Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Fortinet
  3. NSE7_EFW-6.4

Fortinet NSE7_EFW-6.4 Exam (page: 1)
Fortinet NSE 7 - Enterprise Firewall 6.4
Updated on: 12-Sep-2025

Viewing Page 1 of 26
NSE7_EFW-6.4 PDF 122 Questions

Examine the IPsec configuration shown in the exhibit; then answer the question below.

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
diagnose vpn ike log-filter src-addr4 10.0.10.1
diagnose debug application ike -1
diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output.
Why isn't there any output?

  1. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.
  2. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.
  3. The IKE real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
  4. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Answer(s): B



Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

  1. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
  2. SIP ALG supports SIP HA failover; SIP helper does not.
  3. SIP ALG supports SIP over IPv6; SIP helper does not.
  4. SIP ALG can create expected sessions for media traffic; SIP helper does not.
  5. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Answer(s): B,C,D



A FortiGate device has the following LDAP configuration:



The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user ­samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"

Based on the output, what FortiGate LDAP setting is configured incorrectly?

  1. cnid.
  2. username.
  3. password.
  4. dn.

Answer(s): B

Explanation:

https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516



A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the `diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems.
What should the administrator check? (Choose two.)

  1. The user student must not be listed in the CA's ignore user list.
  2. The user student must belong to one or more of the monitored user groups.
  3. The student workstation's IP subnet must be listed in the CA's trusted list.
  4. At least one of the student's user groups must be allowed by a FortiGate firewall policy.

Answer(s): A,D

Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828



An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs.
When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions.
Which TCP session timer must be increased to fix this problem?

  1. TCP half open.
  2. TCP half close.
  3. TCP time wait.
  4. TCP session time to live.

Answer(s): A

Explanation:

http://docs-
legacy.fortinet.com/fos40hlp/43prev/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&fil e=CLI_get_Commands.58.25.html
The tcp-halfopen-timer controls for how long, after a SYN packet, a session without SYN/ACK remains in the table.
The tcp-halfclose-timer controls for how long, after a FIN packet, a session without FIN/ACK remains in the table.
The tcp-timewait-timer controls for how long, after a FIN/ACK packet, a session remains in the table. A closed session remains in the session table for a few seconds more to allow any out-of- sequence packet.



Viewing Page 1 of 26



Share your comments for Fortinet NSE7_EFW-6.4 exam with other users:

hicham 5/30/2023 8:57:00 AM

excellent thanks a lot
FRANCE


Suman C 7/7/2023 8:13:00 AM

will post once pass the cka exam
INDIA


Ram 11/3/2023 5:10:00 AM

good content
Anonymous


Nagendra Pedipina 7/13/2023 2:12:00 AM

q:32 answer has to be option c
INDIA


Tamer Barakat 12/7/2023 5:17:00 PM

nice questions
Anonymous


Daryl 8/1/2022 11:33:00 PM

i really like the support team in this website. they are fast in communication and very helpful.
UNITED KINGDOM


Curtis Nakawaki 6/29/2023 9:13:00 PM

a good contemporary exam review
UNITED STATES


x-men 5/23/2023 1:02:00 AM

q23, its an array, isnt it? starts with [ and end with ]. its an array of objects, not object.
UNITED STATES


abuti 7/21/2023 6:24:00 PM

cool very helpfull
Anonymous


Krishneel 3/17/2023 10:34:00 AM

i just passed. this exam dumps is the same one from prepaway and examcollection. it has all the real test questions.
INDIA


Regor 12/4/2023 2:01:00 PM

is this a valid prince2 practitioner dumps?
UNITED KINGDOM


asl 9/14/2023 3:59:00 PM

all are relatable questions
CANADA


Siyya 1/19/2024 8:30:00 PM

might help me to prepare for the exam
Anonymous


Ted 6/21/2023 11:11:00 PM

just paid and downlaod the 2 exams using the 50% sale discount. so far i was able to download the pdf and the test engine. all looks good.
GERMANY


Paul K 11/27/2023 2:28:00 AM

i think it should be a,c. option d goes against the principle of building anything custom unless there are no work arounds available
INDIA


ph 6/16/2023 12:41:00 AM

very legible
Anonymous


sephs2001 7/31/2023 10:42:00 PM

is this exam accurate or helpful?
Anonymous


ash 7/11/2023 3:00:00 AM

please upload dump, i have exam in 2 days
INDIA


Sneha 8/17/2023 6:29:00 PM

this is useful
CANADA


sachin 12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected
Anonymous


tomAws 7/18/2023 5:05:00 AM

nice questions
BRAZIL


Rahul 6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?
INDIA


TeamOraTech 12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.
Anonymous


Curtis 7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.
UNITED STATES


sam 7/17/2023 6:22:00 PM

cannot evaluate yet
Anonymous


nutz 7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid
UNITED STATES


rajesh soni 1/17/2024 6:53:00 AM

good examplae to learn basic
INDIA


Tanya 10/25/2023 7:07:00 AM

this is useful information
Anonymous


Nasir Mahmood 12/11/2023 7:32:00 AM

looks usefull
Anonymous


Jason 9/30/2023 1:07:00 PM

question 81 should be c.
CANADA


TestPD1 8/10/2023 12:22:00 PM

question 18 : response isnt a ?
EUROPEAN UNION


ally 8/19/2023 5:31:00 PM

plaese add questions
TURKEY


DIA 10/7/2023 5:59:00 AM

is dumps still valid ?
FRANCE


Annie 7/7/2023 8:33:00 AM

thanks for this
EUROPEAN UNION