- Views: 93
- Report Article
- Articles
- Computers
- Information Technology
Features of CertsChief Fortinet NSE7_EFW Exam Dumps
Posted: Dec 19, 2017
Question: 1
A FortiGate has two default routes:
All Internet traffic is currently using port1. The exhibit shows partial information for one sample
session of Internet traffic from an internal user:
What would happen with the traffic matching the above session if the priority on the first default
route (IDd1) were changed from 5 to 20?
A. Session would remain in the session table and its traffic would keep using port1 as the outgoing
interface.
B. Session would remain in the session table and its traffic would start using port2 as the outgoing
interface.
C. Session would be deleted, so the client would need to start a new session.
D. Session would remain in the session table and its traffic would be shared between port1 and
port2.
Answer: A
Question: 2
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting
DNS errors when accessing any website. The administrator executes the following debug commands
and observes that the n-dns-timeout counter is increasing:
What should the administrator check to fix the problem?
A. The connectivity between the FortiGate unit and the DNS server.
B. The connectivity between the client workstations and the DNS server.
C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
D. That DNS service is enabled in the explicit web proxy interface.
Answer: A,B
Question: 3
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx"
log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure
msg="NAT port is exhausted." What does the log mean?
A. There is not enough available memory in the system to create a new entry in the NAT port table.
B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been
reached.
C. FortiGate does not have any available NAT port for a new connection.
D. The limit for the maximum number of entries in the NAT port table has been reached.
Answer: B
Question: 4
Examine the output of the 'diagnose ips anomaly list' command shown in the exhibit; then
answer the question below.
Which IP addresses are included in the output of this command?
A. Those whose traffic matches a DoS policy.
B. Those whose traffic matches an IPS sensor.
C. Those whose traffic exceeded a threshold of a matching DoS policy.
D. Those whose traffic was detected as an anomaly by an IPS sensor.
Answer: A
Question: 5
An administrator added the following Ipsec VPN to a FortiGate configuration:
configvpn ipsec phasel -interface
edit "RemoteSite"
set type dynamic
set interface "portl"
set mode main
set psksecret ENC LCVkCiK2E2PhVUzZe
next
end
config vpn ipsec phase2-interface
edit "RemoteSite"
set phasel name "RemoteSite"
set proposal 3des-sha256
next
end
However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while
attempting the Ipsec connection. The output is shown in the exhibit.
What is causing the IPsec problem in the phase 1?
A. The incoming IPsec connection is matching the wrong VPN configuration
B. The phrase-1 mode must be changed to aggressive
C. The pre-shared key is wrong
D. NAT-T settings do not match
Answer: C
Test Information:
Total Questions: 45
Test Number: Nse7_Efw
Vendor Name: Fortinet
Cert Name: FCNSP
Test Name: NSE7 Enterprise Firewall - FortiOS 5.4
Official Site: https://www.certschief.com/
For More Details: https://www.certschief.com/exam/nse7_efw/Certschief offers Implementing Cisco Network Security certification real exam questions answers with money back pass guarantee.