Fortinet NSE7_EFW-6.4 Exam Practice Test Instant Access

Question 1

An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.

Based on the output in the exhibit, what can cause this authentication problem?

AUser student is not found in the LDAP server.

BUser student is using a wrong password.

CThe FortiGate has been configured with the wrong password for the LDAP administrator.

DThe FortiGate has been configured with the wrong authentication schema.

Answer : A

Question 2

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

AFortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

BFortiGate limits the total number of simultaneous explicit web proxy users.

CFortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator

DFortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

Answer : B

https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/web_proxy.htm#Explicit2

The explicit proxy does not limit the number of active sessions for each user. As a result the actual explicit proxy session count is usually much higher than the number of explicit web proxy users. If an excessive number of explicit web proxy sessions is compromising system performance you can limit the amount of users if the FortiGate unit is operating with multiple VDOMs.

Question 3

Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Which statements are true regarding the output in the exhibit? (Choose two.)

ABGP peers have successfully interchanged Open and Keepalive messages.

BLocal BGP peer received a prefix for a default route.

CThe state of the remote BGP peer is OpenConfirm.

DThe state of the remote BGP peer will go to Connect after it confirms the received prefixes.

Answer : A, B

Question 4

A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

ABoth session have the local flag on.

BThe destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.

COne session has the proxy flag on, the other one does not.

DOne of the sessions has the IP address of port2 as the source IP address.

Answer : A, D

Question 5

Which statement is true regarding File description (FD) conserve mode?

AIPS inspection is affected when FortiGate enters FD conserve mode.

BA FortiGate enters FD conserve mode when the amount of available description is less than 5%.

CFD conserve mode affects all daemons running on the device.

DRestarting the WAD process is required to leave FD conserve mode.

Answer : B

Question 6

Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

AIt caches available firmware updates for unmanaged devices.

BIt can be configured as an update server, or a rating server, but not both.

CIt supports rating requests from both managed and unmanaged devices.

DIt provides VM license validation services.

Answer : C, D

Question 7

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

AChange phase 1 encryption to 3DES and authentication to SHA128.

BChange phase 1 encryption to AES128 and authentication to SHA512.

CChange phase 1 encryption to AESCBC and authentication to SHA2.

DChange phase 1 encryption to AES256 and authentication to SHA256.

Answer : D

Fortinet NSE7_EFW-6.4 Fortinet NSE 7 - Enterprise Firewall 6.4 Exam Practice Test