NSE7 Questions And Answers
$68
Exam Name: NSE7 Enterprise Firewall - FortiOS 5.4
Updated: 2019-03-24
Q & A: 45
- Reviews
-
Walton OrmistonDec 07,2018Thank you for all your help, I pass my test. PCNSE7 exam dumps very valid.
-
Christopher OravetzSep 28,2018Thanks for their help, I passed my PCNSE7 exam just now. Their questions are really good. Very helpful and convenient.
-
Cole OutlawSep 18,2018I passed PCNSE7 exam test yesterday with the full mark. Thanks a lot.
NSE7 Frequently Asked Questions
Q1: Can I use NSE7 exam Q&As in my phone?
Yes, PassQuestion provides Network Security Expert Program NSE7 pdf Q&As which you can download to study on your computer or mobile device, we also provide NSE7 pdf free demo which from the full version to check its quality before purchasing.
Q2: What are the formats of your Fortinet NSE7 exam questions?
PassQuestion provides Fortinet NSE7 exam questions with pdf format and software format, pdf file will be sent in attachment and software file in a download link, you need to download the link in a week, it will be automatically invalid after a week.
Q3: How can I download my NSE7 test questions after purchasing?
We will send Network Security Expert Program NSE7 test questions to your email once we receive your order, pls make sure your email address valid or leave an alternate email.
Q4: How long can I get my Network Security Expert Program NSE7 questions and answers after purchasing?
We will send Network Security Expert Program NSE7 questions and answers to your email in 10 minutes in our working time and no less than 12 hours in our off time.
Working Time:
GMT+8: Monday- Saturday 8:00 AM-18:00 PM
GMT: Monday- Saturday 0:00 AM-10:00 AM
Q5: Can I pass my test with your Network Security Expert Program NSE7 practice questions only?
Sure! All of PassQuestion Network Security Expert Program NSE7 practice questions come from real test. If you can practice well and get a good score in our practice Q&As, we ensure you can pass your NSE7 Enterprise Firewall - FortiOS 5.4 exam easily.
Q6: How can I know my NSE7 updated?
You can check the number of questions, if it is changed,that means we have updated this exam ,you can contact us anytime to ask for an free update. our sales email : [email protected]
Q7: What is your refund process if I fail Fortinet NSE7 test?
If you fail your NSE7 test in 60 days by studying our study material, just scan your score report and send to us in attchment,when we check, we will give you full refund.
Q8. What other payment menthod can I use except Paypal?
If your country don't support Paypal, we offer another Payment method Western Union,it is also safe and fast. Pls contact us for the details, we will send it to your email.
Question No : 1
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?
A. TCP half open.
B. TCP half close.
C. TCP time wait.
D. TCP session time to live.
A. TCP half open.
B. TCP half close.
C. TCP time wait.
D. TCP session time to live.
Answer: A
Question No : 2
Examine the output of the ¡®get router info ospf interface¡¯ command shown in the exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
A. The port4 interface is connected to the OSPF backbone area.
B. The local FortiGate has been elected as the OSPF backup designated router.
C. There are at least 5 OSPF routers connected to the port4 network.
D. Two OSPF routers are down in the port4 network.
Which statements are true regarding the above output? (Choose two.)
A. The port4 interface is connected to the OSPF backbone area.
B. The local FortiGate has been elected as the OSPF backup designated router.
C. There are at least 5 OSPF routers connected to the port4 network.
D. Two OSPF routers are down in the port4 network.
Answer: A,D
Question No : 3
A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)
A.Both session have the local flag on.
B.The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.
C.One session has the proxy flag on, the other one does not.
D.One of the sessions has the IP address of port2 as the source IP address.
A.Both session have the local flag on.
B.The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.
C.One session has the proxy flag on, the other one does not.
D.One of the sessions has the IP address of port2 as the source IP address.
Answer: AD
Question No : 4
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?
A.FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.
B.FortiGate limits the total number of simultaneous explicit web proxy users.
C.FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
D.FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.
A.FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.
B.FortiGate limits the total number of simultaneous explicit web proxy users.
C.FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator
D.FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.
Answer: C
Question No : 5
Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:
Which statements are true regarding the output in the exhibit? (Choose two.)
A.BGP peers have successfully interchanged Open and Keepalive messages.
B.Local BGP peer received a prefix for a default route.
C. The state of the remote BGP peer is OpenConfirm.
D.The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
Which statements are true regarding the output in the exhibit? (Choose two.)
A.BGP peers have successfully interchanged Open and Keepalive messages.
B.Local BGP peer received a prefix for a default route.
C. The state of the remote BGP peer is OpenConfirm.
D.The state of the remote BGP peer will go to Connect after it confirms the received prefixes.
Answer: A, B
Question No : 6
A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies.
Which CLI command syntax will display the rule that matches the test?
A. test security -policy- match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number
B. show security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
C. test security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
D. show security-policy-match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number> test security-policy-match source
Which CLI command syntax will display the rule that matches the test?
A. test security -policy- match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number
B. show security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
C. test security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
D. show security-policy-match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number> test security-policy-match source
Answer: A
Question No : 7
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?
A.1
B.2
C.3
D.4
A.1
B.2
C.3
D.4
Answer: B
Question No : 8
Examine the following partial outputs from two routing debug commands; then answer the question below.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.1.254 dev=2(port1)
tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.2.254 dev=3(port2)
tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254
gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2
Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?
A.port!
B.port2.
C.Both portl and port2.
D.port3.
# get router info kernel
tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.1.254 dev=2(port1)
tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0
gwy=10.200.2.254 dev=3(port2)
tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254
gwy=0.0.0.0 dev=4(port3)
# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2
Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?
A.port!
B.port2.
C.Both portl and port2.
D.port3.
Answer: B
Question No : 9
Examine the following partial outputs from two routing debug commands; then answer the question below:
Why the default route using port2 is not displayed in the output of the second command?
A. It has a lower priority than the default route using port1.
B. It has a higher priority than the default route using port1.
C. It has a higher distance than the default route using port1.
D. It is disabled in the FortiGate configuration.
Why the default route using port2 is not displayed in the output of the second command?
A. It has a lower priority than the default route using port1.
B. It has a higher priority than the default route using port1.
C. It has a higher distance than the default route using port1.
D. It is disabled in the FortiGate configuration.
Answer: A
Question No : 10
The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080.
Which NAT and security rules must be configured on the firewall? (Choose two)
A. A security policy with a source of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3 zone using web-browsing application
B. A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.
C. A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.
D. A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in dmz-I3 zone using web-browsing application.
Which NAT and security rules must be configured on the firewall? (Choose two)
A. A security policy with a source of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3 zone using web-browsing application
B. A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.
C. A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.
D. A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in dmz-I3 zone using web-browsing application.
Answer: CD
Question No : 11
What events are recorded in the crashlogs of a ForitGate device? (Choose two.)
A. A process crash.
B. Configuration changes.
C. Changes in the status of any of the FortiGuard licenses.
D. System entering to and leaving from the proxy conserve mode.
A. A process crash.
B. Configuration changes.
C. Changes in the status of any of the FortiGuard licenses.
D. System entering to and leaving from the proxy conserve mode.
Answer: A
Question No : 12
A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
A. Firewall monitor.
B. Policy monitor.
C. Logs.
D. Crashlogs.
A. Firewall monitor.
B. Policy monitor.
C. Logs.
D. Crashlogs.
Answer: C,D
Question No : 13
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the ¡®diagnose debug authd fsso list¡¯ command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)
A. The user student must not be listed in the CA¡¯s ignore user list.
B. The user student must belong to one or more of the monitored user groups.
C. The student workstation¡¯s IP subnet must be listed in the CA¡¯s trusted list.
D. At least one of the student¡¯s user groups must be allowed by a FortiGate firewall policy.
A. The user student must not be listed in the CA¡¯s ignore user list.
B. The user student must belong to one or more of the monitored user groups.
C. The student workstation¡¯s IP subnet must be listed in the CA¡¯s trusted list.
D. At least one of the student¡¯s user groups must be allowed by a FortiGate firewall policy.
Answer: B,D
Question No : 14
When does a RADIUS server send an Access-Challenge packet?
A. The server does not have the user credentials yet.
B. The server requires more information from the user, such as the token code for two-factor authentication.
C. The user credentials are wrong.
D. The user account is not found in the server.
A. The server does not have the user credentials yet.
B. The server requires more information from the user, such as the token code for two-factor authentication.
C. The user credentials are wrong.
D. The user account is not found in the server.
Answer: B
Question No : 15
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?
A. Diagnose debug application radius -1.
B. Diagnose debug application fnbamd -1.
C. Diagnose authd console ¨Clog enable.
D. Diagnose radius console ¨Clog enable.
A. Diagnose debug application radius -1.
B. Diagnose debug application fnbamd -1.
C. Diagnose authd console ¨Clog enable.
D. Diagnose radius console ¨Clog enable.
Answer: A
Christopher Oravetz
Thanks for their help, I passed my PCNSE7 exam just now. Their questions are really good. Very helpful and convenient.
Cole Outlaw
I passed PCNSE7 exam test yesterday with the full mark. Thanks a lot.
Joesph Desmond
I took my PCNSE7 exam yesterday and passed, all questions are valid, Thanks a lot.
Walton Ormiston