New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Exam Practice Test

Page: 1 / 5
Total 50 questions

Fortinet NSE 7 - Enterprise Firewall 7.2 Questions and Answers

Question 1

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

Options:

A.

Verify that the speed and duplex settings match between me FortiGate interfaces and the connected switch ports

B.

Configure set link -failed signal enable under-config system ha on both Cluster members

C.

Configure remote Iink monitoring to detect an issue in the forwarding path

D.

Configure set send-garp-on-failover enables under config system ha on both cluster members

Question 2

Refer to the exhibit, which shows an error in system fortiguard configuration.

Question # 2

What is the reason you cannot set the protocol to udp in config system fortiguard?

Options:

A.

FortiManager provides FortiGuard.

B.

fortiguard-anycast is set to enable.

C.

You do not have the corresponding write access.

D.

udp is not a protocol option.

Question 3

Which two statements about the Security fabric are true? (Choose two.)

Options:

A.

FortiGate uses the FortiTelemetry protocol to communicate with FortiAnatyzer.

B.

Only the root FortiGate sends logs to FortiAnalyzer

C.

Only FortiGate devices with configuration-sync receive and synchronize global CMDB objects that the toot FortiGate sends

D.

Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer

Question 4

Exhibit.

Question # 4

Refer to the exhibit, which contains the partial interface configuration of two FortiGate devices.

Which two conclusions can you draw from this con figuration? (Choose two)

Options:

A.

10.1.5.254 is the default gateway of the internal network

B.

On failover new primary device uses the same MAC address as the old primary

C.

The VRRP domain uses the physical MAC address of the primary FortiGate

D.

By default FortiGate B is the primary virtual router

Question 5

Refer to the exhibit, which shows a network diagram.

Question # 5

Which protocol should you use to configure the FortiGate cluster?

Options:

A.

FGCP in active-passive mode

B.

OFGSP

C.

VRRP

D.

FGCP in active-active mode

Question 6

Winch two statements about ADVPN are true? (Choose two)

Options:

A.

auto-discovery receiver must be set to enable on the Spokes.

B.

Spoke to-spoke traffic never goes through the hub

C.

lt supports NAI for on-demand tunnels

D.

Routing is configured by enabling add-advpn-route

Question 7

Refer to the exhibit, which contains information about an IPsec VPN tunnel.

Question # 7

What two conclusions can you draw from the command output? (Choose two.)

Options:

A.

Dead peer detection is set to enable.

B.

The IKE version is 2.

C.

Both IPsec SAs are loaded on the kernel.

D.

Forward error correction in phase 2 is set to enable.

Question 8

Exhibit.

Question # 8

Refer to the exhibit, which contains an active-active toad balancing scenario.

During the traffic flow the primary FortiGate forwards the SYN packet to the secondary FortiGate.

What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to the secondary FortiGate?

Options:

A.

Secondary physical MAC port1

B.

Secondary virtual MAC port1

C.

Secondary virtual MAC port1 then physical MAC port1

D.

Secondary physical MAC port2 then virtual MAC port2

Question 9

Exhibit.

Question # 9

Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

Options:

A.

The port3 network has more man one OSPF router

B.

The OSPF routers are in the area ID of 0.0.0.1.

C.

The interfaces of the OSPF routers match the MTU value that is configured as 1500.

D.

NGFW-1 is the designated router

Question 10

Refer to the exhibit, which contains a partial BGP combination.

Question # 10

You want to configure a loopback as the OGP source.

Which two parameters must you set in the BGP configuration? (Choose two)

Options:

A.

ebgp-enforce-multihop

B.

recursive-next-hop

C.

ibgp-enfoce-multihop

D.

update-source

Question 11

Exhibit.

Question # 11

Refer to exhibit, which shows a central management configuration

Which server will FortiGate choose for web filler rating requests if 10.0.1.240 is experiencing an outage?

Options:

A.

Public FortiGuard servers

B.

10.0.1.242

C.

10.0.1.244

D.

10.0.1.243

Question 12

Refer to the exhibit.

Question # 12

which contains a partial configuration of the global system. What can you conclude from this output?

Options:

A.

NPs and CPs are enabled

B.

Only CPs arc disabled

C.

Only NPs are disabled

D.

NPs and CPs arc disabled

Question 13

Exhibit.

Question # 13

Question # 13

Refer to the exhibit, which contains an ADVPN network diagram and a partial BGP con figuration Which two parameters Should you configure in config neighbor range? (Choose two.)

Options:

A.

set prefix 172.16.1.0 255.255.255.0

B.

set route reflector-client enable

C.

set neighbor-group advpn

D.

set prefix 10.1.0 255.255.255.0

Question 14

Which two statements about the neighbor-group command are true? (Choose two.)

Options:

A.

You can configure it on the GUI.

B.

It applies common settings in an OSPF area.

C.

It is combined with the neighbor-range parameter.

D.

You can apply it in Internal BGP (IBGP) and External BGP (EBGP).

Question 15

Exhibit.

Question # 15

Refer to the exhibit, which shows an ADVPN network.

The client behind Spoke-1 generates traffic to the device located behind Spoke-2.

Which first message floes the hub send to Spoke-110 bring up the dynamic tunnel?

Options:

A.

Shortcut query

B.

Shortcut reply

C.

Shortcut offer

D.

Shortcut forward

Page: 1 / 5
Total 50 questions