NEW PassLeader Enterprise Firewall 6.2 NSE7_EFW-6.2 Exam Dumps/Braindumps/Practice Tests [VCE & PDF Files]
Part of new Enterprise Firewall 6.2 NSE7_EFW-6.2 exam questions from PassLeader:
NEW QUESTION 1
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement about this command is true?
A.It forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
B.It disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
C.It sends a link failed signal to all connected devices.
D.It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
NEW QUESTION 2
What does the "dirty" flag mean in a FortiGate session?
A.The session must be removed from the former primary unit after an HA failover.
B.Traffic has been blocked by the antivirus inspection.
C.Traffic has been identified as from an application that is not allowed.
D.The next packet must be re-evaluated against the firewall policies.
NEW QUESTION 3
How does FortiManager handle FortiGate requests from FortiGate devices, when it is configured as a local FDS?
A.FortiManager will respond to update requests only from a managed device.
B.FortiManager can download and maintain local copies of FortiGuard databases.
C.FortiManager supports only FortiGuard push update to managed devices.
D.FortiManager does not support web filter rating requests.
NEW QUESTION 4
An administrator wants to capture ESP traffic between two FortiGate devices using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator execute?
A.diagnose sniffer packet any 'esp'
B.diagnose sniffer packet any 'udp port 4500'
C.diagnose sniffer packet any 'udp port 500'
D.diagnose sniffer packet any 'tcp port 500 or tcp port 4500'
NEW QUESTION 5
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)
NEW QUESTION 6
Which three conditions are required for two FortiGate devices to form an OSP adjacency? (Choose three.)
A.OSPF costs match.
B.OSPF peer IDs match.
C.Hello and dead intervals match.
D.OSPF IP MTUs match.
E.IP addresses are in the same subnet.
NEW QUESTION 7
Refer to the exhibit, which contains a partial output of an IKE real-time debug:
Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
NEW QUESTION 8
Refer to the exhibit, which contains a session table entry:
Which statement about FortiGate inspection of this session is true?
A.FortiGate applied proxy-based inspection.
B.FortiGate applied flow-based NGFW policy-based inspection.
C.FortiGate applied flow-based inspection.
D.FortiGate forwarded this session without any inspection.
NEW QUESTION 9
Refer to the exhibit, which contains the partial output of an IKE real-time debug:
Why did the tunnel not come up?
A.The pre-shared keys do not match.
B.The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration.
C.The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration.
D.The remote gateway is using aggressive mode and the local gateway is configured to use main mode.
NEW QUESTION 10
Refer to the exhibit, which contains partial outputs from two routing debug commands:
Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
D.both port1 and port2
NEW QUESTION 11
Refer to the exhibit, which contains the output of a debug command:
Which statement about this FortiGate is correct?
A.It is currently in system conserve mode because of high CPU usage.
B.It is currently in extreme conserve mode because of high memory usage.
C.It is currently in proxy conserve mode because of high memory usage.
D.It is currently in memory conserve mode because of high memory usage.
NEW QUESTION 12
Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)
A.The link health monitor (if configured) is up.
B.There is no other route, to the same destination, with a higher distance.
C.The outgoing interface is up.
D.The next-hop IP address is up.
NEW QUESTION 13
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
A.FortiGate uses the requested URL from the user's web browser.
B.FortiGate uses the CN information from the subject field in the server certificate.
C.FortiGate blocks the request without any further inspection.
D.FortiGate switches to the full SSL inspection method to decrypt the data.
NEW QUESTION 14
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
A.Import policy packages from managed devices.
B.Preview pending configuration changes for managed devices.
C.Add devices to FortiManager.
D.Import interface mappings from managed devices.
E.Install configuration changes to managed devices.
NEW QUESTION 15
Get the newest Enterprise Firewall 6.2 NSE7_EFW-6.2 exam dumps with VCE and PDF from PassLeader:
1. Get More PassLeader NEW Enterprise Firewall 6.2 NSE7_EFW-6.2 Dumps PDF from Google Drive:
2. Get More PassLeader NEW Enterprise Firewall 6.2 NSE7_EFW-6.2 Exam Questions and VCE from: