Exam Code: NSE7_EFW (Practice Exam Latest Test Questions VCE PDF)
Exam Name: NSE7 Enterprise Firewall - FortiOS 5.4
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE7_EFW Exam.

NEW QUESTION 1
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

  • A. 1
  • B. 2
  • C. 3
  • D. 4

Answer: B

NEW QUESTION 2
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

  • A. FortiGate limits the number of simultaneous sessions per explicit web proxy use
  • B. This limit CANNOT be modified by the administrator.
  • C. FortiGate limits the total number of simultaneous explicit web proxy users.
  • D. FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
  • E. FortiGate limits the number of workstations that authenticate using the same web proxy user credential
  • F. This limit CANNOT be modified by the administrator.

Answer: C

NEW QUESTION 3
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the ‘diagnose debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

  • A. The user student must not be listed in the CA’s ignore user list.
  • B. The user student must belong to one or more of the monitored user groups.
  • C. The student workstation’s IP subnet must be listed in the CA’s trusted list.
  • D. At least one of the student’s user groups must be allowed by a FortiGate firewall polic

Answer: BD

NEW QUESTION 4
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

  • A. FortiGate limits the number of simultaneous sessions per explicit web proxy use
  • B. This limit CANNOT be modified by the administrator.
  • C. FortiGate limits the total number of simultaneous explicit web proxy users.
  • D. FortiGate limits the number of simultaneous sessions per explicit web proxy use
  • E. The limit CAN be modified by the administrator.
  • F. FortiGate limits the number of workstations that authenticate using the same web proxy user credential
  • G. This limit CANNOT be modified by the administrator.

Answer: C

NEW QUESTION 5
View the exhibit, which contains the output of get sys ha status, and then answer the question below.
NSE7_EFW dumps exhibit
Which statements are correct regarding the output? (Choose two.)

  • A. The slave configuration is not synchronized with the master.
  • B. The HA management IP is 169.254.0.2.
  • C. Master is selected because it is the only device in the cluster.
  • D. port 7 is used the HA heartbeat on all devices in the cluste

Answer: AC

NEW QUESTION 6
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

  • A. The IP address recorded in the logon event for the user STUDENT.
  • B. The DNS name resolution for the workstation name INTERNAL2. TRAININ
  • C. LAB.
  • D. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAININ
  • E. LAB.
  • F. The reserve DNS lookup forthe IP address 192.168.3.1.

Answer: C

NEW QUESTION 7
View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.
NSE7_EFW dumps exhibit
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

  • A. FortiGate will exempt the connection based on the Web Content Filter configuration.
  • B. FortiGate will block the connection based on the URL Filter configuration.
  • C. FortiGate will allow the connection based on the FortiGuard category based filter configuration.
  • D. FortiGate will block the connection as an invalid UR

Answer: B

NEW QUESTION 8
View the exhibit, which contains the output of a debug command, and then answer the question below.
NSE7_EFW dumps exhibit
What statement is correct about this FortiGate?

  • A. It is currently in system conserve mode because of high CPU usage.
  • B. It is currently in FD conserve mode.
  • C. It is currently in kernel conserve mode because of high memory usage.
  • D. It is currently in system conserve mode because of high memory usag

Answer: D

NEW QUESTION 9
View these partial outputs from two routing debug commands:
NSE7_EFW dumps exhibit
Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

  • A. Both port1 and port2
  • B. port3
  • C. port1
  • D. port2

Answer: C

NEW QUESTION 10
Examine the output of the 'diagnose debug rating' command shown in the exhibit; then answer the question below.
NSE7_EFW dumps exhibit
Which statement are true regarding the output in the exhibit? (Choose two.)

  • A. There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
  • B. The TZ value represents the delta between each FortiGuard server's time zone and the FortiGate's time zone.
  • C. FortiGate will send the FortiGuard queries to the server with highest weight.
  • D. A server's round trip delay (RTT) is not used to calculate its weigh

Answer: BC

NEW QUESTION 11
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

  • A. FortiManager can download and maintain local copies of FortiGuard databases.
  • B. FortiManager supports only FortiGuard push to managed devices.
  • C. FortiManager will respond to update requests only if they originate from a managed device.
  • D. FortiManager does not support rating requests.

Answer: A

NEW QUESTION 12
The logs in a FSSO collector agent (CA) are showing the following error: failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

  • A. The CA cannot resolve the name of the workstation.
  • B. The FortiGate cannot resolve the name of the workstation.
  • C. The remote registry service is not running in the workstation 192.168.12.232.
  • D. The CA cannot reach the FortiGate with the IP address 192.168.12.232.

Answer: C

NEW QUESTION 13
View the exhibit, which contains the output of a diagnose command, and then answer the question below.
NSE7_EFW dumps exhibit
Which statements are true regarding the output in the exhibit? (Choose two.)

  • A. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
  • B. Servers with the D flag are considered to be down.
  • C. Servers with a negative TZ value are experiencing a service outage.
  • D. FortiGate used 209.222.147.3 as the initial server to validate its contrac

Answer: CD

NEW QUESTION 14
View the exhibit, which contains a session entry, and then answer the question below.
NSE7_EFW dumps exhibit
Which statement is correct regarding this session?

  • A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
  • B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.
  • C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
  • D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Answer: A

NEW QUESTION 15
An administrator added the following Ipsec VPN to a FortiGate configuration: configvpn ipsec phasel -interface edit "RemoteSite" set type dynamic set interface "portl" set mode main
set psksecret ENC LCVkCiK2E2PhVUzZe next
end
config vpn ipsec phase2-interface edit "RemoteSite"
set phasel name "RemoteSite" set proposal 3des-sha256
next end
However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.
NSE7_EFW dumps exhibit
What is causing the IPsec problem in the phase 1 ?

  • A. The incoming IPsec connection is matching the wrong VPN configuration
  • B. The phrase-1 mode must be changed to aggressive
  • C. The pre-shared key is wrong
  • D. NAT-T settings do not match

Answer: C

NEW QUESTION 16
Which of the following tasks are automated using the Install Wizard on FortiManager? (Choose two.)

  • A. Preview pending configuration changes for managed devices.
  • B. Add devices to FortiManager.
  • C. Import policy packages from managed devices.
  • D. Install configuration changes to managed devices.
  • E. Import interface mappings from managed device

Answer: BD

NEW QUESTION 17
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:
NSE7_EFW dumps exhibit
Which statements are true regarding the output in the exhibit? (Choose two.)

  • A. BGP peers have successfully interchanged Open and Keepalive messages.
  • B. Local BGP peer received a prefix for a default route.
  • C. The state of the remote BGP peer is OpenConfirm.
  • D. The state of the remote BGP peer will go to Connect after it confirms the received prefixe

Answer: AB

NEW QUESTION 18
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

  • A. diagnose sniffer packet any ‘udp port 500’
  • B. diagnose sniffer packet any ‘udp port 4500’
  • C. diagnose sniffer packet any ‘esp’
  • D. diagnose sniffer packet any ‘udp port 500 or udp port 4500’

Answer: C

NEW QUESTION 19
View the following FortiGate configuration.
NSE7_EFW dumps exhibit
All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:
NSE7_EFW dumps exhibit
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

  • A. The session would remain in the session table, and its traffic would still egress from port1.
  • B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
  • C. The session would remain in the session table, and its traffic would start to egress from port2.
  • D. The session would be deleted, so the client would need to start a new sessio

Answer: D

NEW QUESTION 20
When does a RADIUS server send an Access-Challenge packet?

  • A. The server does not have the user credentials yet.
  • B. The server requires more information from the user, such as the token code for two-factor authentication.
  • C. The user credentials are wrong.
  • D. The user account is not found in the serve

Answer: B

NEW QUESTION 21
......

100% Valid and Newest Version NSE7_EFW Questions & Answers shared by Simply pass, Get Full Dumps HERE: https://www.simply-pass.com/Fortinet-exam/NSE7_EFW-dumps.html (New 88 Q&As)