Fortinet NSE7_EFW-6.4 Exam Dumps

Question 6 of 35

Refer to the exhibit, which shows the output of a BGP debug command.

Which statement about the exhibit is true?

The local router has not established a TCP session with 100.64.3.1

The local router BGP state is OpenConfirm with the 10.127.0.75 peer.

Since the counters were last reset, the 100.64.3.1 peer has never been down.

The local router has received a total of three BGP prefixes from all peers.

Correct Answer: A

The local router has not established a TCP session with 100.64.3.1, which is indicated by the state 'Active'. 'Active' means the router is trying to establish a TCP connection on port 179 but has not succeeded yet. Other states like 'Idle', 'Connect', 'OpenSent', 'OpenConfirm', and 'Established' would indicate different phases of the BGP session establishment.

Question 7 of 35

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.

Why did the TCL script fail to make any changes to the managed device?

The TCL script must start with #include <>.

The TCL command run_cmd has not been created.

Changes to an interface configuration can be made only by a CLI script.

Incomplete commands are ignored in TCL scripts.

Correct Answer: B

The TCL script provided attempts to use the command 'run_cmd,' but this command has not been created or defined anywhere in the script. For the script to work, any command used must be properly defined or imported. Without the definition or creation of 'run_cmd,' the script will fail to execute the commands required to make changes to the managed device.

Question 8 of 35

Refer to the exhibit, which contains the debug output of diagnose dvm device list.

Which two statements about the output shown in the exhibit are correct? (Choose two.)

ADOMs are disabled on the FortiManager

The FortiGate configuration is in sync with latest running revision history.

There are pending device-level changes yet to be installed on Local-FortiGate.

The policy package has been modified for Local-FortiGate.

Correct Answer: B, D

Reference:

https://docs.fortinet.com/document/fortimanager/7.0.0/upgrade-guide/959309/cli-example-of-diagnose-dvm-device-list

Question 9 of 35

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator change to fix the issue?

The administrator must increase webfilter-timeout.

The administrator must disable webfilter-force-off.

The administrator must change protocol to TCP.

The administrator must enable fortiguard-anycast.

Correct Answer: B

Reference:

https://docs.fortinet.com/document/fortigate/6.4.5/cli-reference/109620/config-system-fortiguard

Question 10 of 35

When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?

FortiGate uses the CN information from the Subject field in the server certificate.

FortiGate switches to the full SSL inspection method to decrypt the data.

FortiGate uses the requested URL from the user's web browser.

FortiGate blocks the request without any further inspection.

Correct Answer: A

Reference:

https://checkthefirewall.com/blogs/fortinet/ssl-inspection