with other Community members:

FortiCareful commented on December 05, 2024
The exam prep material was very helpful in targeting the areas of the exam that I needed to concentrate on. I passed my exam easily.
UNITED STATES
upvote