NSE7_EFW-6.0 Free Practice Test

Which statement is true regarding File description (FD) conserve mode?

1. A. IPS inspection is affected when FortiGate enters FD conserve mode.
2. B. A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
3. C. FD conserve mode affects all daemons running on the device.
4. D. Restarting the WAD process is required to leave FD conserve mode.

Correct Answer: B

View the exhibit, which contains a session entry, and then answer the question below.
<>

1. A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.
2. B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.
3. C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
4. D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Correct Answer: A

An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

1. A. diagnose sniffer packet any ‘udp port 500’
2. B. diagnose sniffer packet any ‘udp port 4500’
3. C. diagnose sniffer packet any ‘esp’
4. D. diagnose sniffer packet any ‘udp port 500 or udp port 4500’

Correct Answer: C

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

1. A. Phase1; IKE mode configuration; XAuth; phase 2.
2. B. Phase1; XAuth; IKE mode configuration; phase2.
3. C. Phase1; XAuth; phase 2; IKE mode configuration.
4. D. Phase1; IKE mode configuration; phase 2; XAuth.

Correct Answer: B
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

1. A. Group ID.
2. B. Group name.
3. C. Session pickup.
4. D. Gratuitous ARPs.

Correct Answer: A
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_failoverVMAC.htm