1. Home
  2. Fortinet
  3. NSE7_EFW-6.0

Fortinet NSE 7 - Enterprise Firewall 6.0

Exam Details

  • Exam Code
    :NSE7_EFW-6.0
  • Exam Name
    :Fortinet NSE 7 - Enterprise Firewall 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :30 Q&As
  • Last Updated
    :Jun 13, 2025

Fortinet Fortinet Certifications NSE7_EFW-6.0 Questions & Answers

  • Question 21:

    View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

    Which of the following statements about the exhibit are true? (Choose two.)

    A. The local router's BGP state is Established with the 10.125.0.60 peer.

    B. Since the counters were last reset; the 10.200.3.1 peer has never been down.

    C. The local router has received a total of three BGP prefixes from all peers.

    D. The local router has not established a TCP session with 100.64.3.1.

  • Question 22:

    View the global IPS configuration, and then answer the question below.

    Which of the following statements is true regarding this configuration? (Choose two.)

    A. IPS will scan every byte in every session.

    B. IPS acceleration is disabled in this FortiGate device's configuration.

    C. New packets requiring IPS inspection will be passed through during conserve mode.

    D. FortiGate will spawn IPS engine instances based on the system load.

  • Question 23:

    View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

    Why didn't the tunnel come up?

    A. The remote gateway is using aggressive mode and the local gateway is configured to use main mode.

    B. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration.

    C. The remote gateway's phase 2 configuration does not match the local gateway's phase 2 configuration

    D. The pre-shared keys do not match.

  • Question 24:

    View the exhibit, which contains the output of a web filtering diagnose command, and then answer the question below.

    Which one of the following statements explains why the cache statistics are all zeros?

    A. There are no users making web requests.

    B. The administrator has reallocated the cache memory to a separate process.

    C. The FortiGuard web filter cache is disabled in the FortiGate's configuration.

    D. FortiGate is using flow-based inspection which doesn't use the cache.

  • Question 25:

    View the exhibit, which contains the output of a debug command, and then answer the question below.

    Which one of the following statements about this FortiGate is correct?

    A. It is currently in system conserve mode because of high CPU usage.

    B. It is currently in extreme conserve mode because of high memory usage.

    C. It is currently in proxy conserve mode because of high memory usage.

    D. It is currently in memory conserve mode because of high memory usage.

  • Question 26:

    What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

    A. OSPF IP MTUs match.

    B. OSPF costs match.

    C. OSPF peer IDs match.

    D. IP addresses are in the same subnet.

    E. Hello and dead intervals match.

  • Question 27:

    View the exhibit, which contains the output of a diagnose command, and then answer the question below.

    Which statements are true regarding the output in the exhibit? (Choose two.)

    A. FortiGate used 209.222.147.36 as the initial server to validate its contract.

    B. Servers with the D flag are considered to be down.

    C. FortiGate will probe 121.111.236.179 every fifteen minutes for a response.

    D. Servers with a negative TZ value are experiencing a service outage.

  • Question 28:

    An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which one of the following statements about this command is true?

    A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

    B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

    C. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

    D. Sends a link failed signal to all connected devices.

  • Question 29:

    View the central management configuration shown in the exhibit, and then answer the question below.

    Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

    A. 10.0.1.244

    B. Public FortiGuard servers

    C. 10.0.1.240

    D. 10.0.1.242

  • Question 30:

    View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

    If the HA ID for the primary unit is zero (0), which one of the following statements about the output is true?

    A. This session is for HA heartbeat traffic.

    B. This session cannot be synced with the slave unit.

    C. The master unit is processing this traffic.

    D. The inspection of this session has been offloaded to the slave unit.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE7_EFW-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.