1. Home
  2. Fortinet
  3. NSE7_EFW-7.0

Fortinet NSE 7 - Enterprise Firewall 7.0

Exam Details

  • Exam Code
    :NSE7_EFW-7.0
  • Exam Name
    :Fortinet NSE 7 - Enterprise Firewall 7.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Jun 11, 2025

Fortinet Fortinet Certifications NSE7_EFW-7.0 Questions & Answers

  • Question 81:

    Examine the output of the `diagnose sys session list expectation' command shown in the exhibit; than answer the question below.

    Which statement is true regarding the session in the exhibit?

    A. It was created by the FortiGate kernel to allow push updates from FotiGuard.

    B. It is for management traffic terminating at the FortiGate.

    C. It is for traffic originated from the FortiGate.

    D. It was created by a session helper or ALG.

  • Question 82:

    Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?

    A. Set protected network to all

    B. Enable AD-VPN in IPsec phase 1

    C. Configure IP addresses on IPsec virtual interfaces

    D. Disable add-route on hub

  • Question 83:

    A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

    A. Firewall monitor.

    B. Policy monitor.

    C. Logs.

    D. Crashlogs.

  • Question 84:

    Refer to the exhibit, which contains the partial output of a diagnose command.

    Based on the output, which two statements are correct? (Choose two.)

    A. Anti-replay is enabled

    B. The remote gateway IP is 10.200.4.1.

    C. DPD is disabled.

    D. Quick mode selectors are disabled.

  • Question 85:

    Refer to the exhibit, which shows a FortiGate configuration.

    An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy. What must the administrator change to fix the issue?

    A. Increase webfilter-timeout.

    B. Change protocol to TCP.

    C. Enable fortiguard-anycast.

    D. Disable webfilter-force-off.

  • Question 86:

    A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the Windows AD network. The output of the `diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

    A. The user student must not be listed in the CA's ignore user list.

    B. The user student must belong to one or more of the monitored user groups.

    C. The student workstation's IP subnet must be listed in the CA's trusted list.

    D. At least one of the student's user groups must be allowed by a FortiGate firewall policy.

  • Question 87:

    Refer to the exhibit, which shows the output of a BGP debug command.

    What can be concluded about the router in this scenario?

    A. The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.

    B. The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.

    C. All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

    D. The BGP session with peer 10.127.0.75 is up.

  • Question 88:

    View the exhibit, which contains a session entry, and then answer the question below.

    Which statement is correct regarding this session?

    A. It is an ICMP session from 10.1.10.10 to 10.200.1.1.

    B. It is an ICMP session from 10.1.10.10 to 10.200.5.1.

    C. It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.

    D. It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

  • Question 89:

    View the exhibit, which contains a partial routing table, and then answer the question below.

    Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

    A. Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

    B. Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

    C. Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

    D. Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

  • Question 90:

    Examine the partial output from two web filter debug commands; then answer the question below:

    Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

    A. Finance and banking

    B. General organization.

    C. Business.

    D. Information technology.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE7_EFW-7.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.