Scribd
Upload
2K views8 pages

Enterprise Firewall 6.4 Sample Questions Attempt Review

Uploaded by

Waleed Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views8 pages

Enterprise Firewall 6.4 Sample Questions Attempt Review

Uploaded by

Waleed Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Enterprise Firewall 6.4 Sample Questions

Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

 NSE 7 Enterprise Firewall 6.4 Sample Questions

Started on Tuesday, June 8, 2021, 9:40 AM


State Finished
Completed on Tuesday, June 8, 2021, 9:45 AM
Time taken 5 mins 27 secs
Points 19/20
Grade 95 out of 100

Question 1
Incorrect

0 points out of 1

Which layer of the FortiOS architecture does an application process or daemon run on?

Select one:
Configuration layer 

Hardware

User space

Kernel

Question 2
Correct

1 points out of 1

Which setting must be enabled in an in a spoke IPsec phase 1 configuration, to indicate that it wants to participate in ADVPN?

Select one:
auto-discovery-receiver 

auto-discovery-forwarder

auto-discovery-ipsec

auto-discovery-sender

Question 3
Correct

1 points out of 1

View the exhibit, which contains a hub-and-spoke VPN topology with two hubs.

1 of 8 6/8/2021, 1:49 PM
Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

An administrator wants to configure ADVPN.

Which ADVPN setting must be enabled in the tunnel between the Hub1 and Hub2 FortiGate devices?

Select one:
set auto-discovery-ipsec enabled

set auto-discovery-forwarder enabled 

set auto-discovery-receiver enabled

set auto-discovery-sender enabled

Question 4
Correct

1 points out of 1

Which two statements correctly describe the characteristics of the Fortinet Security Fabric? (Choose two.)

Select one or more:


The core of the Security Fabric includes FortiMail, FortiWeb, and FortiSandbox.

It supports an open API, allowing third-party product integration. 

It contains individual management platforms for each device to provide granular control.

It provides a single pane of glass for reporting for all devices in the Security Fabric. 

Question 5
Correct

1 points out of 1

Which statement about administrative domains (ADOMs) on FortiManager is true?

Select one:
ADOMs allow grouping of managed devices based on management criteria and administrative access. 

The number of configurable ADOMs is based on the FortiManager FortiCare service contract.

The ADOM feature can be enabled by any administrative user.

2 of 8 6/8/2021, 1:49 PM
Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

# get router info routing-table database


S 0.0.0.0/0 [20/0] via 100.64.2.254, port2, [10/0]
S *> 0.0.0.0/0 [10/0] via 100.64.1.254, port1

# get router info routing-table all


S* 0.0.0.0/0 [10/0] via 100.64.1.254, port1

Why is the default route that uses port2 not in the output of the second command?

Select one:
It has a higher distance than the default route using port1. 

There can be only one default route present in an active routing table.

It has a higher priority than the default route using port1.

It is disabled in the FortiGate configuration.

Question 7
Correct

1 points out of 1

View the following exhibit, which contains the sniffer output for a passive mode FTP request.

An administrator has created the following custom IPS signature to block all FTP requests for passive mode:
F-SBID (--attack_id 1002; --name "Block.FTP "; --protocol tcp; --flow from_client; --pattern "PASV"; --no_case;)
Soon after the signature is enabled in an active IPS sensor, some false positive detections are generated.

3 of 8 6/8/2021, 1:49 PM
Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

Verify that DNS requests are being proxied, if auto-update tunneling is enabled.

Verify management VDOM internet access. 

Use the FortiGuard real-time debug command to verify rating requests.

Question 9
Correct

1 points out of 1

Which two configuration changes can be applied to optimize the memory usage on FortiGate? (Choose two.)

Select one or more:


Reduce the FortiGuard cache TTL. 

Use flow-based inspection.

Decrease the sessions TTL. 

Increase TCP session timers.

Increase the maximum file size for AV inspection.

Question 10
Correct

4 of 8 6/8/2021, 1:49 PM
Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

Correct

1 points out of 1

View the following exhibit:

5 of 8 6/8/2021, 1:49 PM
Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

FortiGate contacts a DNS server to resolve the FortiGuard domain name. 

6 of 8 6/8/2021, 1:49 PM
Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

7 of 8 6/8/2021, 1:49 PM
Enterprise Firewall 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=7321694&c...

8 of 8 6/8/2021, 1:49 PM

You might also like