Fortinet NSE7 Enterprise Firewall - FortiOS 5.4 - NSE7_EFW Exam Practice Test
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.
Why didn't the tunnel come up?
Why didn't the tunnel come up?
Correct Answer: D
Vote an answer
A FortiGate device has the following LDAP configuration:
The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?
The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?
Correct Answer: D
Vote an answer
Examine the following routing table and BGP configuration; then answer the question below.
TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?
TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?
Correct Answer: D
Vote an answer
Examine the output from the 'diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.
Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?
Correct Answer: D
Vote an answer
View these partial outputs from two routing debug commands:
Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
Correct Answer: C
Vote an answer
When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?
Correct Answer: B
Vote an answer
View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.
The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:
However, the IKE real time debug does not show any output. Why?
The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:
However, the IKE real time debug does not show any output. Why?
Correct Answer: A
Vote an answer
A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)
Correct Answer: B,D
Vote an answer
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.
Which statements are correct regarding the output shown? (Choose two.)
Which statements are correct regarding the output shown? (Choose two.)
Correct Answer: A,C
Vote an answer