NSE7_EFW-6.4: Fortinet NSE 7 – Enterprise Firewall 6.4 Practice Questions
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement about this setting is true?
A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
B. It sends a link failed signal to all connected devices.
C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)
A. mem failopen
B. IPS failopen
C. AV failopen
D. UTM failopen
Which two statements about application layer test commands are true? (Choose two.)
A. They display real-time application debugs.
B. They are used to filter real-time debugs.
C. Some of them can be used to restart an application.
D. Some of them display statistics and configuration information about a feature or process.
Which two statements about OCVPN are true? (Choose two.)
A. Only root vdom supports OCVPN.
B. OCVPN supports static and dynamic IPs in WAN interface.
C. OCVPN offers only Hub-Spoke VPNs.
D. FortiGate devices under different FortiCare accounts can be used to form OCVPN.
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
A. FortiGate uses the CN information from the Subject field in the server certificate.
B. FortiGate switches to the full SSL inspection method to decrypt the data.
C. FortiGate uses the requested URL from the user’s web browser.
D. FortiGate blocks the request without any further inspection.
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
A. Installing configuration changes to managed devices
B. Importing interface mappings from managed devices
C. Adding devices to FortiManager
D. Previewing pending configuration changes for managed devices