Fortinet nse7-efw-7-2 practice test
fortinet nse 7 - enterprise firewall 7.2
Last exam update: Oct 15 ,2024
Question 1
You created a VPN community using VPN Manager on FortiManager. You also added gateways to the VPN community. Now you are trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces do not appear as available options.
What step must you take to resolve this issue?
- A. Refresh the device status using the Device Manager so that FortiGate populates the IPSec interfaces.
- B. Install the VPN community and gateway configuration on the FortiGate devices so that the VPN interfaces appear on the Policy Objects on FortiManager.
- C. Configure the phase 1 settings in the VPN community that you didnt initially configure. FortiGate automatically generates the interfaces after you configure the required settings.
- D. Create interface mappings for the IPsec VPN interfaces before you use them in a policy.
Answer:
b
Question 2
Which two statements about IKE version 2 fragmentation are true? (Choose two.)
- A. Only some IKE version 2 packets are considered fragmentable
- B. The reassembly timeout default value is 30 seconds
- C. It is performed at the IP layer
- D. The maximum number of IKE version 2 fragments is 128
Answer:
ad
Question 3
Refer to the exhibit, which contains a partial policy configuration.
Which setting must you configure to allow SSH?
- A. Specify SSH in the Service field.
- B. Select an application control profile corresponding to SSH in the Security Profiles section.
- C. Include SSH in the Application field.
- D. Configure port 22 in the Protocol Options field.
Answer:
a
Question 4
Which two statements about ADVPN are true? (Choose two.)
- A. The hub adds routes based on IKE negotiations.
- B. You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.
- C. All FortiGate devices must be in the same autonomous system (AS).
- D. You must disable add-route in the hub.
Answer:
ab
Question 5
Which two statements about the BFD parameter in BGP are true? (Choose two.)
- A. It detects only two-way failures.
- B. The two routers must be connected to the same subnet.
- C. It allows failure detection in less than one second.
- D. It is supported for neighbors over multiple hops.
Answer:
cd
Question 6
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
- A. OSPF interface network types match.
- B. OSPF interface priority settings are unique.
- C. OSPF router IDs are unique.
- D. OSPF link costs match.
- E. Authentication settings match.
Answer:
ace
Question 7
Which FortiGate in a Security Fabric sends logs to FortiAnalyzer?
- A. Only the root FortiGate.
- B. Each FortiGate in the Security Fabric.
- C. The FortiGate devices performing network address translation (NAT) or unified threat management (UTM), if configured.
- D. Only the last FortiGate that handled a session in the Security Fabric.
Answer:
b
Question 8
Refer to the exhibit, which shows a partial routing table.
What two conclusions can you draw from the corresponding FortiGate configuration? (Choose two.)
- A. OSPF is configured to run over IPSec.
- B. net-device is enabled in the tunnel IPSec phase 1 configuration.
- C. IPSec tunnel aggregation is configured.
- D. add-route is disabled in the tunnel IPSec phase 1 configuration.
Answer:
ad
Question 9
Refer to the exhibit, which shows an error in system fortiguard configuration.
What is the reason you cannot set the protocol to udp in config system fortiguard?
- A. udp is not a protocol option.
- B. fortiguard-anycast is set to enable.
- C. You do not have the corresponding write access.
- D. FortiManager provides FortiGuard.
Answer:
b -
Question 10
Refer to the exhibit, which contains a partial OSPF configuration.
What can you conclude from this output?
- A. Neighbors maintain communication with the restarting router.
- B. The restarting router sends gratuitous ARP for 30 seconds.
- C. FortiGate restarts if the topology changes.
- D. The router sends grace LSAs before it restarts.
Answer:
a