NSE7_EFW-6.2 Fortinet NSE 7 - Enterprise Firewall 6.2 exams demo
QUESTION 4
Which two statements about application layer test commands are true? (Choose two.)
A. They are used to filter real-time debugs.
B. They display real-time application debugs.
C. Some of them can be used to restart an application.
D. Some of them display statistics and configuration information about a feature or process.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
.
.
.
QUESTION 6
Which three conditions are required for two FortiGate devices to form an OSP adjacency? (Choose three.)
A. OSPF costs match
B. OSPF peer IDs match
C. Hello and dead intervals match
D. OSPF IP MTUs match
E. IP addresses are in the same subnet
Correct Answer: CDE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Which two statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose
two.)
A. When executed on the Device Database, you must use the installation wizard to apply the changes to the
managed FortiGate.
B. When executed on the Policy Package, ADOM database, changes are applied directly to the managed
FortiGate.
C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new
revision history.
D. When executed on the Remote FortiGate directly, administrators do not have the option to review the
changes prior to installation.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
.
.
.
QUESTION 9
What is the diagnose test application ipsmonitor 99 command used for?
A. To enable IPS bypass mode
B. To provide information regarding IPS sessions
C. To disable the IPS engine
D. To restart all IPS engines and monitors
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
.
.
QUESTION 16
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the
administrator notices that some of the switches in the network continue to send traffic to the former primary
unit. The administrator decides to enable the setting link-failed-signal to fix the problem.
Which statement about this command is true?
A. It forces the former primary device to shut down all its non-heartbeat interfaces for one second while the
96CE4376707A97CE80D4B1916F054522
failover occurs.
B. It disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
C. It sends a link failed signal to all connected devices.
D. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable
through a new master after a failover.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
What does the dirty flag mean in a FortiGate session?
A. The session must be removed from the former primary unit after an HA failover.
B. Traffic has been blocked by the antivirus inspection.
C. Traffic has been identified as from an application that is not allowed.
D. The next packet must be re-evaluated against the firewall policies.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
.
.
.
QUESTION 20
How does FortiManager handle FortiGate requests from FortiGate devices, when it is configured as a local
FDS?
A. FortiManager will respond to update requests only from a managed device.
B. FortiManager can download and maintain local copies of FortiGuard databases.
C. FortiManager supports only FortiGuard push update to managed devices.
D. FortiManager does not support web filter rating requests.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Buy full version for more questions
Leave a comment