NSE7_EFW-7.0 Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

The connectivity between the FortiGate unit and the DNS server.

The connectivity between the client workstations and the DNS server.

That DNS traffic from client workstations is allowed by the explicit web proxy policies.

That DNS service is enabled in the explicit web proxy interface.

Configure an individual neighbor and remove neighbor-range configuration.

Configure the hub as a route reflector client.

Change the router id to 10.1.0.254.

Make the configuration of remote-as different from the configuration of local-as.

auto-discovery-shortcut

auto-discovery-forwarder

auto-discovery-sender

auto-discovery-receiver

Number of packets that didn’t match the sniffer filter.

Number of total packets dropped by the FortiGate.

Number of packets that matched the sniffer filter and were dropped by the FortiGate.

Number of packets that matched the sniffer filter but could not be captured by the sniffer.

The session would remain in the session table, and its traffic would still egress from port1.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

The session would remain in the session table, and its traffic would start to egress from port2.

The session would be deleted, so the client would need to start a new session.

This session cannot be synced with the slave unit.

The inspection of this session has been offloaded to the slave unit.

The master unit is processing this traffic.

This session is for HA heartbeat traffic.

There are two sessions that have not been removed in case of any out-of-order packets that arrive.

There are 166 TCP sessions waiting to complete the three-way handshake.

162 sessions have been deleted because of memory page exhaustion.

All the sessions in the session table are TCP sessions.

1

2

3

4

IPS engine memory consumption has exceeded the model-specific predefined value.

IPS daemon experienced a crash.

There are communication problems between the IPS engine and the management database.

All IPS-related features have been disabled in FortiGate’s configuration.

The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway.

The Diffie-Hellman group does not match on the local and remote gateways.

The proposal ID does not match between local and remote gateways.

The encapsulation method for phase 2 is set to none on local and remote gateways.

Commands that start with the # sign are not executed.

CLI scripts will add objects only if they are referenced by policies.

Incomplete commands are ignored in CLI scripts.

Static routes can only be added using TCL scripts.

The requested URL belongs to category ID 255.

The server hostname Is training, fortinet.com.

FortiGate found the requested URL in its local cache.

This web request was inspected using the ftgd-allow web filler profile.

route-reflector enable

route-reflector-server enable

route-reflector-client enable

route-reflector-peer enable

IPS will scan every byte in every session.

FortiGate will spawn IPS engine instances based on the system load.

New packets will be passed through without inspection if the IPS socket buffer runs out of memory.

IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

A TCP session waiting for FIN ACK

A UDP session with packets sent and received

A UDP session with only one packet received

A TCP session waiting for the SYN ACK

IKE mode configuration is not enabled in the remote IPsec gateway.

The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.

The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.

One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

The port2 interface is disabled in the FortiGate configuration.

The port1 default route has a lower distance than the default route using port2.

The port1 default route has a higher priority value than the default route using port2.

The port1 default route has a lower priority value than the default route using port2.

Determines the optimal number of IPS engines required based on system load.

Downloads signatures on demand from FDS based on scanning requirements.

Determines when it is secure enough to stop scanning session traffic.

Choose a matching algorithm based on available memory and the type of inspection being performed.

FortiGate will exempt the connection based on the Web Content Filter configuration.

FortiGate will block the connection based on the URL Filter configuration.

FortiGate will allow the connection based on the FortiGuard category based filter configuration.

FortiGate will block the connection as an invalid URL.

Primary unit stops sending HA heartbeat keepalives.

The FortiGuard license for the primary unit is updated.

One of the monitored interfaces in the primary unit is disconnected.

A secondary unit is removed from the HA cluster.

It was created by the FortiGate kernel to allow push updates from FotiGuard.

It is for management traffic terminating at the FortiGate.

It is for traffic originated from the FortiGate.

It was created by a session helper or ALG.