Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with ValidTests

Exam NSE7_EFW-7.0 All Questions
Exam NSE7_EFW-7.0 Premium Access

View all detail and faqs for the NSE7_EFW-7.0 exam

Go to Exam
Viewing page 2 out of 5 pages
Viewing questions 11-20 out of questions
Questions # 11:

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Question # 11

Based on the output, which two statements are correct? (Choose two.)

Options:

A.

The npu_flag for this tunnel is 03.

B.

Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.

C.

Anti-replay is enabled.

D.

The npu_flag for this tunnel is 02.

Expert Solution
Questions # 12:

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

Options:

A.

Primary unit stops sending HA heartbeat keepalives.

B.

The FortiGuard license for the primary unit is updated.

C.

One of the monitored interfaces in the primary unit is disconnected.

D.

A secondary unit is removed from the HA cluster.

Expert Solution
Questions # 13:

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Question # 13

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

The local router's BGP state is Established with the 10.125.0.60 peer.

B.

Since the counters were last reset; the 10.200.3.1 peer has never been down.

C.

The local router has received a total of three BGP prefixes from all peers.

D.

The local router has not established a TCP session with 100.64.3.1.

Expert Solution
Questions # 14:

Refer to the exhibit, which shows the output of a BGP debug command.

Question # 14

Which statement explains why the state of the 10.200.3.1 peer is Connect?

Options:

A.

The local router has a different AS number than the remote peer.

B.

The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the openConfirm yet.

C.

The local router initiated the BGP session to 10.200.3.1 but did not receive a response.

D.

The router 10.200.3.1 has authentication configured for BGP and the local router does not.

Expert Solution
Questions # 15:

Examine the following partial output from two system debug commands; then answer the question below.

Question # 15

Question # 15

Which of the following statements are true regarding the above outputs? (Choose two.)

Options:

A.

The unit is running a 32-bit FortiOS

B.

The unit is in kernel conserve mode

C.

The Cached value is always the Active value plus the Inactive value

D.

Kernel indirectly accesses the low memory (LowTotal) through memory paging

Expert Solution
Questions # 16:

Examine the output from the BGP real time debug shown in the exhibit, then the answer the question below:

Question # 16

Which statements are true regarding the output in the exhibit? (Choose two.)

Options:

A.

BGP peers have successfully interchanged Open and Keepalive messages.

B.

Local BGP peer received a prefix for a default route.

C.

The state of the remote BGP peer is OpenConfirm.

D.

The state of the remote BGP peer will go to Connect after it confirms the received prefixes.

Expert Solution
Questions # 17:

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

Options:

A.

Neighbor range

B.

Route reflector

C.

Next-hop-self

D.

Neighbor group

Expert Solution
Questions # 18:

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.

Question # 18

Why did the TCL script fail to make any changes to the managed device?

Options:

A.

The TCL command run_cmd has not been created.

B.

The TCL script must start with tinclude <>.

C.

Incomplete commands are ignored in TCL scripts.

D.

Changes to an interface configuration can be made only by a CLI script.

Expert Solution
Questions # 19:

View the following FortiGate configuration.

Question # 19

All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network:

Question # 19

If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?

Options:

A.

The session would remain in the session table, and its traffic would still egress from port1.

B.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C.

The session would remain in the session table, and its traffic would start to egress from port2.

D.

The session would be deleted, so the client would need to start a new session.

Expert Solution
Questions # 20:

A FortiGate device has the following LDAP configuration:

Question # 20

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user –samid administrator

“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab”

Based on the output, what FortiGate LDAP setting is configured incorrectly?

Options:

A.

cnid.

B.

username.

C.

password.

D.

dn.

Expert Solution
Viewing page 2 out of 5 pages
Viewing questions 11-20 out of questions