1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 5 out of 5 pages
Viewing questions 41-50 out of questions
Questions # 41:

Which two statements about the Security Fabric are true? (Choose two.)

Options:
A.

Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer.

B.

Only the root FortiGate sends logs to FortiAnalyzer.

C.

Only FortiGate devices with fabric-object-unification set to default will receive and synchronize global CMDB objects sent by the root FortiGate.

D.

FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.

Expert Solution
Questions # 42:

An administrator has configured the following CLI script on FortiManager, which failed to apply any changes to the managed device after being executed.

Question # 42

Why didn’t the script make any changes to the managed device?

Options:
A.

Commands that start with the # sign are not executed.

B.

CLI scripts will add objects only if they are referenced by policies.

C.

Incomplete commands are ignored in CLI scripts.

D.

Static routes can only be added using TCL scripts.

Expert Solution
Questions # 43:

Refer to the exhibit, which shows the output of diagnose sys session stat.

Question # 43

Which statement about the output shown in the exhibit is correct?

Options:
A.

There are two sessions that have not been removed in case of any out-of-order packets that arrive.

B.

There are 166 TCP sessions waiting to complete the three-way handshake.

C.

162 sessions have been deleted because of memory page exhaustion.

D.

All the sessions in the session table are TCP sessions.

Expert Solution
Questions # 44:

A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

Options:
A.

Both session have the local flag on.

B.

The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.

C.

One session has the proxy flag on, the other one does not.

D.

One of the sessions has the IP address of port2 as the source IP address.

Expert Solution
Questions # 45:

View the exhibit, which contains the output of a real-time debug, Which statement about this output is true?

Question # 45

Which of the following statements is true regarding this output?

Options:
A.

The requested URL belongs to category ID 255.

B.

The server hostname Is training, fortinet.com.

C.

FortiGate found the requested URL in its local cache.

D.

This web request was inspected using the ftgd-allow web filler profile.

Expert Solution
Questions # 46:

Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; then answer the question below.

Question # 46

Which statements are true regarding the output in the exhibit? (Choose two.)

Refer to the exhibit, which shows the output of a debug command.

Which statement about the output is true?

Options:
A.

TheOSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the war. l network.

B.

The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.

C.

The local FortiGate is the designated router for the wan1 network.

D.

The interface ToRemote is a point-to-point OSPF network.

Expert Solution
Questions # 47:

Which two statements about the Security Fabric are true? (Choose two.)

Options:
A.

Only the root FortiGate collects network information and forwards it to FortiAnalyzer.

B.

FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.

C.

All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity.

D.

Branch FortiGate devices must be configured first.

Expert Solution
Questions # 48:

Refer to the exhibit, which contains the partial output of a diagnose command.

Question # 48

Based on the output, which two statements are correct? (Choose two.)

Options:
A.

The remote gateway has quick mode selectors containing a destination subnet of 10.1.2.0/24.

B.

The remote gateway IP is 10.200.5.1.

C.

DPD is disabled.

D.

Anti-replay is enabled.

Expert Solution
Viewing page 5 out of 5 pages
Viewing questions 41-50 out of questions