Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0

Fortinet NSE7_EFW-7.0 Fortinet NSE 7 - Enterprise Firewall 7.0 Exam Practice Test

Demo: 24 questions
Total 163 questions
Get NSE7_EFW-7.0 Full Access Download NSE7_EFW-7.0 PDF

Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Question 1

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

Options:

A.

The port2 interface is disabled in the FortiGate configuration.

B.

The port1 default route has a lower distance than the default route using port2.

C.

The port1 default route has a higher priority value than the default route using port2.

D.

The port1 default route has a lower priority value than the default route using port2.

Question 2

Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

Options:

A.

set av-failopen off

B.

set av-failopen pass

C.

set fail-open enable

D.

set ips fail-open disable

Question 3

A FortiGate has two default routes:

All Internet traffic is currently using port1. The exhibit shows partial information for one sample session of Internet traffic from an internal user:

What would happen with the traffic matching the above session if the priority on the first default route (IDd1) were changed from 5 to 20?

Options:

A.

The session would be deleted, and the client would need to start a new session.

B.

The session would remain in the session table, and its traffic would start to egress from port2.

C.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

D.

The session would remain in the session table, and its traffic would still egress from port1.

Question 4

Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

Options:

A.

The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

B.

The TCP session for the BGP connection to 10.200.3.1 is down.

C.

The local peer has received the BGP prefixed from the remote peer.

D.

The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Question 5

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

Options:

A.

Router ID.

B.

OSPF interface area.

C.

OSPF interface cost.

D.

OSPF interface MTU.

E.

Interface subnet mask.

Question 6

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

Options:

A.

Group ID.

B.

Group name.

C.

Session pickup.

D.

Gratuitous ARPs.

Question 7

View the exhibit, which contains the output of a diagnose command, and the answer the question below.

Which statements are true regarding the Weight value?

Options:

A.

Its initial value is calculated based on the round trip delay (RTT).

B.

Its initial value is statically set to 10.

C.

Its value is incremented with each packet lost.

D.

It determines which FortiGuard server is used for license validation.

Question 8

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

Options:

A.

In the network connected to port 4, two OSPF routers are down.

B.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.

C.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.

D.

There are a total of 5 OSPF routers attached to the Port4 network segment.

Question 9

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

Options:

A.

SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B.

SIP ALG supports SIP HA failover; SIP helper does not.

C.

SIP ALG supports SIP over IPv6; SIP helper does not.

D.

SIP ALG can create expected sessions for media traffic; SIP helper does not.

E.

SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Question 10

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

Options:

A.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

B.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

C.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

D.

When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device

Question 11

Refer to the exhibit, which contains partial outputs from two routing debug commands.

Why is the port2 default route not in the second command's output?

Options:

A.

It has a higher priority value than the default route using port1.

B.

It is disabled in the FortiGate configuration.

C.

It has a lower priority value than the default route using port1.

D.

It has a higher distance than the default route using port1.

Question 12

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

Options:

A.

FortiGate first checks the OSPF ID to elect a DR.

B.

Non-DR and non-BDR routers will form full adjacencies to DR and BDR only.

C.

BDR is responsible for forwarding link state information from one router to another.

D.

Only the DR receives link state information from non-DR routers.

Question 13

Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

Options:

A.

Those whose traffic matches a DoS policy.

B.

Those whose traffic matches an IPS sensor.

C.

Those whose traffic exceeded a threshold of a matching DoS policy.

D.

Those whose traffic was detected as an anomaly by an IPS sensor.

Question 14

Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

Options:

A.

The remote gateway has quick mode selectors containing a destination subnet of 10.1.2.0/24.

B.

The remote gateway IP is 10.200.5.1.

C.

DPD is disabled.

D.

Anti-replay is enabled.

Question 15

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

Options:

A.

HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

B.

Redirection of HTTP to HTTPS administrative access is disabled.

C.

HTTP administrative access is configured with a port number different than 80.

D.

The packet is denied because of reverse path forwarding check.

Question 16

Refer to the exhibit, which shows the output of diagnose sys session list.

If the HA ID for the primary device is 0, what will happen if the primary fails and the secondary becomes the primary?

Options:

A.

Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.

B.

The secondary device has this session synchronized; however, because application control is applied, the session will be marked dirty and have to be re-evaluated after failover.

C.

The session state will be preserved but the kernel will need to re-evaluate the session due to NAT being applied.

D.

The session will be removed from the session table of the secondary device due to the presence of allowed error packets, which will force the client to restart the session with the server.

Question 17

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Why didn’t the tunnel come up?

Options:

A.

The pre-shared keys do not match.

B.

The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.

C.

The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.

D.

The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Question 18

Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

Options:

A.

1

B.

2

C.

3

D.

4

Question 19

Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

Options:

A.

The local router has received a total of three BGP prefixes from all peers.

B.

The local router has not established a TCP session with 100.64.3.1.

C.

Since the counters were last reset, the 10.200.3.1 peer has never been down.

D.

The local router BGP state is OpenConfirm with the 10.127.0.75 peer.

Question 20

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator change to fix the issue?

Options:

A.

Increase webfilter-timeout.

B.

Change protocol to TCP.

C.

Enable fortiguard-anycast.

D.

Disable webfilter-force-off.

Question 21

A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

Options:

A.

Both session have the local flag on.

B.

The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.

C.

One session has the proxy flag on, the other one does not.

D.

One of the sessions has the IP address of port2 as the source IP address.

Question 22

View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Which statements are correct regarding the output shown? (Choose two.)

Options:

A.

There are 0 ephemeral sessions.

B.

All the sessions in the session table are TCP sessions.

C.

No sessions have been deleted because of memory pages exhaustion.

D.

There are 166 TCP sessions waiting to complete the three-way handshake.

Question 23

Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

Options:

A.

There are two sessions that have not been removed in case of any out-of-order packets that arrive.

B.

There are 166 TCP sessions waiting to complete the three-way handshake.

C.

162 sessions have been deleted because of memory page exhaustion.

D.

All the sessions in the session table are TCP sessions.

Question 24

Examine the following partial output from a sniffer command; then answer the question below.

What is the meaning of the packets dropped counter at the end of the sniffer?

Options:

A.

Number of packets that didn’t match the sniffer filter.

B.

Number of total packets dropped by the FortiGate.

C.

Number of packets that matched the sniffer filter and were dropped by the FortiGate.

D.

Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Load More NSE7_EFW-7.0 Questions
Demo: 24 questions
Total 163 questions
Get NSE7_EFW-7.0 Full Access Download NSE7_EFW-7.0 PDF