Create Next App

Exam contains 85 questions

Page 11 of 15

Question 61 🔥

What is the purpose of an internal segmentation firewall (ISFW)?

Which database solution meets these requirements?

A. It inspects incoming traffic to protect services in the corporate DMZ.

Highly voted

B. It is the first line of defense at the network perimeter.

Highly voted

C. It splits the network into multiple security segments to minimize the impact of breaches.

Highly voted

D. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Highly voted

Discussion of the question

Question 62 🔥

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. ike 0: comes 10.0.0.2:500->10.0.0.1:500, ifindex=7.... ike 0: IKEv1 exchange=Aggressive id=baf47d0988e9237f/2f405ef3952f6fda len=430 ike 0: in BAF47D0988E9237F2F405EF3952F6FDA0110040000000000000001AE0400003C0000000100000001000000300101000 ike 0:RemoteSite:4: initiator: aggressive mode get 1st response... ike 0:RemoteSite:4: VID RFC 3947 4A131c81070358455C5728F20E95452F ike 0:RemoteSite:4: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:RemoteSite:4: VID FORTIGATE 8299031757A36082C6A621DE000502D7 ike 0:RemoteSite:4: peer is FortiGate/Fortios (v5 b727) ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:RemoteSite:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:RemoteSite:4: received peer identifier FQDN "˜remore' ike 0:RemoteSite:4: negotiation result ike 0:RemoteSite:4: proposal id = 1: ike 0:RemoteSite:4: protocol id = ISAKMP: ike 0:RemoteSite:4: trans_id = KEY_IKE. ike 0:RemoteSite:4: encapsulation = IKE/none ike 0:RemoteSite:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key ""len=128 ike 0:RemoteSite:4: type=OAKLEY_HASH_ALG, val=SHA. ike 0:RemoteSite:4: type-AUTH_METHOD, val=PRESHARED_KEY. ike 0:RemoteSite:4: type=OAKLEY_GROUP, val=MODP1024. ike 0:RemoteSite:4: ISAKMP SA lifetime=86400 ike 0:RemoteSite:4: ISAKMP SA baf47d0988e9237f/2f405ef3952f6fda key 16: B25B6C9384D8BDB24E3DA3DC90CF5E73 ike 0:RemoteSite:4: PSK authentication succeeded ike 0:RemoteSite:4: authentication OK ike 0:RemoteSite:4: add INITIAL-CONTACT ike 0:RemoteSite:4: enc BAF47D0988E9237F405EF3952F6FDA081004010000000000000080140000181F2E48BFD8E9D603F ike 0:RemoteSite:4: out BAF47D0988E9237F405EF3952F6FDA08100401000000000000008C2E3FC9BA061816A396F009A12 ike 0:RemoteSite:4: sent IKE msg (agg_i2send): 10.0.0.1:500-10.0.0.2:500, len=140, id=baf47d0988e9237f/2 ike 0:RemoteSite:4: established IKE SA baf47d0988e9237f/2f405ef3952f6fdaWhich statements about this debug output are correct? (Choose two.)

Which database solution meets these requirements?

A. The remote gateway IP address is 10.0.0.1.

Highly voted

B. It shows a phase 1 negotiation.

Highly voted

C. The negotiation is using AES128 encryption with CBC hash.

Highly voted

D. The initiator has provided remote as its IPsec peer I

Highly voted

Discussion of the question

Question 63 🔥

Which of the following statements are correct regarding application layer test commands? (Choose two.)

Which database solution meets these requirements?

A. They are used to filter real-time debugs.

Highly voted

B. They display real-time application debugs.

Highly voted

C. Some of them display statistics and configuration information about a feature or process.

Highly voted

D. Some of them can be used to restart an application.

Highly voted

Discussion of the question

Question 64 🔥

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?

Which database solution meets these requirements?

A. FortiGate uses the Issued To: field in the server's certificate.

Highly voted

B. FortiGate switches to the full SSL inspection method to decrypt the data.

Highly voted

C. FortiGate blocks the request without any further inspection.

Highly voted

D. FortiGate uses the requested URL from the user's web browser.

Highly voted

Discussion of the question

Question 65 🔥

What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?

Which database solution meets these requirements?

A. av-failopen

Highly voted

B. mem-failopen

Highly voted

C. utm-failopen

Highly voted

D. ips-failopen

Highly voted

Discussion of the question

Question 66 🔥

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.Which of the following statements about the exhibit are true? (Choose two.)

Which database solution meets these requirements?

A. For the peer 10.125.0.60, the BGP state of is Established.

Highly voted

B. The local BGP peer has received a total of three BGP prefixes.

Highly voted

C. Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

Highly voted

D. The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

fortinet NSE7

Exam contains 85 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us