[April 2018] Latest Released Fortinet NSE7_EFW Exam Question Free Download From Lead2pass 59q

NSE7_EFW Exam Dump Free Updation Availabe In Lead2pass:

https://www.lead2pass.com/nse7-efw.html

QUESTION 1
An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.

11

Based on the output in the exhibit, what can cause this authentication problem?

A.    User student is not found in the LDAP server.
B.    User student is using a wrong password.
C.    The FortiGate has been configured with the wrong password for the LDAP administrator.
D.    The FortiGate has been configured with the wrong authentication schema.

Answer: A

QUESTION 2
Examine the partial output from the IKE realtime debug shown in the exhibit; then answer the question below.

21

22

Why didn’t the tunnel come up?

A.    IKE mode configuration is not enabled in the remote IPsec gateway.
B.    The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.
C.    The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.
D.    One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Answer: B

QUESTION 3
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.

31

Which IP addresses are included in the output of this command?

A.    Those whose traffic matches a DoS policy.
B.    Those whose traffic matches an IPS sensor
C.    Those whose traffic exceeded a threshold of a matching DoS policy.
D.    Those whose traffic was detected as an anomaly by an IPS sensor.

Answer: A

QUESTION 4
Examine the following partial outputs from two routing debug commands; then answer the question below.

# get router info routing-table database
s 0.0.0.0/0 [20/0] via 10.200.2.254, port2, [10/0]
s *> 0.0.0.0/0 [10/0] via 10.200.1.254, port1
# get router info routing-table all
s* 0.0.0.0/0 [10/0] via 10.200.1.254, port1

Why the default route using port2 is not displayed in the output of the second command?

A.    it has a lower priority than the default route using port1.
B.    it has a higher priority than the default route using port1.
C.    it has a higher distance than the default route using port1.
D.    it is disabled in the FortiGate configuration.

Answer: A

QUESTION 5
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug.

diagnose debug applicationike -1
diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial- up user is connecting to the VPN?

A.    Phase 1; IKE mode configuration; XAuth; phase 2.
B.    Phase 1; XAuth; IKE mode configuration; phase 2.
C.    Phase 1; XAuth; phase 2, IKE mode configuration.
D.    Phase 1; IKE mode configuration; phase 2; XAuth.

Answer: D

QUESTION 6
Examine the following partial outputs from two routing debug commands; then answer the questionbelow.

# get router info kernel
tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.1.254 dev=2(port1)
tab=254 vf=0 scope=0 type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.2.254 dev=3(port2)
tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254
gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all
s*    0.0.0.0/0 [10/0] via 10.200.1.254, port1
             [10/0] via 10.200.2.254, port2, [10/0]
c    10.0.1.0/24 is directly connected, port3
c    10.200.1.0/24 is directly connected, port1
c    10.200.2.0/24 is directly connected, port2

Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

A.    port1
B.    port2.
C.    Both port1 and port2.
D.    port3.

Answer: B

QUESTION 7
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

A.    Primary unit stops sending HA heart beat keep alives.
B.    The FortiGuard license for the primary unit is updated.
C.    One of the monitored interfaces in the primary unit is disconnected.
D.    A secondary unit is removed from the HA cluster.

Answer: AC

QUESTION 8
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

81

Which statements are true regarding the output in the exhibit? (Choose two.)

A.    BGP peers have successfully inter changed Open and Keep alive messages.
B.    Local BGP peer received a prefix for a default route.
C.    The state of the remote BGP peer is Open Confirm.
D.    The state of the remote BGP peer will go to Connect after it confirms the received prefixes.

Answer: AB

QUESTION 9
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

A.    FortiGate limits the number of simultaneous sessions per explicit web proxy user.
This limit CANNOT be modified by the administrator.
B.    FortiGate limits the total number of simultaneous explicit web proxy users.
C.    FortiGate limits the number of simultaneous sessions per explicit web proxy user.
The limit CAN be modified by the administrator
D.    FortiGate limits the number of workstations that authenticate using the same web proxy user credentials.
This limit CANNOT be modified by the administrator.

Answer: C

QUESTION 10
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

A.    1
B.    2
C.    3
D.    4

Answer: B

NSE7_EFW dumps full version (PDF&VCE): https://www.lead2pass.com/nse7-efw.html

Large amount of free NSE7_EFW exam questions on Google Drive: https://drive.google.com/open?id=1hvtCJWDMQWREhPlg34iq0dEGQrZGXtgk