1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 5 pages
Viewing questions 21-30 out of questions
Questions # 21:

Refer to the exhibit, which shows a session entry. Which statement about this session is true?

Question # 21

Options:
A.

It is an ICMP session from 10.1.10.10 to 10.200.5. 1.

B.

It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

Expert Solution
Questions # 22:

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

Options:
A.

Only the DR receives link state information from non-DR routers.

B.

Non-DR and non-BDR routers form full adjacencies to DR only.

C.

Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.

D.

FortiGate first checks the OSPF ID to elect a DR.

Expert Solution
Questions # 23:

What are two functions of automation stitches? (Choose two.)

Options:
A.

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.

B.

An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

C.

Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

D.

An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

Expert Solution
Questions # 24:

Examine the following routing table and BGP configuration; then answer the question below.

Question # 24

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

Options:
A.

Enable the redistribution of connected routers into BGP.

B.

Enable the redistribution of static routers into BGP.

C.

Disable the setting network-import-check.

D.

Enable the setting ebgp-multipath.

Expert Solution
Questions # 25:

Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?

Options:
A.

Set protected network to all

B.

Enable AD-VPN in IPsec phase 1

C.

Configure IP addresses on IPsec virtual interfaces

D.

Disable add-route on hub

Expert Solution
Questions # 26:

A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website. The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

Question # 26

What should the administrator check to fix the problem?

Options:
A.

The connectivity between the FortiGate unit and the DNS server.

B.

The connectivity between the client workstations and the DNS server.

C.

That DNS traffic from client workstations is allowed by the explicit web proxy policies.

D.

That DNS service is enabled in the explicit web proxy interface.

Expert Solution
Questions # 27:

Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

Options:
A.

OSPF interface network types match.

B.

OSPF router IDs are unique.

C.

OSPF interface priority settings are unique.

D.

Authentication settings match.

E.

OSPF link costs match.

Expert Solution
Questions # 28:

Which statement about protocol options is true?

Options:
A.

Protocol options allows administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

B.

Protocol options allows administrators the ability to configure the Any setting for all enabled protocols which provides the most efficient use of system resources.

C.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

D.

Protocol options allows administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

Expert Solution
Questions # 29:

Refer to the exhibit, which contains partial outputs from two routing debug commands.

Question # 29

Why is the port2 default route not in the second command's output?

Options:
A.

It has a higher priority value than the default route using port1.

B.

It is disabled in the FortiGate configuration.

C.

It has a lower priority value than the default route using port1.

D.

It has a higher distance than the default route using port1.

Expert Solution
Questions # 30:

An administrator has been assigned the task of creating a set of firewall policies which must be evaluated before any custom policies defined within the policy packages of managed FortiGate devices, across all 25 ADOMSs in FortiManager.

How should the administrator accomplish this task?

Options:
A.

Create a footer policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this footer policy to all other ADOMs.

B.

Create a header policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this header policy to all other ADOMs.

C.

Move the FortiGate devices into a single globally scoped ADOM, and merge policy packages, inserting the new firewall policies at the top.

D.

Use a CLI script from the root ADOM on FortiManager to push these new policies to all FortiGate devices, through the FGFM tunnel.

Expert Solution
Viewing page 3 out of 5 pages
Viewing questions 21-30 out of questions