NSE7 Enterprise Firewall and VDOMs • Complete Question Bank
Complete NSE7 Enterprise Firewall and VDOMs question bank — all 0 questions with answers and detailed explanations.
config system interface edit "port1" set vdom "root" set ip 10.0.1.1 255.255.255.0 set allowaccess ping https ssh snmp set type physical set role wan next end config system admin edit "admin" set trusthost1 192.168.1.0 255.255.255.0 next end
FGT # get system fabric-status Fabric Role: Member Fabric Status: Connected Fabric Group: MyGroup Fabric Root: FGT-Root (serial: FG100D3TF16800001) Last contact: 2024-01-15 10:30:00 FGT # diagnose test application fgfms 3 FGFMs status: Registered with FortiManager: Yes FortiManager IP: 192.168.1.100 FortiManager status: Connected Last heartbeat: 2024-01-15 10:29:55
Refer to the exhibit.
config system ha
set group-name "HA_Cluster"
set mode a-p
set hbdev "port1" 50 "port2" 50
set session-pickup enable
set session-pickup-connectionless enable
set ha-mgmt-status enable
set ha-mgmt-interface "port3"
set ha-mgmt-interface-gateway 10.10.10.1
set override enable
set priority 200
endRefer to the exhibit.
config vdom
edit "VDOM1"
config system interface
edit "port1"
set vdom "VDOM1"
set ip 192.168.1.1 255.255.255.0
set allowaccess ping https
next
end
config router static
edit 1
set device "port1"
set gateway 192.168.1.254
next
end
end
config vdom
edit "VDOM2"
config system interface
edit "port2"
set vdom "VDOM2"
set ip 10.10.10.1 255.255.255.0
set allowaccess ping
next
end
config router static
edit 1
set device "port2"
set gateway 10.10.10.254
next
end
endconfig system ha
set mode a-p
set group-name "HA_Cluster"
set password ENC abcd1234
set hbdev "port1" 100
set session-pickup enable
set session-pickup-connectionless enable
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "port2"
set gateway 10.0.0.1
next
end
end
HA cluster status:
HA Health Status: OK
Model: FortiGate-100F
Mode: Active-Passive
Group: HA_Cluster
Debug: 0
npu-1: primary
npu-2: standbyA company has deployed two FortiGate-600Es in an active-passive HA cluster. The cluster is configured with three VDOMs: VDOM-A (corporate LAN), VDOM-B (guest Wi-Fi), and VDOM-C (DMZ). Each VDOM has its own set of interfaces and policies. The cluster is also configured to use FGCP with session pickup enabled. Recently, the network team noticed that after a failover event, some user sessions in VDOM-B are not being picked up, causing disruption for guest users. The session pickup feature is enabled globally. The administrator checks the configuration and finds the following settings on the primary FortiGate:
- config system ha set session-pickup enable set session-pickup-connectionless enable end
- config vdom edit VDOM-A config system ha set session-pickup enable end next edit VDOM-B config system ha set session-pickup disable end next edit VDOM-C config system ha set session-pickup enable end next
Based on this configuration, what is the most likely reason that sessions in VDOM-B are not being picked up?
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Detects and prevents network attacks
Identifies and controls application traffic
Blocks access to malicious or unwanted websites
Scans and removes malware from traffic
Prevents sensitive data from leaving the network
Drag a concept onto its matching description — or click a concept then click the description.
Next-generation firewall
Centralized management platform
Logging and reporting server
Advanced threat detection and analysis
Web application firewall
Drag a concept onto its matching description — or click a concept then click the description.
Manually configured route
Link-state dynamic routing protocol
Path-vector dynamic routing protocol
Routes traffic based on policy criteria
Load balancing across multiple paths
Drag a concept onto its matching description — or click a concept then click the description.
Lightweight Directory Access Protocol
Remote Authentication Dial-In User Service
Terminal Access Controller Access-Control System Plus
Fortinet Single Sign-On
Public Key Infrastructure
A FortiGate administrator runs the following command and sees the output:
diagnose sys session filter dport 443 diagnose sys session list
Output shows sessions with proto=6 and expire time decreasing. What does this indicate?