ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_EFW-7.0 All Questions

View all questions & answers for the NSE7_EFW-7.0 exam
Go to Exam

Exam NSE7_EFW-7.0 topic 1 question 29 discussion

Actual exam question from Fortinet's NSE7_EFW-7.0
Question #: 29
Topic #: 1
[All NSE7_EFW-7.0 Questions]

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands to an SSH session on FortiGate: diagnose vpn ike log-filter dst-addr4 10.0.10.1 diagnose debug application ike -1
However, the IKE real-time debug does not show any output. Why?

  • A. The administrator must also run the command diagnose debug enable.
  • B. The administrator must enable the following real-time debug: diagnose debug application ipsec -1.
  • C. The log-filter setting is incorrect. The VPN traffic does not match this filter.
  • D. The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Nappel at Jan. 12, 2023, 5:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nappel
Highly Voted 6 months ago
Selected Answer: A
Seems like A is the correct answer. diag vpn ike log-filter dst-addr4 is correct. https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-Diagnostics-Possible-reasons/ta-p/192006
upvoted 8 times
...
certifi46
Most Recent 2 months ago
Selected Answer: A
Need to enable diagnose debug to print the logs
upvoted 1 times
...
Quetchup
3 months, 2 weeks ago
Selected Answer: A
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 54
upvoted 3 times
...
BoostBoris
3 months, 2 weeks ago
Selected Answer: A
A is correct. Need to enable diagnose debug to printout the logs
upvoted 2 times
...
Mice_
3 months, 4 weeks ago
10.0.10.1 is source address, so right answer is C
upvoted 1 times
LeeRoy9912
3 months, 3 weeks ago
Not correct, 10.0.10.1 is in the remote address field and the filter is dst-addr4, answer is most likely A
upvoted 2 times
...
...
Seph1
4 months ago
Selected Answer: A
A is correct.
upvoted 1 times
...
jjejje
5 months, 2 weeks ago
Selected Answer: C
Answer
upvoted 1 times
...
SHASKAN
5 months, 2 weeks ago
Selected Answer: A
A seems correct for show the logs
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago