ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_NST-7.2

Fortinet NSE7_NST-7.2 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which exchange lakes care of DoS protection in IKEv2?
Refer to the exhibit, which shows the omitted output of a real-time OSPF debug Which statement is false?
Exhibit. Refer to the exhibit, which shows partial outputs from two routing debug commands. Why is the port 2 default route not in the second command output?
Which two conditions would prevent a static route from being added to the routing table? (Choose two.)
Refer to the exhibit, which shows the omitted output of FortiOS kernel slabs. Which statement is true?
Refer to the exhibit, which shows a truncated output of a real-time LDAP debug. What two conclusions can you draw from the output? (Choose two.)
There are four exchanges during IKEv2 negotiation. Which sequence is correct?
Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network. If the priority on route ID _ were changed from 10 to 0, what would happen to traffic matching that user session?
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
Exhibit. Refer to the exhibit, which shows the omitted output of diagnose npu np6 port-list on a FortiGate1500D. An administrator is unable to analyze traffic flowing between port1 and port7 using the diagnose sniffer command. Which two commands allow the administrator to view the traffic? (Choose two.) A) B) C) D)

Question 21

Report
Export
Collapse

Which two statements about conserve mode are true? (Choose two.)

A.
FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.
A.
FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.
Answers
B.
FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.
B.
FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.
Answers
C.
FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.
C.
FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.
Answers
D.
FortiGate exits conserve mode when the system memory goes below the configured green threshold
D.
FortiGate exits conserve mode when the system memory goes below the configured green threshold
Answers
Suggested answer: A, D

Explanation:

Conserve Mode Activation:

FortiGate enters conserve mode to prevent system crashes when the memory usage reaches critical levels. The 'red threshold' is the point at which FortiGate starts dropping new sessions to conserve memory.

When the system memory usage exceeds this threshold, the FortiGate will block new sessions that require significant memory resources, such as those needing content inspection.

Exiting Conserve Mode:

The 'green threshold' is the memory usage level below which FortiGate exits conserve mode and resumes normal operation.

Once the system memory usage drops below this threshold, FortiGate will start allowing new sessions again.

Fortinet Community: Understanding conserve mode and its thresholds (Welcome to the Fortinet Community!) (Welcome to the Fortinet Community!).

Fortinet Documentation: Memory conserve mode and thresholds (Welcome to the Fortinet Community!) (Fortinet GURU).

Question 22

Report
Export
Collapse

Refer to the exhibit, which shows the output of a diagnose command.

What can you conclude from the RTT value?

A.
Its value represents the time it takes to receive a response after a rating request is sent to a particular server.
A.
Its value represents the time it takes to receive a response after a rating request is sent to a particular server.
Answers
B.
Its value is incremented with each packet lost.
B.
Its value is incremented with each packet lost.
Answers
C.
It determines which FortiGuard server is used for license validation.
C.
It determines which FortiGuard server is used for license validation.
Answers
D.
lts initial value is statically set to 10.
D.
lts initial value is statically set to 10.
Answers
Suggested answer: A

Explanation:

RTT (Round Trip Time):

RTT in the context of the FortiGuard server list indicates the time it takes for a request to be sent to a FortiGuard server and for a response to be received.

This metric helps determine the latency between the FortiGate device and the FortiGuard servers, which is crucial for ensuring efficient and quick updates and responses for services like web filtering and antivirus updates.

Server Selection:

The FortiGate device uses RTT values to prioritize servers. Servers with lower RTT values are preferred as they respond faster, ensuring minimal delay in processing requests.

This improves the overall performance of FortiGuard services by reducing the time it takes to communicate with the servers.

Fortinet Community: Troubleshooting FortiGuard server connections and RTT values (Welcome to the Fortinet Community!) (Fortinet Docs).

Fortinet Documentation: FortiGuard server settings and RTT explanation (Welcome to the Fortinet Community!) (Fortinet Docs).

Question 23

Report
Export
Collapse

Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

A.
The remote gateway IP is 10.200.5.1.
A.
The remote gateway IP is 10.200.5.1.
Answers
B.
The remote gateway has quick more selectors containing a destination subnet of 10.1.2.0/24.
B.
The remote gateway has quick more selectors containing a destination subnet of 10.1.2.0/24.
Answers
C.
DPD is disabled.
C.
DPD is disabled.
Answers
D.
Anti-replay is enabled.
D.
Anti-replay is enabled.
Answers
Suggested answer: A, D

Explanation:

Remote Gateway IP:

The output shows 10.200.5.1 as the remote gateway IP, confirming that this is the IP address of the remote gateway involved in the IPsec VPN tunnel.

Quick Mode Selectors:

The quick mode selectors specify the subnets involved in the VPN. The output shows src: 0:10.1.2.0/255.255.255.0:0 and dst: 0:10.1.1.0/255.255.255.0:0, indicating the subnets being tunneled.

DPD (Dead Peer Detection):

DPD is shown as mode=on-demand on=1 idle=20000ms retry=3 count=0 seqno=0, indicating that DPD is enabled in on-demand mode.

Anti-replay:

The output includes replaywin=2048 and replaywin_lastseq=00000000, which are indicators that anti-replay protection is enabled for the IPsec tunnel.

Fortinet Network Security 7.2 Support Engineer Documentation

VPN Configuration and Diagnostic Guides

Question 24

Report
Export
Collapse

Refer to the exhibit, which shows a session table entry.

Which statement about FortiGate behavior relating to this session is true?

A.
FortiGate forwarded this session without any inspection.
A.
FortiGate forwarded this session without any inspection.
Answers
B.
FortiGate is performing a security profile inspection using the CPU.
B.
FortiGate is performing a security profile inspection using the CPU.
Answers
C.
FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.
C.
FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.
Answers
D.
FortiGate applied only IPS inspection to this session.
D.
FortiGate applied only IPS inspection to this session.
Answers
Suggested answer: B

Explanation:

The session table entry provided shows detailed information about a specific network session passing through the FortiGate device. From the session details, we can see that the session has various attributes such as state, protocol, policy, and inspection details.

The session state (proto_state=11) indicates that the session is being actively processed and inspected.

The npd_state=00000000 suggests that the session is being handled by the CPU rather than offloaded to a Network Processor (NP).

The session is marked for security profile inspection, evident from the detailed byte/packet counts and other session parameters.

From these indicators, it's clear that FortiGate is using its CPU to perform security profile inspection on this session rather than simply forwarding the traffic without inspection or relying solely on IPS inspection.

Fortinet Documentation on Session Table

Fortinet Community Discussion on Session Table

Question 25

Report
Export
Collapse

What is the diagnose test application ipsmonitor 5 command used for?

A.
To disable the IPS engine
A.
To disable the IPS engine
Answers
B.
To provide information regarding IPS sessions
B.
To provide information regarding IPS sessions
Answers
C.
To restart all IPS engines and monitors
C.
To restart all IPS engines and monitors
Answers
D.
To enable IPS bypass mode
D.
To enable IPS bypass mode
Answers
Suggested answer: C

Explanation:

The command diagnose test application ipsmonitor 5 is used to restart all IPS (Intrusion Prevention System) engines and monitors on the FortiGate device. This command is part of the diagnostic tools available for troubleshooting and maintaining the IPS functionality on the FortiGate.

Running this command forces the IPS system to reset and reinitialize, which can be useful in situations where the IPS functionality appears to be malfunctioning or not responding correctly.

This action helps in clearing any issues that might have arisen due to internal errors or misconfigurations, ensuring that the IPS engines operate correctly after the restart.

Question 26

Report
Export
Collapse

There are four exchanges during IKEv2 negotiation.

Which sequence is correct?

A.
IKE_Proposal, ID_Auth, PiggyBack_CHILD and Informational
A.
IKE_Proposal, ID_Auth, PiggyBack_CHILD and Informational
Answers
B.
lnit_Req, Wait_lnit_Req, ID_Auth_Req and Create_CHILD_SA
B.
lnit_Req, Wait_lnit_Req, ID_Auth_Req and Create_CHILD_SA
Answers
C.
INIT_Re, INIT_Auth, ID_Child and SET_Nonce
C.
INIT_Re, INIT_Auth, ID_Child and SET_Nonce
Answers
D.
IKE_SAJNIT, IKE_Auth, Create_CHILD_SA and Informational
D.
IKE_SAJNIT, IKE_Auth, Create_CHILD_SA and Informational
Answers
Suggested answer: D

Explanation:

IKE_SA_INIT:

This is the first exchange in IKEv2. It establishes a secure, authenticated channel between peers and negotiates cryptographic algorithms and keys.

IKE_Auth:

The second exchange authenticates the IKE SA (Security Association) using the previously negotiated keys and algorithms. This exchange also establishes the first IPsec SA.

Create_CHILD_SA:

This exchange creates additional IPsec SAs after the initial authentication. It can also be used to rekey existing IPsec SAs to maintain security.

Informational:

This is a generic exchange used for various purposes such as error notification, deletion of SAs, and other control messages.

Fortinet Community: IKEv2 packet exchanges and troubleshooting

Fortinet Documentation: IPsec VPN Concepts

Question 27

Report
Export
Collapse

Exhibit.

Refer to the exhibit, which shows the output of diagnose sys session list.

If the HA ID for the primary device is 0. what happens if the primary fails and the secondary becomes the primary?

A.
The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.
A.
The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.
Answers
B.
The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.
B.
The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.
Answers
C.
Traffic for this session continues to be permitted on the new primary device after failover. without requiring the client to restart the session with the server.
C.
Traffic for this session continues to be permitted on the new primary device after failover. without requiring the client to restart the session with the server.
Answers
D.
The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.
D.
The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.
Answers
Suggested answer: C

Explanation:

Session Synchronization:

FortiGate HA (High Availability) ensures that active sessions are synchronized between the primary and secondary devices. This synchronization allows for seamless failover and continuity of sessions.

Handling NAT Sessions:

The session in the exhibit has NAT applied, as indicated by the hook=post dir=org act=snat entry. FortiGate's HA setup is designed to handle such sessions, ensuring that traffic continues without interruption during failover.

Session Preservation:

Even with the presence of NAT, the session state is preserved across the HA devices. This means that ongoing sessions do not require re-establishment by the client, thus providing a seamless experience.

Fortinet Documentation: HA session synchronization and failover

Fortinet Community: Understanding session synchronization in FortiGate HA

Question 28

Report
Export
Collapse

Refer to the exhibit, which shows the omitted output of FortiOS kernel slabs.

Which statement is true?

A.
The total slab size of the tcp_sessior. slab Is 7500 kB and is associated with the kernel.
A.
The total slab size of the tcp_sessior. slab Is 7500 kB and is associated with the kernel.
Answers
B.
The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.
B.
The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.
Answers
C.
The total slab size of the sctp_session slab is 0 kB and is associated with the user space
C.
The total slab size of the sctp_session slab is 0 kB and is associated with the user space
Answers
D.
The total slab size of the ip_session slab is 3600 kB and is associated with the user space.
D.
The total slab size of the ip_session slab is 3600 kB and is associated with the user space.
Answers
Suggested answer: B

Explanation:

Kernel Slabs Overview:

The slab allocator in the Linux kernel is used for efficient memory management. It groups objects of the same type into caches, which are divided into slabs.

Each slab contains multiple objects and helps to minimize fragmentation and enhance memory allocation efficiency.

Interpreting the Exhibit:

The exhibit shows output related to various kernel slab caches.

The line for ip6_session indicates that there are 1300 kB allocated for this slab, which means the total memory size allocated for IPv6 session objects in the kernel is 1300 kB.

Fortinet Community: Explanation of kernel slab allocation and usage (Welcome to the Fortinet Community!) (Hammertux).

Linux Kernel Documentation: Slab Allocator details (Hammertux).

Question 29

Report
Export
Collapse

Refer to the exhibit, which shows the output of diagnose sys session stat. Which statement about the output shown in the exhibit is correct?

A.
AII the sessions in the session table are TCP sessions.
A.
AII the sessions in the session table are TCP sessions.
Answers
B.
162 sessions have been deleted because of memory page exhaustion.
B.
162 sessions have been deleted because of memory page exhaustion.
Answers
C.
There are 166 TCP sessions waiting to complete the three-way handshake.
C.
There are 166 TCP sessions waiting to complete the three-way handshake.
Answers
D.
There are two sessions that have not been removed in case of any out-of-order packets that arrive.
D.
There are two sessions that have not been removed in case of any out-of-order packets that arrive.
Answers
Suggested answer: C

Explanation:

Session Table Overview:

The session table in FortiOS tracks all active and pending sessions. It includes details like the type of session (TCP, UDP, etc.), status, and statistics.

Interpreting the Exhibit:

The exhibit from the diagnose sys session stat command shows detailed session statistics.

The specific value indicating '166 TCP sessions waiting to complete the three-way handshake' reflects the number of sessions that have initiated but not yet completed the TCP three-way handshake process (SYN, SYN-ACK, ACK).

Fortinet Documentation: Understanding and troubleshooting session tables (Hammertux).

Fortinet Community: Explanation of session states and statistics (Welcome to the Fortinet Community!) (Hammertux).

Question 30

Report
Export
Collapse

What are two functions of automation stitches? (Choose two.)

A.
You can configure automation stitches on any FortiGate device in a Security Fabric environment.
A.
You can configure automation stitches on any FortiGate device in a Security Fabric environment.
Answers
B.
You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
B.
You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
Answers
C.
An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
C.
An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
Answers
D.
You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.
D.
You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.
Answers
Suggested answer: B, C

Explanation:

Automation Stitches Overview:

Automation stitches in FortiOS allow administrators to automate responses to specific events, such as running diagnostic commands or taking corrective actions when certain thresholds are exceeded.

Diagnostic Commands and Alerts:

Automation stitches can be configured to run diagnostic commands and attach the results to email alerts. This is useful for monitoring and troubleshooting purposes, particularly when CPU or memory usage exceeds set thresholds.

Sequential Execution with Parameters:

When actions are executed sequentially, each action can take parameters from the previous action as input. This enables more complex workflows and automation sequences where the output of one action influences the next.

Fortinet Documentation: Configuring and using automation stitches (Welcome to the Fortinet Community!) (Hammertux).

Fortinet Community: Automation stitches and their applications in FortiOS (Hammertux) (Fortinet GURU).


Total 40 questions
Go to page: of 4
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms