• Home
  • Articles
  • NSE7_EFW-6.4 Practice Test Questions Updated 124 Questions [Q67-Q91]

NSE7_EFW-6.4 Practice Test Questions Updated 124 Questions [Q67-Q91]

Share

NSE7_EFW-6.4 Practice Test Questions Updated 124 Questions

Fortinet NSE7_EFW-6.4 Dumps - Secret To Pass in First Attempt

NEW QUESTION # 67
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

  • A. Policy monitor.
  • B. Crashlogs.
  • C. Logs.
  • D. Firewall monitor.

Answer: B,C


NEW QUESTION # 68
View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

  • A. It is currently in kernel conserve mode because of high memory usage.
  • B. It is currently in FD conserve mode.
  • C. It is currently in system conserve mode because of high memory usage.
  • D. It is currently in system conserve mode because of high CPU usage.

Answer: C


NEW QUESTION # 69
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Why didn't the tunnel come up?

  • A. IKE mode configuration is not enabled in the remote IPsec gateway.
  • B. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
  • C. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
  • D. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1 configuration.

Answer: D


NEW QUESTION # 70
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

  • A. Diagnose debug application fnbamd -1.
  • B. Diagnose radius console -log enable.
  • C. Diagnose authd console -log enable.
  • D. Diagnose debug application radius -1.

Answer: A

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD32838


NEW QUESTION # 71
Examine the output of the 'get router info ospf interface' command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

  • A. There are at least 5 OSPF routers connected to the port4 network.
  • B. The port4 interface is connected to the OSPF backbone area.
  • C. The local FortiGate has been elected as the OSPF backup designated router.
  • D. Two OSPF routers are down in the port4 network.

Answer: A,B

Explanation:
on BROADCAST network there are 4 neighbors, among which 1*DR +1*BDR. So our FG has 4 neighbors, but create adjacency only with 2 (with DR and BDR). 2 neighbors DRother (not down).


NEW QUESTION # 72
The logs in a FSSO collector agent (CA) are showing the following error:
failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

  • A. The CA cannot reach the FortiGate with the IP address192.168.12.232.
  • B. The CA cannot resolve the name of the workstation.
  • C. The remote registry service is not running in the workstation 192.168.12.232.
  • D. The FortiGate cannot resolve the name of the workstation.

Answer: C

Explanation:
Explanation
https://kb.fortinet.com/kb/documentLink.do?externalID=FD30548


NEW QUESTION # 73
View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate's inspection of this session?

  • A. FortiGate forwarded this session without any inspection.
  • B. FortiGate applied flow-based inspection.
  • C. FortiGate applied proxy-based inspection.
  • D. FortiGate applied explicit proxy-based inspection.

Answer: C

Explanation:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042


NEW QUESTION # 74
An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

  • A. Redirection of HTTP to HTTPS administrative access is disabled.
  • B. HTTP administrative access is configured with a port number different than 80.
  • C. The packet is denied because of reverse path forwarding check.
  • D. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

Answer: B,D


NEW QUESTION # 75
Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

  • A. Anti-replay is enabled
  • B. The remote gateway IP is 10.200.4.1.
  • C. Quick mode selectors are disabled.
  • D. DPD is disabled.

Answer: A,B


NEW QUESTION # 76
A FortiGate device has the following LDAP configuration:

The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

  • A. dn.
  • B. password.
  • C. cnid.
  • D. username.

Answer: B,D

Explanation:
Explanation
https://kb.fortinet.com/kb/viewContent.do?externalId=13141


NEW QUESTION # 77
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?

  • A. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
  • B. The limit for the maximum number of entries in the NAT port table has been reached.
  • C. FortiGate does not have any available NAT port for a new connection.
  • D. There is not enough available memory in the system to create a new entry in the NAT port table.

Answer: A


NEW QUESTION # 78
Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

  • A. It has a higher distance than the default route using port1.
  • B. It has a higher priority value than the default route using port1.
  • C. It is disabled in the FortiGate configuration.
  • D. It has a lowerpriority value than the default route using port1.

Answer: A


NEW QUESTION # 79
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=00.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.1.254 dev=2(port1) tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.200.2.254 dev=3(port2) tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254 gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2,
[10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

  • A. port2.
  • B. port3.
  • C. port!
  • D. Both portl and port2.

Answer: A


NEW QUESTION # 80
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which ofthe following statements about the exhibit are true? (Choose two.)

  • A. The local router has received atotal of three BGP prefixes from all peers.
  • B. Since the counters were last reset; the 10.200.3.1 peer has never been down.
  • C. The local router's BGP state is Established with the 10.125.0.60 peer.
  • D. The local router has not established a TCP session with 100.64.3.1.

Answer: C,D


NEW QUESTION # 81
An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs thedebug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

  • A. Redirection of HTTP to HTTPS administrative access is disabled.
  • B. HTTP administrative access is configured with a port number different than 80.
  • C. The packet is denied because of reverse path forwarding check.
  • D. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

Answer: B,D


NEW QUESTION # 82
View the central management configuration shown in the exhibit, and then answer the question below.

Which serverwill FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

  • A. 10.0.1.244
  • B. 10.0.1.240
  • C. One of the public FortiGuard distribution servers
  • D. 10.0.1.242

Answer: C


NEW QUESTION # 83
View the exhibit, which contains the output of a debug command, and then answer the question below.

Which of the following statements about theexhibit are true? (Choose two.)

  • A. In the network on port4, two OSPF routers are down.
  • B. Port4 is connected to the OSPF backbone area.
  • C. The local FortiGate's OSPF router ID is 0.0.0.4
  • D. The local FortiGate has been elected as the OSPF backup designated router.

Answer: B,C


NEW QUESTION # 84
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

Based on the output, which of the following statements is correct?

  • A. Quick mode selectors are disabled.
  • B. Remote gateway IP is 10.200.5.1.
  • C. DPD is disabled.
  • D. Anti-reply is enabled.

Answer: D


NEW QUESTION # 85
Examine thefollowing partial outputs from two routing debug commands; then answer the question below:

Why the default route using port2 is not displayed in the output of the second command?

  • A. It has a higher distance than the default route using port1.
  • B. It has a lower priority than the default route using port1.
  • C. It hasa higher priority than the default route using port1.
  • D. It is disabled in the FortiGate configuration.

Answer: A

Explanation:
Explanation
http://kb.fortinet.com/kb/viewContent.do?externalId=FD32103


NEW QUESTION # 86
Refer to the exhibit, which contains the output of get system ha status.
Which two statements about the output are true? (Choose two.)

  • A. port7 is used as the HA heartbeat on all devices in the cluster.
  • B. The HA management IP is 169.254.0.2.
  • C. Master is selected based on the priority configured under config system ha.
  • D. The slave configuration is synchronized with the master.

Answer: A,C


NEW QUESTION # 87
Which two statements about the Security Fabric are true? (Choose two.)

  • A. Branch FortiGate devices must be configured first.
  • B. All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity.
  • C. FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.
  • D. Only the root FortiGate collects network information and forwards it to FortiAnalyzer.

Answer: B,C


NEW QUESTION # 88
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

  • A. Session pickup.
  • B. Group ID.
  • C. Gratuitous ARPs.
  • D. Group name.

Answer: B

Explanation:
Explanation
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_failoverVMAC.htm


NEW QUESTION # 89
The logs in a FSSO collector agent (CA) are showing the following error:
failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

  • A. The CA cannot resolve the name of the workstation.
  • B. The CA cannot reach the FortiGate with the IP address 192.168.12.232.
  • C. The remote registry service is not running in the workstation 192.168.12.232.
  • D. The FortiGate cannot resolve the name of the workstation.

Answer: C


NEW QUESTION # 90
Examine the following routing table and BGP configuration; then answer the question below.

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

  • A. Enable the setting ebgp-multipath.
  • B. Enable the redistribution of connected routers into BGP.
  • C. Enable the redistribution of static routers into BGP.
  • D. Disable the setting network-import-check.

Answer: D


NEW QUESTION # 91
......

Fortinet NSE7_EFW-6.4 Exam Dumps [2023] Practice Valid Exam Dumps Question: https://www.examboosts.com/Fortinet/NSE7_EFW-6.4-practice-exam-dumps.html

NSE7_EFW-6.4 Dumps - Grab Out For [NEW-2023] Fortinet Exam: https://drive.google.com/open?id=1gecNDg-aXIm2Uyl2Tr3E_JsrXMLBYJhb

Related Articles

more
Fortinet NSE7_EFW-6.4 Certification Practice Exam