nerdexam
Fortinet

NSE7_EFW · Question #16

NSE7_EFW Question #16: Real Exam Question with Answer & Explanation

The correct answer is C. The pre-shared key is wrong. See the full explanation below for the reasoning.

Question

An administrator added the following Ipsec VPN to a FortiGate configuration: configvpn ipsec phasel -interface edit "RemoteSite" set type dynamic set interface "portl" set mode main set psksecret ENC LCVkCiK2E2PhVUzZe next end config vpn ipsec phase2-interface edit "RemoteSite" set phasel name "RemoteSite" set proposal 3des-sha256 next end However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit. What is causing the IPsec problem in the phase 1 ?

Exhibits

NSE7_EFW question #16 exhibit 1
NSE7_EFW question #16 exhibit 2

Options

  • AThe incoming IPsec connection is matching the wrong VPN configuration
  • BThe phrase-1 mode must be changed to aggressive
  • CThe pre-shared key is wrong
  • DNAT-T settings do not match

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full NSE7_EFW Practice