1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 5 pages
Viewing questions 11-20 out of questions
Questions # 11:

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

Options:
A.

route-reflector enable

B.

route-reflector-server enable

C.

route-reflector-client enable

D.

route-reflector-peer enable

Expert Solution
Questions # 12:

Refer to the exhibit, which shows a partial web filter profile configuration.

Question # 12

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

Options:
A.

FortiGate will block the connection, based on the FortiGuard category based filter configuration.

B.

FortiGate will block the connection as an invalid URL.

C.

FortiGate will exempt the connection, based on the Web Content Filter configuration.

D.

FortiGate will allow the connection, based on the URL Filter configuration.

Expert Solution
Questions # 13:

View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

Question # 13

Why didn’t the tunnel come up?

Options:
A.

The pre-shared keys do not match.

B.

The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.

C.

The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.

D.

The remote gateway is using aggressive mode and the local gateway is configured to use man mode.

Expert Solution
Questions # 14:

View the central management configuration shown in the exhibit, and then answer the question below.

Question # 14

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

Options:
A.

10.0.1.240

B.

One of the public FortiGuard distribution servers

C.

10.0.1.244

D.

10.0.1.242

Expert Solution
Questions # 15:

Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)

Options:
A.

Importing firewall address objects from managed devices

B.

Importing interface mappings from managed devices

C.

Importing static and dynamic route configurations from managed devices

D.

Importing devices to FortiManager

Expert Solution
Questions # 16:

View these partial outputs from two routing debug commands:

Question # 16

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

Options:
A.

Both port1 and port2

B.

port3

C.

port1

D.

port2

Expert Solution
Questions # 17:

Refer to the exhibit, which shows the output of a BGP debug command.

Question # 17

Which statement explains why the state of the 10.200.3.1 peer is Connect?

Options:
A.

The local router has a different AS number than the remote peer.

B.

The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the openConfirm yet.

C.

The local router initiated the BGP session to 10.200.3.1 but did not receive a response.

D.

The router 10.200.3.1 has authentication configured for BGP and the local router does not.

Expert Solution
Questions # 18:

Refer to the exhibit, which contains the partial output of a diagnose command.

Question # 18

Based on the output, which two statements are correct? (Choose two.)

Options:
A.

Anti-replay is enabled

B.

The remote gateway IP is 10.200.4.1.

C.

DPD is disabled.

D.

Quick mode selectors are disabled.

Expert Solution
Questions # 19:

Refer to the exhibit, which shows the output of a web filtering diagnose command.

Question # 19

Which configuration change would result in non-zero results in the cache statistics section?

Options:
A.

set server-type rating under config system central-management

B.

set webfilter-cache enable under config system fortiguard

C.

set webfilter-force-off disable under config system fortiguard

D.

set ngfw-mode policy-based under config system settings

Expert Solution
Questions # 20:

Which two statements about conserve mode are true? (Choose two.)

Options:
A.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

B.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

C.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

D.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

Expert Solution
Viewing page 2 out of 5 pages
Viewing questions 11-20 out of questions