NSE7 Exam Questions

An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the que...

Examine the partial output from the IKE realtime debug shown in the exhibit; then answer the question below. Why didn't the tunnel come up?

Examine the output of the 'diagnose ips anomaly list' command shown in the exhibit; then answer the question below. Which IP addresses are included in the output of this command?

Examine the following partial outputs from two routing debug commands; then answer the question below. Why the default route using port2 is not displayed in the output of the secon...

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real ti...

Examine the following partial outputs from two routing debug commands; then answer the questionbelow. # get router info kernel tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0....

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below: Which statements are true regarding the output in the exhibit? (Choose two...

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup desig...

Examine the following partial output from a sniffercommand; then answer the question below. What is the meaning of the packets dropped counter at the end of the sniffer?

Examine the following traffic log; then answer the question below. date-20xx-02-01 time=19:52:01 devname=masterdevice_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri c...

The logs in a FSSO collector agent (CA) are showing the following error: failed to connect to registry: PIKA1026 (192.168.12.232) What can be the reason for this error?

Examine the output of the 'diagnose debug rating' commandshown in the exhibit; then answer the question below. Which statement are true regarding the output in the exhibit? (Choose...

An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized...

An administrator added the following Ipsec VPN to a FortiGate configuration: configvpn ipsec phasel -interface edit "RemoteSite" set type dynamic set interface "portl" set mode mai...

Examine the IPsec configuration shown in the exhibit; then answer the question below. An administrator wants to monitor the VPN by enable the IKE real time debug using these comman...

Examine the output of the 'get router info ospf interface' command shown in the exhibit; then answer the question below. Which statements are true regarding the above output? (Choo...

Examine the following routing table and BGP configuration; then answer the question below. The BGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24...

Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

When does a RADIUS server send an Access-Challenge packet?

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below. # diagnose debug authd fsso list--FSSO logons-IP: 192.168.3.1 User: STUDENT Gr...

Examine the following partial output from two system debug commands; then answer the question below. Which of the following statements are true regarding the above outputs? (Choose...

A FortiGate device has the following LDAP configuration: Based on the output, what FortiGate LDAP setting is configured incorrectly?

Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; then answer the question below. Which statement is true regarding the session in the...

An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. Duri...

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created an inter-VDOM link that connects both VDOMs. The objective...

A FortiGate's port1 is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access t...

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The...

Which statements regarding banned words are correct? (Choose two.)

A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1...

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0...

Review the IKE debug output for IPsec shown in the exhibit below. Which statements is correct regarding this output?

Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it. Which two statements are correct regardin...

Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.)

Which statements are true regarding IPv6 anycast addresses? (Choose two.)

What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.)

Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)

In which order are firewall policies processed on a FortiGate unit?

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output...

An administrator is running the following sniffer in a FortiGate: diagnose sniffer packet any "host 10.0.2.10" 2 What information is included in the output of the sniffer? (Choose...

Examine the partial output from two web filter debug commands; then answer the question below: Based on the above outputs, which is the FortiGuard web filter category for the web s...

Examine the output of the `get router info bgp summary' command shown in the exhibit; then answer the question below. Which statements are true regarding the output in the exhibit?...

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug...

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This...

Examine the output of the `get router info ospf neighbor' command shown in the exhibit; then answer the question below. Which statements are true regarding the output in the exhibi...

A FortiGate has two default routes: All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal...

What events are recorded in the crashlogs of a ForitGate device? (Choose two.)