Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
MuleSoft
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_EFW-6.2

Free NSE7_EFW-6.2 Exam Braindumps (page: 8)

Page 2 of 27
PDF with 93 Questions

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output.
Why isn't there any output?

  1. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
  2. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.
  3. The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
  4. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Answer(s): B



Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

  1. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
  2. SIP ALG supports SIP HA failover; SIP helper does not.
  3. SIP ALG supports SIP over IPv6; SIP helper does not.
  4. SIP ALG can create expected sessions for media traffic; SIP helper does not.
  5. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Answer(s): B,C,D



A FortiGate device has the following LDAP configuration:



The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user ­samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab" Based on the output, what FortiGate LDAP setting is configured incorrectly?

  1. cnid.
  2. username.
  3. password.
  4. dn.

Answer(s): B

Explanation:

https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516



A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the `diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems.
What should the administrator check? (Choose two.)

  1. The user student must not be listed in the CA's ignore user list.
  2. The user student must belong to one or more of the monitored user groups.
  3. The student workstation's IP subnet must be listed in the CA's trusted list.
  4. At least one of the student's user groups must be allowed by a FortiGate firewall policy.

Answer(s): A,D

Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828






Post your Comments and Discuss Fortinet NSE7_EFW-6.2 exam prep with other Community members:

NSE7_EFW-6.2 Exam Discussions & Posts