Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_EFW-7.0

Free Fortinet NSE7_EFW-7.0 Exam Braindumps (page: 7)

Page 7 of 42
PDF with 163 Questions

You have configured FortiManager as a local FDS to provide FortiGate AV and IPS updates, but FortiGate devices are not receiving updates to their AV signature databases, IPS engines, or IPS signature databases.
Which two settings need to be verified for these features to function? (Choose two.)

  1. FortiGate needs to have the server list entry for FortiManager set to server-type update under config system central-management.
  2. FortiManager needs to be the license validation server for FortiGate devices trying to retrieve updated AV and IPS packages.
  3. Service access needs to be enabled on FortiManager under System Settings > Network.
  4. FortiGate needs to have include-default-servers disabled under config system central- management.

Answer(s): A,C

Explanation:

NSE 7.0 Guide page 184-185



Refer to the exhibit, which shows partial outputs from two routing debug commands.



Why is the port2 default route not in the second command output?

  1. The port2 interface is disabled in the FortiGate configuration.
  2. The port1 default route has a lower distance than the default route using port2.
  3. The port1 default route has a higher priority value than the default route using port2.
  4. The port1 default route has a lower priority value than the default route using port2.

Answer(s): B



Refer to the exhibit, which contains the output of a debug command.



If the default settings are in place, what can be concluded about the conserve mode shown in the exhibit?

  1. FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings due to high memory use.
  2. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.
  3. FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.
  4. FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.

Answer(s): C



Refer to the exhibit, which contains a screenshot of some phase 1 settings.



The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands to an SSH session on FortiGate: diagnose vpn ike log-filter dst-addr4 10.0.10.1 diagnose debug application ike -1
However, the IKE real-time debug does not show any output.
Why?

  1. The administrator must also run the command diagnose debug enable.
  2. The administrator must enable the following real-time debug: diagnose debug application ipsec -1.
  3. The log-filter setting is incorrect. The VPN traffic does not match this filter.
  4. The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

Answer(s): A

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-Diagnostics-Possible- reasons/ta-p/192006



Viewing page 7 of 42
Viewing questions 25 - 28 out of 163 questions



Post your Comments and Discuss Fortinet NSE7_EFW-7.0 exam prep with other Community members:

NSE7_EFW-7.0 Exam Discussions & Posts