New NSE7 Dumps with PDF and VCE 97Q 2018 Version Updated

Discussion in 'General Certification' started by Archie Praed, Aug 9, 2018.

  1. Archie Praed

    Archie Praed Member
    Member

    Joined:
    Mar 28, 2016
    Messages:
    147
    Likes Received:
    19
    2018-8-9 Braindump2go Fortinet NSE7 Exam Dumps with PDF and VCE New Updated! Following are some new NSE7 Real Exam Questions:

    QUESTION 41
    Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)


    A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
    B. SIP ALG supports SIP HA failover; SIP helper does not.
    C. SIP ALG supports SIP over IPv6; SIP helper does not.
    D. SIP ALG can create expected sessions for media traffic; SIP helper does not.
    E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.


    Answer: BCD

    QUESTION 42
    A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the `diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)


    A. The user student must not be listed in the CA's ignore user list.
    B. The user student must belong to one or more of the monitored user groups.
    C. The student workstation's IP subnet must be listed in the CA's trusted list.
    D. At least one of the student's user groups must be allowed by a FortiGate firewall policy.


    Answer: BD

    QUESTION 43
    An administrator is running the following sniffer in a FortiGate:
    diagnose sniffer packet any "host 10.0.2.10" 2
    What information is included in the output of the sniffer? (Choose two.)


    A. Ethernet headers.
    B. IP payload.
    C. IP headers.
    D. Port names.


    Answer: BC

    QUESTION 44
    Examine the partial output from two web filter debug commands; then answer the question below:

    Based on the above outputs, which is the FortiGuard web filter category for the web site

    Dear visitor, you need to Register or Login to view links on Certify Chat.



    A. Finance and banking
    B. General organization.
    C. Business.
    D. Information technology.


    Answer: C

    QUESTION 45
    Examine the output of the `get router info bgp summary' command shown in the exhibit; then answer the question below.

    Which statements are true regarding the output in the exhibit? (Choose two.)


    A. BGP state of the peer 10.125.0.60 is Established.
    B. BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.
    C. Local BGP peer has not received an OpenConfirm from 10.200.3.1.
    D. The local BGP peer has received a total of 3 BGP prefixes.


    Answer: AC

    QUESTION 46
    A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

    What should the administrator check to fix the problem?


    A. The connectivity between the FortiGate unit and the DNS server.
    B. The connectivity between the client workstations and the DNS server.
    C. That DNS traffic from client workstations is allowed by the explicit web proxy policies.
    D. That DNS service is enabled in the explicit web proxy interface.


    Answer: AB

    QUESTION 47
    Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?


    A. Group ID.
    B. Group name.
    C. Session pickup.
    D. Gratuitous ARPs.


    Answer: A

    QUESTION 48
    Examine the output of the `get router info ospf neighbor' command shown in the exhibit; then answer the question below.

    Which statements are true regarding the output in the exhibit? (Choose two.)


    A. The interface ToRemote is OSPF network type point-to-point.
    B. The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.
    C. The local FortiGate is the backup designated router for the wan1 network.
    D. The OSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the wan1 network.


    Answer: AC

    QUESTION 49
    A FortiGate has two default routes:

    All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

    What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?


    A. Session would remain in the session table and its traffic would keep using port1 as the outgoing interface.
    B. Session would remain in the session table and its traffic would start using port2 as the outgoing interface.
    C. Session would be deleted, so the client would need to start a new session.
    D. Session would remain in the session table and its traffic would be shared between port1 and port2.


    Answer: A

    QUESTION 50
    What events are recorded in the crashlogs of a ForitGate device? (Choose two.)


    A. A process crash.
    B. Configuration changes.
    C. Changes in the status of any of the FortiGuard licenses.
    D. System entering to and leaving from the proxy conserve mode.


    Answer: AD

    QUESTION 51
    A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)


    A. Firewall monitor.
    B. Policy monitor.
    C. Logs.
    D. Crashlogs.


    Answer: CD

    1.|2018 Latest NSE7 Exam Dumps (PDF & VCE) 97Q&As Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.



    2.|2018 Latest NSE7 Exam Questions & Answers Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.

     
  2. Archie Praed

    Archie Praed Member
    Member

    Joined:
    Mar 28, 2016
    Messages:
    147
    Likes Received:
    19
    More Free Braindump2go NSE7 Real Exam Questions:

    QUESTION 52
    Examine the output of the `get router info bgp summary' command shown in the exhibit; then answer the question below.

    Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

    A. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.
    B. The TCP session for the BGP connection to 10.200.3.1 is down.
    C. The local peer has received the BGP prefixed from the remote peer.
    D. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

    Answer: B

    QUESTION 53
    A FortiGate device has the following LDAP configuration:

    The LDAP user student cannot authenticate. The exhibit shows the output of the authentication real time debug while testing the student account:

    Based on the above output, what FortiGate LDAP settings must the administer check? (Choose two.)

    A. cnid.
    B. username.
    C. password.
    D. dn.

    Answer: BC

    QUESTION 54
    Examine the output from the `diagnose vpn tunnel list' command shown in the exhibit; then answer the question below.

    Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

    A. diagnose sniffer packet any `port 500'
    B. diagnose sniffer packet any `esp'
    C. diagnose sniffer packet any `host 10.0.10.10'
    D. diagnose sniffer packet any `port 4500'

    Answer: B

    QUESTION 55
    View the central management configuration shown in the exhibit, and then answer the question below.

    Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

    A. 10.0.1.240
    B. One of the public FortiGuard distribution servers
    C. 10.0.1.244
    D. 10.0.1.242

    Answer: B

    QUESTION 56
    View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

    Which statements are correct regarding the output shown? (Choose two.)

    A. There are 0 ephemeral sessions.
    B. All the sessions in the session table are TCP sessions.
    C. No sessions have been deleted because of memory pages exhaustion.
    D. There are 166 TCP sessions waiting to complete the three-way handshake.

    Answer: AD

    QUESTION 57
    View the exhibit, which contains the output of a debug command, and then answer the question below.

    What statement is correct about this FortiGate?

    A. It is currently in system conserve mode because of high CPU usage.
    B. It is currently in FD conserve mode.
    C. It is currently in kernel conserve mode because of high memory usage.
    D. It is currently in system conserve mode because of high memory usage.

    Answer: D

    QUESTION 58
    Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

    A. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
    B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
    C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
    D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

    Answer: AD

    QUESTION 59
    Which of the following tasks are automated using the Install Wizard on FortiManager? (Choose two.)

    A. Preview pending configuration changes for managed devices.
    B. Add devices to FortiManager.
    C. Import policy packages from managed devices.
    D. Install configuration changes to managed devices.
    E. Import interface mappings from managed devices.

    Answer: BD

    QUESTION 60
    View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

    If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

    A. This session is for HA heartbeat traffic.
    B. This session is synced with the slave unit.
    C. The inspection of this session has been offloaded to the slave unit.
    D. This session cannot be synced with the slave unit.

    Answer: B

    QUESTION 61
    View the IPS exit log, and then answer the question below.
    # diagnose test application ipsmonitor 3
    ipsengine exit log”
    pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017
    code = 11, reason: manual
    What is the status of IPS on this FortiGate?

    A. IPS engine memory consumption has exceeded the model-specific predefined value.
    B. IPS daemon experienced a crash.
    C. There are communication problems between the IPS engine and the management database.
    D. All IPS-related features have been disabled in FortiGate's configuration.

    Answer: B

    QUESTION 62
    View the exhibit, which contains an entry in the session table, and then answer the question below.

    Which one of the following statements is true regarding FortiGate's inspection of this session?

    A. FortiGate applied proxy-based inspection.
    B. FortiGate forwarded this session without any inspection.
    C. FortiGate applied flow-based inspection.
    D. FortiGate applied explicit proxy-based inspection.

    Answer: B


    1.|2018 Latest NSE7 Exam Dumps (PDF & VCE) 97Q&As Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.



    2.|2018 Latest NSE7 Exam Questions & Answers Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.

     

Share This Page