New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions
Questions # 31:

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Question # 31

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:
A.

Set the priority of the static default route using port1 to 10. Most Voted

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set snat-route-change to enable.

Expert Solution
Questions # 32:

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Question # 32

Based on the output, which two statements are correct? (Choose two.)

Options:
A.

The npu_flag for this tunnel is 03.

B.

Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.

C.

Anti-replay is enabled.

D.

The npu_flag for this tunnel is 02.

Expert Solution
Questions # 33:

View the exhibit, which contains a session entry, and then answer the question below.

Question # 33

Which statement is correct regarding this session?

Options:
A.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

B.

It is an ICMP session from 10.1.10.10 to 10.200.5.1.

C.

It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.

D.

It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Expert Solution
Questions # 34:

Refer to the exhibit, which shows a FortiGate configuration.

Question # 34

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator change to fix the issue?

Options:
A.

Increase webfilter-timeout.

B.

Change protocol to TCP.

C.

Enable fortiguard-anycast.

D.

Disable webfilter-force-off.

Expert Solution
Questions # 35:

Which statement about NGFW policy-based application filtering is true?

Options:
A.

After the application has been identified, the kernel uses only the Layer 4 header to match the traffic.

B.

The IPS security profile is the only security option you can apply to the security policy with the action set to ACCEPT.

C.

After IPS identifies the application, it adds an entry to a dynamic ISDB table.

D.

FortiGate will drop all packets until the application can be identified.

Expert Solution
Questions # 36:

Which two statements about an auxiliary session are true? (Choose two.)

Options:
A.

With the auxiliary session setting disabled, only auxiliary sessions are offloaded.

B.

With the auxiliary session setting enabled, two sessions are created in case of routing change.

C.

With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.

D.

With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session.

Expert Solution
Questions # 37:

How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

Options:
A.

FortiManager can download and maintain local copies of FortiGuard databases.

B.

FortiManager supports only FortiGuard push to managed devices.

C.

FortiManager will respond to update requests only if they originate from a managed device.

D.

FortiManager does not support rating requests.

Expert Solution
Questions # 38:

Refer to the exhibit, which shows the output of a debug command.

Question # 38

Which two statements about the output are true? (Choose two.)

Options:
A.

In the network connected to port 4, two OSPF routers are down.

B.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.

C.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.

D.

There are a total of 5 OSPF routers attached to the Port4 network segment.

Expert Solution
Questions # 39:

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.

What can the administrator do to fix this problem?

Options:
A.

Configure remote link monitoring to detect an issue in the forwarding path.

B.

Configure set send-garp-on-failover enable under config system ha on both cluster members.

C.

Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.

D.

Configure set link-failed-signal enable under config system ha on both cluster members.

Expert Solution
Questions # 40:

Which statement about memory conserve mode is true?

Options:
A.

A FortiGate exits conserve mode when the configured memory use threshold reaches yellow.

B.

A FortiGate starts dropping all the new and old sessions when the configured memory use threshold reaches extreme.

C.

A FortiGate starts dropping new sessions when the configured memory use threshold reaches red

D.

A FortiGate enters conserve mode when the configured memory use threshold reaches red

Expert Solution
Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions