New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Fortinet NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Exam Practice Test

Fortinet NSE 7 - Enterprise Firewall 7.2 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Exhibit.

Refer to the exhibit, which shows the output from the webfilter fortiguard cache dump and webfilter categories commands.

Using the output, how can an administrator determine the category of the training.fortinet.comam website?

Options:

A.

The administrator must convert the first three digits of the IP hex value to binary

B.

The administrator can look up the hex value of 34 in the second command output.

C.

The administrator must add both the Pima in and Iphex values of 34 to get the category number

D.

The administrator must convert the first two digits of the Domain hex value to a decimal value

Question 2

After enabling IPS you receive feedback about traffic being dropped.

What could be the reason?

Options:

A.

Np-accel-mode is set to enable

B.

Traffic-submit is set to disable

C.

IPS is configured to monitor

D.

Fail-open is set to disable

Question 3

Which two statements about ADVPN are true? (Choose two.)

Options:

A.

You must disable add-route in the hub.

B.

AllFortiGate devices must be in the same autonomous system (AS).

C.

The hub adds routes based on IKE negotiations.

D.

You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.

Question 4

Refer to the exhibit, which contains a partial OSPF configuration.

What can you conclude from this output?

Options:

A.

Neighbors maintain communication with the restarting router.

B.

The router sends grace LSAs before it restarts.

C.

FortiGate restarts if the topology changes.

D.

The restarting router sends gratuitous ARP for 30 seconds.

Question 5

Exhibit.

Refer to the exhibit, which provides information on BGP neighbors.

Which can you conclude from this command output?

Options:

A.

The router are in the number to match the remote peer.

B.

You must change the AS number to match the remote peer.

C.

BGP is attempting to establish a TCP connection with the BGP peer.

D.

The bfd configuration to set to enable.

Question 6

Refer to the exhibit, which contains a partial BGP combination.

You want to configure a loopback as the OGP source.

Which two parameters must you set in the BGP configuration? (Choose two)

Options:

A.

ebgp-enforce-multihop

B.

recursive-next-hop

C.

ibgp-enfoce-multihop

D.

update-source

Question 7

Exhibit.

Refer to the exhibit, which contains a partial VPN configuration.

What can you conclude from this configuration1?

Options:

A.

FortiGate creates separate virtual interfaces for each dial up client.

B.

The VPN should use the dynamic routing protocol to exchange routing information Through the tunnels.

C.

Dead peer detection s disabled.

D.

The routing table shows a single IPSec virtual interface.

Question 8

Refer to the exhibit, which shows two configured FortiGate devices and peering over FGSP.

The main link directly connects the two FortiGate devices and is configured using the set

session-syn-dev command.

What is the primary reason to configure the main link?

Options:

A.

To have both sessions and configuration synchronization in layer 2

B.

To load balance both sessions and configuration synchronization between layer 2 and 3

C.

To have only configuration synchronization in layer 3

D.

To have both sessions and configuration synchronization in layer 3

Question 9

Which two statements about bfd are true? (Choose two)

Options:

A.

It can support neighbor only over the next hop in BGP

B.

You can disable it at the protocol level

C.

It works for OSPF and BGP

D.

You must configure n globally only

Question 10

You contoured an address object on the tool fortiGate in a Security Fabric. This object is not synchronized with a downstream device. Which two reasons could be the cause? (Choose two)

Options:

A.

The address object on the tool FortiGate has fabric-object set to disable

B.

The root FortiGate has configuration-sync set to enable

C.

The downstream TortiGate has fabric-object-unification set to local

D.

The downstream FortiGate has configuration-sync set to local

Question 11

Which ADVPN configuration must be configured using a script on fortiManager, when using VPN Manager to manage fortiGate VPN tunnels?

Options:

A.

Enable AD-VPN in IPsec phase 1

B.

Disable add-route on hub

C.

Configure IP addresses on IPsec virtual interlaces

D.

Set protected network to all

Question 12

Refer to the exhibit, which shows a custom signature.

Which two modifications must you apply to the configuration of this custom signature so that you can save it on FortiGate? (Choose two.)

Options:

A.

Add severity.

B.

Add attack_id.

C.

Ensure that the header syntax is F-SBID.

D.

Start options with --.

Question 13

Exhibit.

Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

Options:

A.

The port3 network has more man one OSPF router

B.

The OSPF routers are in the area ID of 0.0.0.1.

C.

The interfaces of the OSPF routers match the MTU value that is configured as 1500.

D.

NGFW-1 is the designated router

Question 14

Refer to the exhibit, which shows an error in system fortiguard configuration.

What is the reason you cannot set the protocol to udp in config system fortiguard?

Options:

A.

FortiManager provides FortiGuard.

B.

fortiguard-anycast is set to enable.

C.

You do not have the corresponding write access.

D.

udp is not a protocol option.

Question 15

Refer to the exhibit, which shows the output of a BGP summary.

What two conclusions can you draw from this BGP summary? (Choose two.)

Options:

A.

External BGP (EBGP) exchanges routing information.

B.

The BGP session with peer 10. 127. 0. 75 is established.

C.

The router 100. 64. 3. 1 has the parameter bfd set to enable.

D.

The neighbors displayed are linked to a local router with the neighbor-range set to a value of 4.