Features of CertsChief Fortinet NSE7_EFW Exam Dumps

Question: 1

A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample

session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default

route (IDd1) were changed from 5 to 20?

A. Session would remain in the session table and its traffic would keep using port1 as the outgoing

interface.

B. Session would remain in the session table and its traffic would start using port2 as the outgoing

interface.

C. Session would be deleted, so the client would need to start a new session.

D. Session would remain in the session table and its traffic would be shared between port1 and

port2.

Answer: A

Question: 2

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting

DNS errors when accessing any website. The administrator executes the following debug commands

and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

A. The connectivity between the FortiGate unit and the DNS server.

B. The connectivity between the client workstations and the DNS server.

C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.

D. That DNS service is enabled in the explicit web proxy interface.

Answer: A,B

Question: 3

Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx"

log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure

msg="NAT port is exhausted." What does the log mean?

A. There is not enough available memory in the system to create a new entry in the NAT port table.

B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been

reached.

C. FortiGate does not have any available NAT port for a new connection.

D. The limit for the maximum number of entries in the NAT port table has been reached.

Answer: B

Question: 4

Examine the output of the 'diagnose ips anomaly list' command shown in the exhibit; then

answer the question below.

Which IP addresses are included in the output of this command?

A. Those whose traffic matches a DoS policy.

B. Those whose traffic matches an IPS sensor.

C. Those whose traffic exceeded a threshold of a matching DoS policy.

D. Those whose traffic was detected as an anomaly by an IPS sensor.

Answer: A

Question: 5

An administrator added the following Ipsec VPN to a FortiGate configuration:

configvpn ipsec phasel -interface

edit "RemoteSite"

set type dynamic

set interface "portl"

set mode main

set psksecret ENC LCVkCiK2E2PhVUzZe

next

end

config vpn ipsec phase2-interface

edit "RemoteSite"

set phasel name "RemoteSite"

set proposal 3des-sha256

next

end

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while

attempting the Ipsec connection. The output is shown in the exhibit.

What is causing the IPsec problem in the phase 1?

A. The incoming IPsec connection is matching the wrong VPN configuration

B. The phrase-1 mode must be changed to aggressive

C. The pre-shared key is wrong

D. NAT-T settings do not match

Answer: C

Test Information:

Total Questions: 45

Test Number: Nse7_Efw

Vendor Name: Fortinet

Cert Name: FCNSP

Test Name: NSE7 Enterprise Firewall - FortiOS 5.4

Official Site: https://www.certschief.com/

For More Details: https://www.certschief.com/exam/nse7_efw/

Certschief offers Implementing Cisco Network Security certification real exam questions answers with money back pass guarantee.