NSE7_EFW-7.0 Free Practice Test

An administrator added the following Ipsec VPN to a FortiGate configuration:
configvpn ipsec phasel -interface edit "RemoteSite"
set type dynamic
set interface "portl" set mode main
set psksecret ENC LCVkCiK2E2PhVUzZe next
end
config vpn ipsec phase2-interface edit "RemoteSite"
set phasel name "RemoteSite" set proposal 3des-sha256
next end
However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.


What is causing the IPsec problem in the phase 1 ?

1. A. The incoming IPsec connection is matching the wrong VPN configuration
2. B. The phrase-1 mode must be changed to aggressive
3. C. The pre-shared key is wrong
4. D. NAT-T settings do not match

Correct Answer: C

What is the diagnose test application ipsmonitor 99 command used for?

1. A. To enable IPS bypass mode
2. B. To provide information regarding IPS sessions
3. C. To disable the IPS engine
4. D. To restart all IPS engines and monitors

Correct Answer: D

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands: diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1 diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn’t there any output?

1. A. The IKE real time shows the phases 1 and 2 negotiations onl
2. B. It does not show any more output once the tunnel is up.
3. C. The log-filter setting is set incorrectl
4. D. The VPN’s traffic does not match this filter.
5. E. The IKE real time debug shows the phase 1 negotiation onl
6. F. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
7. G. The IKE real time debug shows error messages onl
8. H. If it does not provide any output, it indicates that the tunnel is operating normally.

Correct Answer: B

Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

1. A. Anti-replay is enabled
2. B. The remote gateway IP is 10.200.4.1.
3. C. DPD is disabled.
4. D. Quick mode selectors are disabled.

Correct Answer: AB

Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

1. A. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
2. B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
3. C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
4. D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

Correct Answer: BD
CLI scripts can be run in three different ways:Device Database: By default, a script is executed on the device database. It is recommend you run the changes on the device database (default setting), as this allows you to check what configuration changes you will send to the managed device. Once scripts are run on the device database, you can install these changes to a managed device using the installation wizard.
Policy Package, ADOM database: If a script contains changes related to ADOM level objects and policies, you can change the default selection to run on Policy Package, ADOM database and can then be installed using the installation wizard.
Remote FortiGate directly (through CLI): A script can be executed directly on the device and you don’t need to install these changes using the installation wizard. As the changes are directly installed on the managed device, no option is provided to verify and check the configuration changes through FortiManager prior to executing it.