NSE7 Online Practice Questions and Answers

An administrator has configured the following CLI script on FortiManager, which failed to apply any

changes to the managed device after being executed.

Why didn't the script make any changes to the managed device?

A. Commands that start with the # sign are not executed.

B. CLI scripts will add objects only if they are referenced by policies.

C. Incomplete commands are ignored in CLI scripts.

D. Static routes can only be added using TCL scripts.

An administrator is running the following sniffer in a FortiGate:

diagnose sniffer packet any "host 10.0.2.10" 2

What information is included in the output of the sniffer? (Choose two.)

A. Ethernet headers.

B. IP payload.

C. IP headers.

D. Port names.

View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration?

A. IPS will scan every byte in every session.

B. FortiGate will spawn IPS engine instances based on the system load.

C. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.

D. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands: diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged

between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?

A. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

B. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.

C. The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.

D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?

A. The session would remain in the session table, and its traffic would still egress from port1.

B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C. The session would remain in the session table, and its traffic would start to egress from port2.

D. The session would be deleted, so the client would need to start a new session.

A FortiGate device has the following LDAP configuration:

The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user –samid administrator

"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"

Based on the output, what FortiGate LDAP setting is configured incorrectly?

A. cnid.

B. username.

C. password.

D. dn.

In which of the following states is a given session categorized as ephemeral? (Choose two.)

A. A TCP session waiting to complete the three-way handshake.

B. A TCP session waiting for FIN ACK.

C. A UDP session with packets sent and received.

D. A UDP session with only one packet received.

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

A. Neighbor range

B. Route reflector

C. Next-hop-self

D. Neighbor group

A FortiGate has two default routes: All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

A. Session would remain in the session table and its traffic would keep using port1 as the outgoing interface.

B. Session would remain in the session table and its traffic would start using port2 as the outgoing interface.

C. Session would be deleted, so the client would need to start a new session.

D. Session would remain in the session table and its traffic would be shared between port1 and port2.

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

A. Reduce the session time to live.

B. Increase the TCP session timers.

C. Increase the FortiGuard cache time to live.

D. Reduce the maximum file size to inspect.