1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions
Questions # 31:

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Question # 31

Why did the tunnel not come up?

Options:
A.

The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway.

B.

The Diffie-Hellman group does not match on the local and remote gateways.

C.

The proposal ID does not match between local and remote gateways.

D.

The encapsulation method for phase 2 is set to none on local and remote gateways.

Expert Solution
Questions # 32:

View the exhibit, which contains a session entry, and then answer the question below.

Question # 32

Which statement is correct regarding this session?

Options:
A.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

B.

It is an ICMP session from 10.1.10.10 to 10.200.5.1.

C.

It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.

D.

It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

Expert Solution
Questions # 33:

Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

Options:
A.

Preview pending configuration changes for managed devices.

B.

Add devices to FortiManager.

C.

Import policy packages from managed devices.

D.

Install configuration changes to managed devices.

E.

Import interface mappings from managed devices.

Expert Solution
Questions # 34:

Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.

Question # 34

Which two statements about the output are true? (Choose two.)

Options:
A.

If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

B.

If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.

C.

If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.

D.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

Expert Solution
Questions # 35:

What events are recorded in the crashlogs of a FortiGate device? (Choose two.)

Options:
A.

A process crash.

B.

Configuration changes.

C.

Changes in the status of any of the FortiGuard licenses.

D.

System entering to and leaving from the proxy conserve mode.

Expert Solution
Questions # 36:

An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.

Question # 36

Question # 36

Based on the output in the exhibit, what can cause this authentication problem?

Options:
A.

User student is not found in the LDAP server.

B.

User student is using a wrong password.

C.

The FortiGate has been configured with the wrong password for the LDAP administrator.

D.

The FortiGate has been configured with the wrong authentication schema.

Expert Solution
Questions # 37:

Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.

Question # 37

Which statements are true regarding the above output? (Choose two.)

Options:
A.

The port4 interface is connected to the OSPF backbone area.

B.

The local FortiGate has been elected as the OSPF backup designated router.

C.

There are at least 5 OSPF routers connected to the port4 network.

D.

Two OSPF routers are down in the port4 network.

Expert Solution
Questions # 38:

View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Question # 38

Which statements are correct regarding the output? (Choose two.)

Options:
A.

The slave configuration is not synchronized with the master.

B.

The HA management IP is 169.254.0.2.

C.

Master is selected because it is the only device in the cluster.

D.

port 7 is used the HA heartbeat on all devices in the cluster.

Expert Solution
Questions # 39:

Refer to the exhibit, which contains the debug output of diagnose dvm device list.

Question # 39

Which two statements about the output shown in the exhibit are correct? (Choose two.)

Options:
A.

ADOMs are disabled on the FortiManager

B.

The FortiGate configuration is in sync with latest running revision history.

C.

There are pending device-level changes yet to be installed on Local-FortiGate.

D.

The policy package has been modified for Local-FortiGate.

Expert Solution
Questions # 40:

What is the diagnose test application ipsmenitor 5 command used for?

Options:
A.

To enable IPS bypass mode

B.

To disable the IPS engine

C.

To restart all IPS engines and monitors

D.

To provide information regarding IPS sessions

Expert Solution
Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions