Free NSE7_EFW-7.0 Exam Braindumps (page: 2)

Page 2 of 42

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway. Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

  1. In the phase 1 network configuration, set the IKE version to 2.
  2. In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
  3. In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
  4. In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

Answer(s): D

Explanation:

https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/238852



Refer to the exhibit, which shows the output of a web filtering diagnose command.



Which configuration change would result in non-zero results in the cache statistics section?

  1. set server-type rating under config system central-management
  2. set webfilter-cache enable under config system fortiguard
  3. set webfilter-force-off disable under config system fortiguard
  4. set ngfw-mode policy-based under config system settings

Answer(s): B

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 362



Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.



If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

  1. The session would remain in the session table, but its traffic would now egress from both port1
    and port2.
  2. The session would remain in the session table, and its traffic would egress from port2.
  3. The session would be deleted, and the client would need to start a new session.
  4. The session would remain in the session table, and its traffic would egress from port1.

Answer(s): D

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-SNAT-route-change-to-update- existing-NAT/ta-p/198439



Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.



An administrator would like to test session failover between the two service provider connections.
What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

  1. Configure set snat-route-change enable.
  2. Change the priority of the port2 static route to 5.
  3. Change the priority of the port1 static route to 11.
  4. unset snat-route-change to return it to the default setting.

Answer(s): A,C

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 148-149






Post your Comments and Discuss Fortinet NSE7_EFW-7.0 exam with other Community members:

NSE7_EFW-7.0 Exam Discussions & Posts