NSE7_EFW-7.0 Free Practice Test

The CLI command set intelligent-mode controls the IPS engine’s adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

1. A. Determines the optimal number of IPS engines required based on system load.
2. B. Downloads signatures on demand from FDS based on scanning requirements.
3. C. Determines when it is secure enough to stop scanning session traffic.
4. D. Choose a matching algorithm based on available memory and the type of inspection being performed.

Correct Answer: C
Configuring IPS intelligenceStarting with FortiOS 5.2, intelligent-mode is a new adaptive detection method. This command is enabled the default and it means that the IPS engine will perform adaptive scanning so that, for some traffic, the FortiGate can quickly finish scanning and offload the traffic to NPU or kernel. It is a balanced method which could cover all known exploits. When disabled, the IPS engine scans every single byte.
config ips globalset intelligent-mode {enable|disable}end

What is the purpose of an internal segmentation firewall (ISFW)?

1. A. It inspects incoming traffic to protect services in the corporate DMZ.
2. B. It is the first line of defense at the network perimeter.
3. C. It splits the network into multiple security segments to minimize the impact of breaches.
4. D. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Correct Answer: C
ISFW splits your network into multiple security segments. They serve as a breach containers from attacks that come from inside.

View the following FortiGate configuration.

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

1. A. The session would remain in the session table, and its traffic would still egress from port1.
2. B. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
3. C. The session would remain in the session table, and its traffic would start to egress from port2.
4. D. The session would be deleted, so the client would need to start a new session.

Correct Answer: A
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40943

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

What statements are correct regarding the output? (Choose two.)

1. A. This is an expected session created by a session helper.
2. B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
3. C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
4. D. This is an expected session created by an application control profile.

Correct Answer: AC

Refer to the exhibit, which contains the output of get system ha status. Which two statements about the output are true? (Choose two.)

1. A. The slave configuration is synchronized with the master.
2. B. port7 is used as the HA heartbeat on all devices in the cluster.
3. C. Primary is selected based on the priority configured under config system ha.
4. D. The HA management IP is 169.254.0.2.

Correct Answer: BC