Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0
  5. Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.0 Questions and answers with ValidTests

Exam NSE7_EFW-7.0 All Questions
Exam NSE7_EFW-7.0 Premium Access

View all detail and faqs for the NSE7_EFW-7.0 exam

Go to Exam
Viewing page 5 out of 5 pages
Viewing questions 41-50 out of questions
Questions # 41:

Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."

What does the log mean?

Options:

A.

There is not enough available memory in the system to create a new entry in the NAT port table.

B.

The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.

C.

FortiGate does not have any available NAT port for a new connection.

D.

The limit for the maximum number of entries in the NAT port table has been reached.

Expert Solution
Questions # 42:

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

Options:

A.

Reduce the session time to live.

B.

Increase the TCP session timers.

C.

Increase the FortiGuard cache time to live.

D.

Reduce the maximum file size to inspect.

Expert Solution
Questions # 43:

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Question # 43

Based on the output, which two statements are correct? (Choose two.)

Options:

A.

Phase 2 authentication is set to sha1 on both sides.

B.

Anti-replay is disabled.

C.

Hub2Spoke1 is a policy-based VPN.

D.

Hub2Spoke1 is configured on interface wan2.

Expert Solution
Questions # 44:

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Question # 44

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

Options:

A.

HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.

B.

Redirection of HTTP to HTTPS administrative access is disabled.

C.

HTTP administrative access is configured with a port number different than 80.

D.

The packet is denied because of reverse path forwarding check.

Expert Solution
Questions # 45:

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Question # 45

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set the priority of the static default route using port1 to 10. Most Voted

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set snat-route-change to enable.

Expert Solution
Questions # 46:

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

Options:

A.

Only the DR receives link state information from non-DR routers.

B.

Non-DR and non-BDR routers form full adjacencies to DR only.

C.

Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.

D.

FortiGate first checks the OSPF ID to elect a DR.

Expert Solution
Questions # 47:

Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

Options:

A.

When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.

B.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

C.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

D.

When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.

Expert Solution
Questions # 48:

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Question # 48

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

For the peer 10.125.0.60, the BGP state of is Established.

B.

The local BGP peer has received a total of three BGP prefixes.

C.

Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

D.

The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Expert Solution
Viewing page 5 out of 5 pages
Viewing questions 41-50 out of questions