Fortinet NSE7_NST-7.2 - Fortinet NSE 7 - Network Security 7.2 Support Engineer Exam

Page:    1 / 8   
Total 40 questions

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

  • A. FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
  • B. FortiGate uses the CN information from the Subject field in the server certificate.
  • C. FortiGate uses the first entry listed in the SAN field in the server certificate.
  • D. FortiGate uses the SNI from the user’s web browser.


Answer : B

Refer to the exhibit.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?

  • A. Enable asymmetric routing under config system settings.
  • B. Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.
  • C. A firewall policy that allows all ICMP traffic from port3 to port1.
  • D. Change the configuration from strict RPF check mode to feasible RPF check mode.


Answer : D

Refer to the exhibit, which contains the output of a debug command.

If the default settings are in place, what can you conclude about the conserve mode shown in the exhibit?

  • A. FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.
  • B. FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.
  • C. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.
  • D. FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.


Answer : C

Refer to the exhibit, which shows a session table entry.

Which statement about FortiGate behavior relating to this session is true?

  • A. FortiGate forwarded this session without any inspection.
  • B. FortiGate is performing a security profile inspection using the CPU.
  • C. FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.
  • D. FortiGate applied only IPS inspection to this session.


Answer : B

Refer to the exhibit, which shows the omitted output of a real-time OSPF debug.

Which statement is false?

  • A. A password has been configured on the local OSPF router but is not shown in the output.
  • B. The Hello packet is being sent from an OSPF router with ID 0.0.0.112.
  • C. The two FortiGate devices attempting adjacency are in area 0.0.0.0.
  • D. One FortiGate device is configured to require authentication, while the other is not.


Answer : A

Page:    1 / 8   
Total 40 questions