CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_EFW-6.4

Free NSE7_EFW-6.4 Exam Braindumps (page: 11)

Page 11 of 26
PDF with 122 Questions

When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does notprovide the server name indication (SNI) extension?

  1. FortiGate uses the requested URL from the user's web browser.
  2. FortiGate uses the CN information from the Subject field in the server certificate.
  3. FortiGate blocks the request without any furtherinspection.
  4. FortiGate switches to the full SSL inspection method to decrypt the data.

Answer(s): B



Examine the IPsec configuration shown in the exhibit; then answer the question below.



An administrator wants to monitor the VPN by enabling theIKE real time debug using these commands:

diagnose vpn ike log-filter src-addr4 10.0.10.1

diagnose debug application ike -1

diagnose debug enable

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are beinginterchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?

  1. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
  2. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.
  3. The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application
    ipsec -1.
  4. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Answer(s): B



Viewthe exhibit, which contains the output of a real-time debug, and then answer the question below.



Which of the following statements is true regarding this output? (Choose two.)

  1. This web request was inspected using the root web filter profile.
  2. FortiGate found the requested URL in its local cache.
  3. The requested URL belongs to category ID 52.
  4. The web request was allowed by FortiGate.

Answer(s): B,C



What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

  1. Reduce the session time to live.
  2. Increase the TCP session timers.
  3. Increase the FortiGuard cache time to live.
  4. Reduce the maximum file size to inspect.

Answer(s): A,D



Page 11 of 26



Post your Comments and Discuss Fortinet NSE7_EFW-6.4 exam with other Community members:

Jonathan commented on June 23, 2022
Thank you brain-dumps team. Your exam dump helped me pass the exam.
UNITED STATES
upvote