Fortinet NSE7_EFW-7.0 Exam Questions Free Practice Test

Viewing page 1 out of 5 pages

Viewing questions 1-10 out of questions

Questions # 1:

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

Options:

Group ID.

Group name.

Session pickup.

Gratuitous ARPs.

Expert Solution

Questions # 2:

Refer to the exhibit, which contains the partial output of a diagnose command.

Question # 2

Based on the output, which two statements are correct? (Choose two.)

Options:

Anti-replay is enabled.

DPD is disabled.

Remote gateway IP is 10.200.4.1.

Quick mode selectors are disabled.

Expert Solution

Questions # 3:

View the central management configuration shown in the exhibit, and then answer the question below.

Question # 3

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

Options:

10.0.1.240

One of the public FortiGuard distribution servers

10.0.1.244

10.0.1.242

Expert Solution

Questions # 4:

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

Options:

Neighbor range

Route reflector

Next-hop-self

Neighbor group

Expert Solution

Questions # 5:

Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Question # 5

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

Options:

The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

The TCP session for the BGP connection to 10.200.3.1 is down.

The local peer has received the BGP prefixed from the remote peer.

The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

Expert Solution

Questions # 6:

An administrator has been assigned the task of creating a set of firewall policies which must be evaluated before any custom policies defined within the policy packages of managed FortiGate devices, across all 25 ADOMSs in FortiManager.

How should the administrator accomplish this task?

Options:

Create a footer policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this footer policy to all other ADOMs.

Create a header policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this header policy to all other ADOMs.

Move the FortiGate devices into a single globally scoped ADOM, and merge policy packages, inserting the new firewall policies at the top.

Use a CLI script from the root ADOM on FortiManager to push these new policies to all FortiGate devices, through the FGFM tunnel.

Expert Solution

Questions # 7:

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Question # 7

Why didn’t the tunnel come up?

Options:

The pre-shared keys do not match.

The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.

The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.

The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Expert Solution

Questions # 8:

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.

# diagnose debug authd fsso list —FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.

What should the administrator check?

Options:

The IP address recorded in the logon event for the user STUDENT.

The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.

The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.

The reserve DNS lookup forthe IP address 192.168.3.1.

Expert Solution

Questions # 9:

Which of the following statements is true regarding a FortiGate configured as an explicit web proxy?

Options:

FortiGate limits the number of simultaneous sessions per explicit web proxy user. This limit CANNOT be modified by the administrator.

FortiGate limits the total number of simultaneous explicit web proxy users.

FortiGate limits the number of simultaneous sessions per explicit web proxy user The limit CAN be modified by the administrator

FortiGate limits the number of workstations that authenticate using the same web proxy user credentials. This limit CANNOT be modified by the administrator.

Expert Solution

Questions # 10:

Examine the following partial outputs from two routing debug commands; then answer the question below.

# get router info kernel

tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.1.254 dev=2(port1)

tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.2.254 dev=3(port2)

tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254

gwy=0.0.0.0 dev=4(port3)

# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2

Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

Options:

port!

port2.

Both portl and port2.

port3.

Expert Solution

Viewing page 1 out of 5 pages

Viewing questions 1-10 out of questions

New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce