Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Discussions
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with ValidTests

Exam NSE7_EFW-7.0 All Questions
Exam NSE7_EFW-7.0 Premium Access

View all detail and faqs for the NSE7_EFW-7.0 exam

Go to Exam
Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which two conditions would prevent a static route from being added to the routing table? (Choose two.)

Options:

A.

There is another other route to the same destination, with a lower distance.

B.

The route has a lower priority value than another route to the same destination.

C.

The next-hop IP address is unreachable.

D.

The interface specified in the route configuration is down

Expert Solution
Questions # 2:

Refer to the exhibit, which shows the output of a diagnose command.

Question # 2

What can be concluded about the debug output in this scenario?

Options:

A.

Servers with a negative TZ value are less preferred for rating requests.

B.

There is a natural correlation between the value in the Packets field and the value in the Weight field.

C.

FortiGate used 64.26.151.37 as the initial server to validate its contract.

D.

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.

Expert Solution
Questions # 3:

Refer to the exhibit, which shows the output of a web filtering diagnose command.

Question # 3

Which configuration change would result in non-zero results in the cache statistics section?

Options:

A.

set server-type rating under config system central-management

B.

set webfilter-cache enable under config system fortiguard

C.

set webfilter-force-off disable under config system fortiguard

D.

set ngfw-mode policy-based under config system settings

Expert Solution
Questions # 4:

Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

Options:

A.

The next-hop IP address is up.

B.

There is no other route, to the same destination, with a higher distance.

C.

The link health monitor (if configured) is up.

D.

The next-hop IP address belongs to one of the outgoing interface subnets.

E.

The outgoing interface is up.

Expert Solution
Questions # 5:

An administrator added the following Ipsec VPN to a FortiGate configuration:

configvpn ipsec phasel -interface

edit "RemoteSite"

set type dynamic

set interface "portl"

set mode main

set psksecret ENC LCVkCiK2E2PhVUzZe

next

end

config vpn ipsec phase2-interface

edit "RemoteSite"

set phasel name "RemoteSite"

set proposal 3des-sha256

next

end

However, the phase 1 negotiation is failing. The administrator executed the IKF real time debug while attempting the Ipsec connection. The output is shown in the exhibit.

Question # 5

Question # 5

What is causing the IPsec problem in the phase 1 ?

Options:

A.

The incoming IPsec connection is matching the wrong VPN configuration

B.

The phrase-1 mode must be changed to aggressive

C.

The pre-shared key is wrong

D.

NAT-T settings do not match

Expert Solution
Questions # 6:

In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)

Options:

A.

It provides VM license validation services.

B.

It supports rating requests from non-FortiGate devices.

C.

It caches available firmware updates for unmanaged devices.

D.

It can be configured as an update server, a rating server, or both.

Expert Solution
Questions # 7:

An administrator is running the following sniffer in a FortiGate:

diagnose sniffer packet any “host 10.0.2.10” 2

What information is included in the output of the sniffer? (Choose two.)

Options:

A.

Ethernet headers.

B.

IP payload.

C.

IP headers.

D.

Port names.

Expert Solution
Questions # 8:

Examine the following routing table and BGP configuration; then answer the question below.

Question # 8

TheBGP connection is up, but the local peer is NOT advertising the prefix 192.168.1.0/24. Which configuration change will make the local peer advertise this prefix?

Options:

A.

Enable the redistribution of connected routers into BGP.

B.

Enable the redistribution of static routers into BGP.

C.

Disable the setting network-import-check.

D.

Enable the setting ebgp-multipath.

Expert Solution
Questions # 9:

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

Options:

A.

Router ID.

B.

OSPF interface area.

C.

OSPF interface cost.

D.

OSPF interface MTU.

E.

Interface subnet mask.

Expert Solution
Questions # 10:

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

Options:

A.

Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

B.

Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

C.

Sends a link failed signal to all connected devices.

D.

Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

Expert Solution
Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions