New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Fortinet NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Exam Practice Test

Demo: 15 questions
Total 50 questions

Fortinet NSE 7 - Enterprise Firewall 7.2 Questions and Answers

Question 1

Refer to the exhibit, which shows a network diagram.

Which protocol should you use to configure the FortiGate cluster?

Options:

A.

FGCP in active-passive mode

B.

OFGSP

C.

VRRP

D.

FGCP in active-active mode

Question 2

Exhibit.

Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

Options:

A.

The port3 network has more man one OSPF router

B.

The OSPF routers are in the area ID of 0.0.0.1.

C.

The interfaces of the OSPF routers match the MTU value that is configured as 1500.

D.

NGFW-1 is the designated router

Question 3

Refer to the exhibit, which shows the output of a BGP summary.

What two conclusions can you draw from this BGP summary? (Choose two.)

Options:

A.

External BGP (EBGP) exchanges routing information.

B.

The BGP session with peer 10. 127. 0. 75 is established.

C.

The router 100. 64. 3. 1 has the parameter bfd set to enable.

D.

The neighbors displayed are linked to a local router with the neighbor-range set to a value of 4.

Question 4

Winch two statements about ADVPN are true? (Choose two)

Options:

A.

auto-discovery receiver must be set to enable on the Spokes.

B.

Spoke to-spoke traffic never goes through the hub

C.

lt supports NAI for on-demand tunnels

D.

Routing is configured by enabling add-advpn-route

Question 5

Which ADVPN configuration must be configured using a script on fortiManager, when using VPN Manager to manage fortiGate VPN tunnels?

Options:

A.

Enable AD-VPN in IPsec phase 1

B.

Disable add-route on hub

C.

Configure IP addresses on IPsec virtual interlaces

D.

Set protected network to all

Question 6

Which two statements about IKE version 2 fragmentation are true? (Choose two.)

Options:

A.

Only some IKE version 2 packets are considered fragmentable.

B.

The reassembly timeout default value is 30 seconds.

C.

It is performed at the IP layer.

D.

The maximum number of IKE version 2 fragments is 128.

Question 7

You want to configure faster failure detection for BGP

Which parameter should you enable on both connected FortiGate devices?

Options:

A.

Ebgp-enforce-multihop

B.

bfd

C.

Distribute-list-in

D.

Graceful-restart

Question 8

Exhibit.

Refer to the exhibit, which contains a partial policy configuration.

Which setting must you configure to allow SSH?

Options:

A.

Specify SSH in the Service field

B.

Configure pot 22 in the Protocol Options field.

C.

Include SSH in the Application field

D.

Select an application control profile corresponding to SSH in the Security Profiles section

Question 9

Refer to the exhibit, which shows a routing table.

What two options can you configure in OSPF to block the advertisement of the 10.1.10.0 prefix? (Choose two.)

Options:

A.

Remove the 16.1.10.C prefix from the OSPF network

B.

Configure a distribute-list-out

C.

Configure a route-map out

D.

Disable Redistribute Connected

Question 10

You want to block access to the website ww.eicar.org using a custom IPS signature.

Which custom IPS signature should you configure?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 11

Exhibit.

Refer to the exhibit, which contains a partial VPN configuration.

What can you conclude from this configuration1?

Options:

A.

FortiGate creates separate virtual interfaces for each dial up client.

B.

The VPN should use the dynamic routing protocol to exchange routing information Through the tunnels.

C.

Dead peer detection s disabled.

D.

The routing table shows a single IPSec virtual interface.

Question 12

In which two ways does fortiManager function when it is deployed as a local FDS? (Choose two)

Options:

A.

lt can be configured as an update server a rating server or both

B.

It provides VM license validation services

C.

It supports rating requests from non-FortiGate devices.

D.

It caches available firmware updates for unmanaged devices

Question 13

Exhibit.

Refer to the exhibit, which contains an ADVPN network diagram and a partial BGP con figuration Which two parameters Should you configure in config neighbor range? (Choose two.)

Options:

A.

set prefix 172.16.1.0 255.255.255.0

B.

set route reflector-client enable

C.

set neighbor-group advpn

D.

set prefix 10.1.0 255.255.255.0

Question 14

Exhibit.

Refer to the exhibit, which contains the partial ADVPN configuration of a spoke.

Which two parameters must you configure on the corresponding single hub? (Choose two.)

Options:

A.

Set auto-discovery-sender enable

B.

Set ike-version 2

C.

Set auto-discovery-forwarder enable

D.

Set auto-discovery-receiver enable

Question 15

Which FortiGate in a Security I auric sends togs to FortiAnalyzer?

Options:

A.

Only the root FortiGate.

B.

Each FortiGate in the Security fabric.

C.

The FortiGate devices performing network address translation (NAT) or unified threat management (UTM). if configured.

D.

Only the last FortiGate that handled a session in the Security Fabric

Demo: 15 questions
Total 50 questions