Top Tips Of Up To Date NSE7_EFW-6.4 Free Samples

NEW QUESTION 1
A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user –samid administrator
“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab” Based on the output, what FortiGate LDAP setting is configured incorrectly?

• A. cnid.
• B. username.
• C. password.
• D. dn.

Answer: B

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516

NEW QUESTION 2
What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

• A. Reduce the session time to live.
• B. Increase the TCP session timers.
• C. Increase the FortiGuard cache time to live.
• D. Reduce the maximum file size to inspect.

Answer: AD

NEW QUESTION 3
Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

• A. The port4 interface is connected to the OSPF backbone area.
• B. The local FortiGate has been elected as the OSPF backup designated router.
• C. There are at least 5 OSPF routers connected to the port4 network.
• D. Two OSPF routers are down in the port4 network.

Answer: AC

Explanation:
on BROADCAST network there are 4 neighbors, among which 1*DR +1*BDR. So our FG has 4 neighbors, but create adjacency only with 2 (with DR and BDR). 2 neighbors DRother (not down).

NEW QUESTION 4
An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

• A. Router ID.
• B. OSPF interface area.
• C. OSPF interface cost.
• D. OSPF interface MTU.
• E. Interface subnet mask.

Answer: BDE

NEW QUESTION 5
Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

• A. diagnose sniffer packet any ‘port 500’
• B. diagnose sniffer packet any ‘esp’
• C. diagnose sniffer packet any ‘host 10.0.10.10’
• D. diagnose sniffer packet any ‘port 4500’

Answer: D

Explanation:
NAT-T is enabled. natt: mode=silentProtocol ESP is used. ESP is encapsulated in UDP port 4500 when NAT-T is enabled.

NEW QUESTION 6
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

• A. Primary unit stops sending HA heartbeat keepalives.
• B. The FortiGuard license for the primary unit is updated.
• C. One of the monitored interfaces in the primary unit is disconnected.
• D. A secondary unit is removed from the HA cluster.

Answer: AC

NEW QUESTION 7
A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

• A. Session would remain in the session table and its traffic would keep using port1 as the outgoing interface.
• B. Session would remain in the session table and its traffic would start using port2 as the outgoing interface.
• C. Session would be deleted, so the client would need to start a new session.
• D. Session would remain in the session table and its traffic would be shared between port1 and port2.

Answer: A

NEW QUESTION 8
An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Why didn’t the script make any changes to the managed device?

• A. Commands that start with the # sign are not executed.
• B. CLI scripts will add objects only if they are referenced by policies.
• C. Incomplete commands are ignored in CLI scripts.
• D. Static routes can only be added using TCL scripts.

Answer: A

Explanation:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1000_Device%20Manager/2400_Sc
A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.

NEW QUESTION 9
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

• A. Group ID.
• B. Group name.
• C. Session pickup.
• D. Gratuitous ARPs.

Answer: A

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_failoverVMAC.htm

NEW QUESTION 10
Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

• A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.
• B. The TCP session for the BGP connection to 10.200.3.1 is down.
• C. The local peer has received the BGP prefixed from the remote peer.
• D. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Answer: B

Explanation:
http://www.ciscopress.com/articles/article.asp?p=2756480&seqNum=4

NEW QUESTION 11
Refer to the exhibit, which contains the output of get system ha status.

Which two statements about the output are true? (Choose two.)

• A. The slave configuration is synchronized with the master.
• B. port7 is used as the HA heartbeat on all devices in the cluster.
• C. Master is selected based on the priority configured under config system ha.
• D. The HA management IP is 169.254.0.2.

Answer: BC

NEW QUESTION 12
Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

• A. It caches available firmware updates for unmanaged devices.
• B. It can be configured as an update server, or a rating server, but not both.
• C. It supports rating requests from both managed and unmanaged devices.
• D. It provides VM license validation services.

Answer: AD

NEW QUESTION 13
Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

• A. The local FortiGate OSPF router ID is 0.0.0.4.
• B. Port4 is connected to the OSPF backbone area.
• C. In the network connected to port4, two OSPF routers are down.
• D. The local FortiGate is the backup designated router.

Answer: AB

Explanation:
Area 0.0.0.0 is the backbone area.

NEW QUESTION 14
A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

• A. cnid.
• B. username.
• C. password.
• D. dn.

Answer: BC

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=13141

NEW QUESTION 15
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

• A. The administrator has reallocated the cache memory to a separate process.
• B. There are no users making web requests.
• C. The FortiGuard web filter cache is disabled in the FortiGate’s configuration.
• D. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

Answer: C

NEW QUESTION 16
......