1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions
Questions # 1:

Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Question # 1

Which statements are true regarding the output in the exhibit? (Choose two.)

Options:
A.

BGP state of the peer 10.125.0.60 is Established.

B.

BGP peer 10.200.3.1 has never been down since the BGP counters were cleared.

C.

Local BGP peer has not received an OpenConfirm from 10.200.3.1.

D.

The local BGP peer has received a total of 3 BGP prefixes.

Expert Solution
Questions # 2:

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Question # 2

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

Options:
A.

HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

B.

Redirection of HTTP to HTTPS administrative access is disabled.

C.

HTTP administrative access is configured with a port number different than 80.

D.

The packet is denied because of reverse path forwarding check.

Expert Solution
Questions # 3:

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Question # 3

Why is the port2 default route not in the second command output?

Options:
A.

The port2 interface is disabled in the FortiGate configuration.

B.

The port1 default route has a lower distance than the default route using port2.

C.

The port1 default route has a higher priority value than the default route using port2.

D.

The port1 default route has a lower priority value than the default route using port2.

Expert Solution
Questions # 4:

Refer to the exhibits.

Question # 4

Which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovered that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must administrator make to fix the issue? (Choose two.)

Options:
A.

Use different pre-shared keys on both VPNs

B.

Enable Mode Config on both VPNs.

C.

Set up specific peer IDs on both VPNs.

D.

Change to aggressive mode on both VPNs.

Expert Solution
Questions # 5:

A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

Options:
A.

Firewall monitor.

B.

Policy monitor.

C.

Logs.

D.

Crashlogs.

Expert Solution
Questions # 6:

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

Question # 6

An administrator would like to test session failover between the two service provider connections.

What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Options:
A.

Configure set snat-route-change enable.

B.

Change the priority of the port2 static route to 5.

C.

Change the priority of the port1 static route to 11.

D.

unset snat-route-change to return it to the default setting.

Expert Solution
Questions # 7:

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Question # 7

Which of the following statements about the exhibit are true? (Choose two.)

Options:
A.

For the peer 10.125.0.60, the BGP state of is Established.

B.

The local BGP peer has received a total of three BGP prefixes.

C.

Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

D.

The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Expert Solution
Questions # 8:

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Question # 8

Which statements are true regarding the output in the exhibit? (Choose two.)

Options:
A.

FortiGate will probe 121.111.236.179 every fifteen minutes for a response.

B.

Servers with the D flag are considered to be down.

C.

Servers with a negative TZ value are experiencing a service outage.

D.

FortiGate used 209.222.147.3 as the initial server to validate its contract.

Expert Solution
Questions # 9:

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Question # 9

Why didn’t the tunnel come up?

Options:
A.

IKE mode configuration is not enabled in the remote IPsec gateway.

B.

The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.

C.

The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.

D.

One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Expert Solution
Questions # 10:

Examine the partial output from two web filter debug commands; then answer the question below:

Question # 10

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

Options:
A.

Finance and banking

B.

General organization.

C.

Business.

D.

Information technology.

Expert Solution
Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions