Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. Fortinet
  5. NSE7_EFW-6.2

Fortinet NSE 7 - Enterprise Firewall 6.2
NSE7_EFW-6.2 Exam

View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

  1. There are 0 ephemeral sessions.
  2. All the sessions in the session table are TCP sessions.
  3. No sessions have been deleted because of memory pages exhaustion.
  4. There are 166 TCP sessions waiting to complete the three-way handshake.

Answer(s): A,C

Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD40578



An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit?

  1. redir.
  2. dirty.
  3. synced
  4. nds.

Answer(s): C

Explanation:

The synced sessions have the`synced' flag. The command `diag sys session list' can be used to see the sessions on the member, with the associated flags.



When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

  1. FortiGate uses CN information from the Subject field in the server's certificate.
  2. FortiGate switches to the full SSL inspection method to decrypt the data.
  3. FortiGate blocks the request without any further inspection.
  4. FortiGate uses the requested URL from the user's web browser.

Answer(s): A



Examine the partial output from the IKE real time debug shown in the exhibit; then answer the

QUESTION
below.
Why didn't the tunnel come up?

  1. IKEmode configuration is not enabled in the remote IPsec gateway.
  2. The remote gateway's Phase-2 configuration does not match the local gateway's phase-2 configuration.
  3. The remote gateway's Phase-1 configuration does not match the local gateway's phase-1configuration.
  4. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Answer(s): C




Jessica
Thanks to this site! i passed my 310-055 exam with 90%
- UNITED STATES
Upvote


George
I passed my VCP Exam this week with an 87. I hadn't taken a cert exam in 10 years. Your product was very helpful and helped me hone the areas where I was lacking. Thank you.
- UNITED ARAB EMIRATES
Upvote


David B.
I would like to thank this site for the great support and passing 920-105 exam with excellent result. Thanks once again!
- UNITED STATES
Upvote


Bruce Gord
Thanks Well I just passed the exam with high score. Anyway, thanks for providing the good material.
- Malaysia
Upvote


Parag
Hi, Let me appreciate your Study Guide. I passed the exam with 92%. All the questions were from the study guide. I am still wondering where I went wrong for not scoring 100%. I will not hesitate to recommend your site to my friends and colleagues. Thanks
- UNITED STATES
Upvote


J M
Hello, I purchased your 640-801 last week and I was able to pass my exam with 96%. The questions were all the same. I wondering how you guys do it? Keep up the good job. I appreciate your service and your best price. Thanks
- UNITED STATES
Upvote

Read more ...