CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_EFW-6.4

Free NSE7_EFW-6.4 Exam Braindumps (page: 5)

Page 5 of 26
PDF with 122 Questions

View the global IPS configuration, and then answer the question below.



Which of the following statements is true regarding this configuration?

  1. IPS will scan every byte in every session.
  2. FortiGate will spawn IPS engine instances based on the system load.
  3. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.
  4. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Answer(s): A



Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."

What does the log mean?

  1. There is not enough available memory in the system to create a new entry inthe NAT port table.
  2. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
  3. FortiGate does not have any available NAT port for a new connection.
  4. The limit for the maximum number of entries in the NAT port table has been reached.

Answer(s): B



Which of the following statements are true regardingthe SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

  1. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
  2. SIP ALG supports SIP HA failover; SIP helper does not.
  3. SIP ALG supports SIP over IPv6; SIP helper does not.
  4. SIP ALG can create expected sessions for media traffic; SIP helper does not.
  5. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Answer(s): B,C,D



Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

  1. Group ID.
  2. Group name.
  3. Session pickup.
  4. Gratuitous ARPs.

Answer(s): A


Reference:

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability- 52/HA_failoverVMAC.htm



Page 5 of 26



Post your Comments and Discuss Fortinet NSE7_EFW-6.4 exam with other Community members:

Jonathan commented on June 23, 2022
Thank you brain-dumps team. Your exam dump helped me pass the exam.
UNITED STATES
upvote