ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_EFW-7.0 All Questions

View all questions & answers for the NSE7_EFW-7.0 exam
Go to Exam

Exam NSE7_EFW-7.0 topic 1 question 55 discussion

Actual exam question from Fortinet's NSE7_EFW-7.0
Question #: 55
Topic #: 1
[All NSE7_EFW-7.0 Questions]

An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

  • A. diagnose sniffer packet any ‘ah’
  • B. diagnose sniffer packet any ‘ip proto 50’
  • C. diagnose sniffer packet any ‘udp port 4500’
  • D. diagnose sniffer packet any ‘udp port 500’
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by DOSKIM at Jan. 8, 2023, 5:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mhd96far
10 months, 2 weeks ago
why D is wrong? without NAT it uses port 500
upvoted 1 times
mhd96far
10 months, 2 weeks ago
check study guide p 443
upvoted 1 times
...
...
chyeahhh
1 year, 1 month ago
Selected Answer: B
A. wrong because FortiGate doesn't support AH. B. correct because ESP is phase 2. C. wrong because 4500 is for NAT'd traffic. D. UDP port 500 is used for IKE. IKE is phase 1.
upvoted 2 times
...
certifi46
1 year, 3 months ago
Selected Answer: B
esp = ip proto 50
upvoted 2 times
...
luismanzanero
1 year, 3 months ago
Selected Answer: B
Answer: B
upvoted 1 times
...
mabalon
1 year, 3 months ago
Selected Answer: B
The encrypted traffic goes with the ESP protocol. Study Guide Page 443 -> ESP "ip protocol 50"
upvoted 2 times
...
arcqr
1 year, 4 months ago
Selected Answer: B
IP proto 50 is valid Example FGT-SDWLAN-HQ # diagnose sniffer packet any 'ip proto 50' interfaces=[any] filters=[ip proto 50] 6.329185 172.168.203.1 -> 172.168.203.3: ESP(spi=0x0245b66f,seq=0x2cf) 6.329200 172.168.203.1 -> 172.168.203.3: ESP(spi=0x0245b66f,seq=0x2cf) 6.329210 172.168.203.1 -> 172.168.203.3: ESP(spi=0x0245b66f,seq=0x2cf)
upvoted 4 times
...
BoostBoris
1 year, 4 months ago
Selected Answer: D
diag sniffer packet any 'udp port 500' or diag sniffer packet any 'esp' would also be valid. 'IP proto 50' is not a valid filter Enterprise_Firewall_7.0_Study_Guide-Online.pdf p. 443 https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sniffer/ta-p/194222
upvoted 1 times
infodiego
1 year, 4 months ago
ip proto 50, is valid in the filter of diag sniffer.
upvoted 1 times
...
...
Quetchup
1 year, 4 months ago
Selected Answer: B
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p. 443 Phase 2 : ESP => IP protocol 50
upvoted 4 times
...
mader
1 year, 4 months ago
Selected Answer: D
B - the filter syntax is not right C - udp port for NAT D - udp port without NAT
upvoted 2 times
...
Seph1
1 year, 4 months ago
B is correct. No NAT
upvoted 1 times
...
geegee2021
1 year, 5 months ago
Selected Answer: B
B. diagnose sniffer packet any ‘ip proto 50’ no nat lah
upvoted 1 times
...
akukaracia
1 year, 5 months ago
D ESP=payload, Ph1, Ph2=IKE
upvoted 1 times
...
Drakfeut
1 year, 6 months ago
Correct answer => B ESP = IP Protocol 50 https://www.fortinetguru.com/2018/12/protocol-number/
upvoted 1 times
...
racdab
1 year, 6 months ago
Selected Answer: B
NO NAT trafic ike #diagnose sniffer packet port 'host rmote -gw and udp port 500' (hôte rmote -gw et port 500) Trafic ESP diagnostiquez le paquet de reniflage any 'host rmote -gw and esp' (hôte rmote -gw et esp) pour moi la question sur la phase 2 donc c'est la réponse Le trafic ESP utilise le "Protocole IP 50
upvoted 1 times
racdab
1 year, 6 months ago
sorry NO NAT ike traffic #diagnose sniffer packet port 'host rmote -gw and udp port 500' ESP traffic diagnose sniffer packet any 'host remote -gw and esp' for me the question on phase 2 so this is the answer ESP traffic uses "IP Protocol 50
upvoted 1 times
...
...
LiliRose
1 year, 6 months ago
Selected Answer: B
#Diagnose sniffer packet any 'host <remote-gateway> and esp' >> ESP traffic uses "IP Protocol 50"
upvoted 3 times
...
DOSKIM
1 year, 7 months ago
udp port 500
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel