ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_EFW-7.0 All Questions

View all questions & answers for the NSE7_EFW-7.0 exam
Go to Exam

Exam NSE7_EFW-7.0 topic 1 question 55 discussion

Actual exam question from Fortinet's NSE7_EFW-7.0
Question #: 55
Topic #: 1
[All NSE7_EFW-7.0 Questions]

An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

  • A. diagnose sniffer packet any ‘ah’
  • B. diagnose sniffer packet any ‘ip proto 50’
  • C. diagnose sniffer packet any ‘udp port 4500’
  • D. diagnose sniffer packet any ‘udp port 500’
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by DOSKIM at Jan. 8, 2023, 5:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mhd96far
3 months, 2 weeks ago
why D is wrong? without NAT it uses port 500
upvoted 1 times
mhd96far
3 months, 2 weeks ago
check study guide p 443
upvoted 1 times
...
...
chyeahhh
6 months, 3 weeks ago
Selected Answer: B
A. wrong because FortiGate doesn't support AH. B. correct because ESP is phase 2. C. wrong because 4500 is for NAT'd traffic. D. UDP port 500 is used for IKE. IKE is phase 1.
upvoted 2 times
...
certifi46
8 months, 1 week ago
Selected Answer: B
esp = ip proto 50
upvoted 2 times
...
luismanzanero
8 months, 1 week ago
Selected Answer: B
Answer: B
upvoted 1 times
...
mabalon
9 months ago
Selected Answer: B
The encrypted traffic goes with the ESP protocol. Study Guide Page 443 -> ESP "ip protocol 50"
upvoted 2 times
...
arcqr
9 months ago
Selected Answer: B
IP proto 50 is valid Example FGT-SDWLAN-HQ # diagnose sniffer packet any 'ip proto 50' interfaces=[any] filters=[ip proto 50] 6.329185 172.168.203.1 -> 172.168.203.3: ESP(spi=0x0245b66f,seq=0x2cf) 6.329200 172.168.203.1 -> 172.168.203.3: ESP(spi=0x0245b66f,seq=0x2cf) 6.329210 172.168.203.1 -> 172.168.203.3: ESP(spi=0x0245b66f,seq=0x2cf)
upvoted 4 times
...
BoostBoris
9 months, 2 weeks ago
Selected Answer: D
diag sniffer packet any 'udp port 500' or diag sniffer packet any 'esp' would also be valid. 'IP proto 50' is not a valid filter Enterprise_Firewall_7.0_Study_Guide-Online.pdf p. 443 https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sniffer/ta-p/194222
upvoted 1 times
infodiego
9 months, 1 week ago
ip proto 50, is valid in the filter of diag sniffer.
upvoted 1 times
...
...
Quetchup
9 months, 2 weeks ago
Selected Answer: B
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p. 443 Phase 2 : ESP => IP protocol 50
upvoted 4 times
...
mader
9 months, 3 weeks ago
Selected Answer: D
B - the filter syntax is not right C - udp port for NAT D - udp port without NAT
upvoted 2 times
...
Seph1
10 months ago
B is correct. No NAT
upvoted 1 times
...
geegee2021
10 months, 3 weeks ago
Selected Answer: B
B. diagnose sniffer packet any ‘ip proto 50’ no nat lah
upvoted 1 times
...
akukaracia
10 months, 3 weeks ago
D ESP=payload, Ph1, Ph2=IKE
upvoted 1 times
...
Drakfeut
11 months, 1 week ago
Correct answer => B ESP = IP Protocol 50 https://www.fortinetguru.com/2018/12/protocol-number/
upvoted 1 times
...
racdab
11 months, 3 weeks ago
Selected Answer: B
NO NAT trafic ike #diagnose sniffer packet port 'host rmote -gw and udp port 500' (hôte rmote -gw et port 500) Trafic ESP diagnostiquez le paquet de reniflage any 'host rmote -gw and esp' (hôte rmote -gw et esp) pour moi la question sur la phase 2 donc c'est la réponse Le trafic ESP utilise le "Protocole IP 50
upvoted 1 times
racdab
11 months, 3 weeks ago
sorry NO NAT ike traffic #diagnose sniffer packet port 'host rmote -gw and udp port 500' ESP traffic diagnose sniffer packet any 'host remote -gw and esp' for me the question on phase 2 so this is the answer ESP traffic uses "IP Protocol 50
upvoted 1 times
...
...
LiliRose
11 months, 3 weeks ago
Selected Answer: B
#Diagnose sniffer packet any 'host <remote-gateway> and esp' >> ESP traffic uses "IP Protocol 50"
upvoted 3 times
...
DOSKIM
1 year ago
udp port 500
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago