NSE7_EFW-7.0 Exam Dumps - Fortinet NSE 7 Network Security Architect Questions and Answers

Page: 1 / 5

Questions 4

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands to an SSH session on FortiGate: diagnose vpn ike log-filter dst-addr4 10.0.10.1 diagnose debug application ike -1

However, the IKE real-time debug does not show any output. Why?

Options:

The administrator must also run the command diagnose debug enable.

The administrator must enable the following real-time debug: diagnose debug application ipsec -1.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

Buy Now

Questions 5

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

Options:

Router ID.

OSPF interface area.

OSPF interface cost.

OSPF interface MTU.

Interface subnet mask.

Buy Now

Questions 6

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

Options:

route-reflector enable

route-reflector-server enable

route-reflector-client enable

route-reflector-peer enable

Buy Now

Questions 7

An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.