QUESTION: 1
Which of the following statements are true regarding the SIP session helper and the SIP application
layer gateway (ALG)? (Choose three.)
A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
B. SIP ALG supports SIP HA failover; SIP helper does not.
C. SIP ALG supports SIP over IPv6; SIP helper does not.
D. SIP ALG can create expected sessions for media traffic; SIP helper does not.
E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.
Answer: B,C,D
QUESTION: 2
Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?
A. FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit
CANNOT be modified by the administrator.
B. FortiGate limits the total number of simultaneous explicit web proxy users.
C. FortiGate limits the number of simultaneous sessions per explicit web proxy user. The limit CAN be
modified by the administrator.
D. FortiGate limits the number of workstations that authenticate using the same web proxy user
credentials. This limit CANNOT be modified by the administrator.
Answer: C
QUESTION: 3
A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have
Internet access after successfully logged into the Windows AD network. The output of the ‘diagnose
debug authd fsso list’ command does not show student as an active FSSO user. Other FSSO users can
access the Internet without problems. What should the administrator check? (Choose two.)
A. The user student must not be listed in the CA’s ignore user list.
B. The user student must belong to one or more of the monitored user groups.
C. The student workstation’s IP subnet must be listed in the CA’s trusted list.
D. At least one of the student’s user groups must be allowed by a FortiGate firewall policy.
Answer: B,D
QUESTION: 4
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage.
However, after the changes, one network application started to have problems. During the
troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients
send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to
the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be
increased to fix this problem?
A. TCP half open.
B. TCP half close.
C. TCP time wait.
D. TCP session time to live.
Answer: A
QUESTION: 5
An administrator is running the following sniffer in a FortiGate:
diagnose sniffer packet any “host 10.0.2.10” 2
What information is included in the output of the sniffer? (Choose two.)
A. Ethernet headers.
B. IP payload.
C. IP headers.
D. Port names.
Answer: B,C
Click here
to view complete Q&A of NSE7_EFW exam
Certkingdom Review,
Certkingdom PDF Torrents
Best Fortinet NSE7_EFW Certification, Fortinet NSE7_EFW Training at certkingdom.com