1. Home
  2. Fortinet
  3. NSE7_EFW-7.0

Fortinet NSE7_EFW-7.0 Online Practice Questions and Exam Preparation

NSE7_EFW-7.0 Exam Details

  • Exam Code
    :NSE7_EFW-7.0
  • Exam Name
    :Fortinet NSE 7 - Enterprise Firewall 7.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 25, 2026

Fortinet NSE7_EFW-7.0 Online Questions & Answers

  • Question 141:

    Refer to the exhibit, which shows a central management configuration.

    Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage?

    A. Public FortiGuard servers
    B. 10.0.1.243
    C. 10.0.1.242
    D. 10.0.1.244

  • Question 142:

    View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

    If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

    A. This session is for HA heartbeat traffic.
    B. This session is synced with the slave unit.
    C. The inspection of this session has been offloaded to the slave unit.
    D. This session cannot be synced with the slave unit.

  • Question 143:

    View the exhibit, which contains the output of a diagnose command, and then answer the question below.

    What statements are correct regarding the output? (Choose two.)

    A. This is an expected session created by a session helper.
    B. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.0.1.10.
    C. Traffic in the original direction (coming from the IP address 10.171.122.38) will be routed to the next-hop IP address 10.200.1.1.
    D. This is an expected session created by an application control profile.

  • Question 144:

    View the IPS exit log, and then answer the question below.

    # diagnose test application ipsmonitor 3

    ipsengine exit log"

    pid = 93 (cfg), duration = 5605322 (s) at Wed Apr 19 09:57:26 2017

    code = 11, reason: manual

    What is the status of IPS on this FortiGate?

    A. IPS engine memory consumption has exceeded the model-specific predefined value.
    B. IPS daemon experienced a crash.
    C. There are communication problems between the IPS engine and the management database.
    D. All IPS-related features have been disabled in FortiGate's configuration.

  • Question 145:

    Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

    A. Group ID.
    B. Group name.
    C. Session pickup.
    D. Gratuitous ARPs.

  • Question 146:

    Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

    A. Only the DR receives link state information from non-DR routers.
    B. Non-DR and non-BDR routers form full adjacencies to DR only.
    C. Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.
    D. FortiGate first checks the OSPF ID to elect a DR.

  • Question 147:

    Examine the partial output from two web filter debug commands; then answer the question below:

    Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

    A. Finance and banking
    B. General organization.
    C. Business.
    D. Information technology.

  • Question 148:

    A FortiGate's portl is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

    A. Both session have the local flag on.
    B. The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.
    C. One session has the proxy flag on, the other one does not.
    D. One of the sessions has the IP address of port2 as the source IP address.

  • Question 149:

    What are two functions of automation stitches? (Choose two.)

    A. Automation stitches can be configured on any FortiGate device in a Security Fabric environment.
    B. An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
    C. Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
    D. An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

  • Question 150:

    Refer to the exhibit, which contains partial output from an IKE real-time debug.

    Why did the tunnel not come up?

    A. The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway.
    B. The Diffie-Hellman group does not match on the local and remote gateways.
    C. The proposal ID does not match between local and remote gateways.
    D. The encapsulation method for phase 2 is set to none on local and remote gateways.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE7_EFW-7.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.