Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_EFW-6.4

Free NSE7_EFW-6.4 Exam Braindumps (page: 11)

Page 10 of 32
PDF with 122 Questions

View the exhibit, which contains an entry in the session table, and then answer the question below.



Which one of the following statements is true regarding FortiGate's inspection of this session?

  1. FortiGate applied proxy-based inspection.
  2. FortiGate forwarded this session without any inspection.
  3. FortiGate applied flow-based inspection.
  4. FortiGate applied explicit proxy-based inspection.

Answer(s): A

Explanation:

https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042



An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

  1. diagnose sniffer packet any `udp port 500'
  2. diagnose sniffer packet any `udp port 4500'
  3. diagnose sniffer packet any `esp'
  4. diagnose sniffer packet any `udp port 500 or udp port 4500'

Answer(s): C

Explanation:

Capture IKE Traffic without NAT:
diagnose sniffer packet `host and udp port 500'
--------------------------------------------------------------------------- Capture ESP Traffic without NAT:
diagnose sniffer packet any `host and esp'
--------------------------------------------------------------------------- Capture IKE and ESP with NAT-T:
diagnose sniffer packet any `host and (udp port 500 or udp port 4500)'



Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

  1. The next-hop IP address is up.
  2. There is no other route, to the same destination, with a higher distance.
  3. The link health monitor (if configured) is up.
  4. The next-hop IP address belongs to one of the outgoing interface subnets.
  5. The outgoing interface is up.

Answer(s): C,D,E

Explanation:

A configured static route only goes to routing table from routing database when all the following are met :
The outgoing interface is up

There is no other matching route with a lower distance The link health monitor (if configured) is successful
The next-hop IP address belongs to one of the outgoing interface subnets



View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.



Based on the output, which of the following statements is correct?

  1. Anti-reply is enabled.
  2. DPD is disabled.
  3. Quick mode selectors are disabled.
  4. Remote gateway IP is 10.200.5.1.

Answer(s): A






Post your Comments and Discuss Fortinet NSE7_EFW-6.4 exam with other Community members:

Exam Discussions & Posts