Free NSE7_EFW-6.4 Exam Dumps

Question 6

Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)

A. It caches available firmware updates for unmanaged devices.
B. It can be configured as an update server, or a rating server, but not both.
C. It supports rating requests from both managed and unmanaged devices.
D. It provides VM license validation services.

Correct Answer:AD

Question 7

An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?

A. diagnose sniffer packet any ‘udp port 500’
B. diagnose sniffer packet any ‘udp port 4500’
C. diagnose sniffer packet any ‘esp’
D. diagnose sniffer packet any ‘udp port 500 or udp port 4500’

Correct Answer:C
Capture IKE Traffic without NAT:diagnose sniffer packet ‘host and udp port 500’
—————————————————————————————————————-Capture ESP
Traffic without NAT:diagnose sniffer packet any ‘host and esp’
—————————————————————————————————————-Capture IKE
and ESP with NAT-T:diagnose sniffer packet any ‘host and (udp port 500 or udp port 4500)’

Question 8

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
NSE7_EFW-6.4 dumps exhibit
Which statements about this debug output are correct? (Choose two.)

A. The remote gateway IP address is 10.0.0.1.
B. It shows a phase 1 negotiation.
C. The negotiation is using AES128 encryption with CBC hash.
D. The initiator has provided remote as its IPsec peer ID.

Correct Answer:BD

Question 9

View the exhibit, which contains a partial web filter profile configuration, and then answer the question below.
NSE7_EFW-6.4 dumps exhibit
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

A. FortiGate will exempt the connection based on the Web Content Filter configuration.
B. FortiGate will block the connection based on the URL Filter configuration.
C. FortiGate will allow the connection based on the FortiGuard category based filter configuration.
D. FortiGate will block the connection as an invalid URL.

Correct Answer:B
fortigate does it in order Static URL -> FortiGuard – > Content -> Advanced (java, cookie removal..)so block it in first step

Question 10

Which two statements about OCVPN are true? (Choose two.)

A. Only root vdom supports OCVPN.
B. OCVPN supports static and dynamic IPs in WAN interface.
C. OCVPN offers only Hub-Spoke VPNs.
D. FortiGate devices under different FortiCare accounts can be used to form OCVPN.

Correct Answer:AB