Directory Image
This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.

NSE7 Free PDF Demo

Author: Richard Koons
by Richard Koons
Posted: Jun 10, 2016

Question: 1

A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

A. Both session have the local flag on.

B. The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.

C. One session has the proxy flag on, the other one does not.

D. One of the sessions has the IP address of port2 as the source IP address.

Answer: B, C

Question: 2

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enable the IKE real time debug using these commands:

diagnose vpn ike log-filter src-addr4 diagnose debug application ike -1 diagnose debug enable

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both Ipsec gateways. However, the IKE rea time debug does NOT show any output. Why isn't there any output?

A. The IKE real time debug shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

B. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.

C. The IKF real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1

D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Answer: A

Question: 3

Examine the partial output from the IKE realtime debug shown in the exhibit; then answer the question below.

Why didn't the tunnel come up?

A. IKE mode configuration is not enabled in the remote IPsec gateway.

B. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.

C. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.

D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Answer: B

About the Author

Test Information: Total Questions: 188 Test Number: 642-742 Vendor Name: Cisco Cert Name: Ccnp Wireless Test Name: Ccnp Wireless - Iuwvn Official Site: For More Details:

Rate this Article
Leave a Comment
Author Thumbnail
I Agree:
Author: Richard Koons

Richard Koons

Member since: Apr 14, 2016
Published articles: 125

Related Articles