Fortinet NSE7 ExamFortinet Troubleshooting Professional

Total Question: 30 Last Updated: September 25,2017
  • Updated NSE7 Dumps
  • Based on Real NSE7 Exams Scenarios
  • Free NSE7 pdf Demo Available
  • Check out our NSE7 Dumps in a new PDF format
  • Instant NSE7 download
  • Guarantee NSE7 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial

Questions Ask for fortinet nse7

Exam Code: fortinet nse7 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Troubleshooting Professional
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass fortinet nse7 Exam.

Q1. An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after thechanges, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets and before the arrival of the SYN/ACKs. When the SYN/ACK packetsarrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem? 

A. TCP half open. 

B. TCP half close. 

C. TCP time wait. 

D. TCP session time to live. 

Answer:


Q2. Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; then answer the question below. 

Which statement is true regarding the session in the exhibit? 

A. it was created by the FortiGate kernel to allow push updates from FortiGuard. 

B. it is for management traffic terminating at the FortiGate. 

C. it is for traffic originated from the FortiGate. 

D. it was created by a session helper or ALG. 

Answer:


Q3. Examine the following routing table and BGP configuration; then answer the question below. 

TheBGP connection is up, but the local peer is NOT advertisingthe prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix? 

A. Enable the redistribution of connected routers into BGP. 

B. Enable the redistribution of static routers into BGP. 

C. Disable the setting network-import-check. 

D. Enable the setting ebgp-multipath. 

Answer:


Q4. An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit's session to indicate that it has been synchronized to the secondary unit? 

A. redir 

B. dirty 

C. synced 

D. nds 

Answer:


Q5. What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.) 

A. Reduce the session time to live. 

B. Increase the TCP session timers. 

C. Increase the FortiGuard cache time to live. 

D. Reduce the maximum file size to inspect. 

Answer: A,D


Q6. A FortiGate device has the following LDAP configuration: 

Based on the output, what FortiGate LDAP setting is configured incorrectly? 

A. cnid. 

B. username. 

C. password. 

D. dn. 

Answer:


Q7. Examine the following routing table and BGP configuration; then answer the question below. 

TheBGP connection is up, but the local peer is NOT advertisingthe prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix? 

A. Enable the redistribution of connected routers into BGP. 

B. Enable the redistribution of static routers into BGP. 

C. Disable the setting network-import-check. 

D. Enable the setting ebgp-multipath. 

Answer:


Q8. Examine the following partial outputs from two routing debug commands; then answer the question below. 

# get router info routing-table database 

s 0.0.0.0/0 [20/0] via 10.200.2.254, port2, [10/0] s *> 0.0.0.0/0 [10/0] via 10.200.1.254, port1 

# get router info routing-table all 

s* 0.0.0.0/0 [10/0] via 10.200.1.254, port1 

Why the default route using port2 is not displayed in the output of the second command? 

A. it has a lower priority than the default route using port1. 

B. it has a higher priority than the default route using portl. 

C. it has a higher distance than the default route using portl. 

D. it is disabled in the FortiGate configuration. 

Answer:


Q9. Examine the IPsec configuration shown in the exhibit; then answer the question below. 

An administrator wants to monitor the VPN byenable the IKE real time debug using these commands: 

diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable 

The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both Ipsec gateways. However, the IKE rea time debug does NOT show any output. Why isn't there any output? 

A. The IKE real time debug shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up. 

B. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter. 

C. The IKF real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnosedebug application ipsec -1 

D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally. 

Answer:


Q10. Examine the output of the 'diagnose sys session list expectation' command shown in the exhibit; then answer the question below. 

Which statement is true regarding the session in the exhibit? 

A. it was created by the FortiGate kernel to allow push updates from FortiGuard. 

B. it is for management traffic terminating at the FortiGate. 

C. it is for traffic originated from the FortiGate. 

D. it was created by a session helper or ALG. 

Answer:


Related NSE7 Articles