New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 5 out of 5 pages
Viewing questions 41-50 out of questions
Questions # 41:

In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)

Options:
A.

It provides VM license validation services.

B.

It supports rating requests from non-FortiGate devices.

C.

It caches available firmware updates for unmanaged devices.

D.

It can be configured as an update server, a rating server, or both.

Expert Solution
Questions # 42:

When does a RADIUS server send an Access-Challenge packet?

Options:
A.

The server does not have the user credentials yet.

B.

The server requires more information from the user, such as the token code for two-factor authentication.

C.

The user credentials are wrong.

D.

The user account is not found in the server.

Expert Solution
Questions # 43:

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

Options:
A.

route-reflector enable

B.

route-reflector-server enable

C.

route-reflector-client enable

D.

route-reflector-peer enable

Expert Solution
Questions # 44:

View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Question # 44

Which of the following statements is true regarding this output?

Options:
A.

The requested URL belongs to category ID 255.

B.

The server hostname Is training, fortinet.com.

C.

FortiGate found the requested URL in its local cache.

D.

This web request was inspected using the ftgd-allow web filler profile.

Expert Solution
Questions # 45:

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

Options:
A.

FortiGate first checks the OSPF ID to elect a DR.

B.

Non-DR and non-BDR routers will form full adjacencies to DR and BDR only.

C.

BDR is responsible for forwarding link state information from one router to another.

D.

Only the DR receives link state information from non-DR routers.

Expert Solution
Questions # 46:

Refer to the exhibit, which shows the output of diagnose sys session list.

Question # 46

If the HA ID for the primary device is 0, what will happen if the primary fails and the secondary becomes the primary?

Options:
A.

Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.

B.

The secondary device has this session synchronized; however, because application control is applied, the session will be marked dirty and have to be re-evaluated after failover.

C.

The session state will be preserved but the kernel will need to re-evaluate the session due to NAT being applied.

D.

The session will be removed from the session table of the secondary device due to the presence of allowed error packets, which will force the client to restart the session with the server.

Expert Solution
Questions # 47:

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Question # 47

Why is the port2 default route not in the second command output?

Options:
A.

The port2 interface is disabled in the FortiGate configuration.

B.

The port1 default route has a lower distance than the default route using port2.

C.

The port1 default route has a higher priority value than the default route using port2.

D.

The port1 default route has a lower priority value than the default route using port2.

Expert Solution
Questions # 48:

Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.

Question # 48

Why didn’t the tunnel come up?

Options:
A.

IKE mode configuration is not enabled in the remote IPsec gateway.

B.

The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.

C.

The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.

D.

One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

Expert Solution
Viewing page 5 out of 5 pages
Viewing questions 41-50 out of questions