Fortinet NSE7_EFW-7.2 Online Practice Questions and Exam Preparation

Fortinet NSE7_EFW-7.2 Online Questions & Answers

• Question 41:

  Refer to the exhibit, which shows two configured FortiGate devices and peering over FGSP.

  

  The main link directly connects the two FortiGate devices and is configured using the set session-syn-dev command.

  What is the primary reason to configure the main link?

  A. To have both sessions and configuration synchronization in layer 2
  B. To load balance both sessions and configuration synchronization between layer 2 and 3
  C. To have only configuration synchronization in layer 3
  D. To have both sessions and configuration synchronization in layer 3
  D. To have both sessions and configuration synchronization in layer 3

  ---

  The primary purpose of configuring a main link between the devices is to synchronize session information so that if one unit fails, the other can continue processing traffic without dropping active sessions. A. To have both sessions and configuration synchronization in layer 2. This is incorrect because FGSP is used for session synchronization, not configuration synchronization. B. To load balance both sessions and configuration synchronization between layer 2 and 3. FGSP does not perform load balancing and is not used for configuration synchronization. C. To have only configuration synchronization in layer 3. The main link is not used solely for configuration synchronization. D. To have both sessions and configuration synchronization in layer 3. The main link in an FGSP setup is indeed used to synchronize session information across the devices, and it operates at layer 3 since it uses IP addresses to establish the peering.

• Question 42:

  Which statement is true regarding the Bidirectional Forwarding Detection protocol in BGP?

  A. BFD is only supported when two FortiGate devices are directly connected on the same network
  B. BFD is using BGP keepalive messages to check the status of BGP peer
  C. BFD is used to detect one way device failure
  D. BFD is enabled under config router bfd configuration
  C. BFD is used to detect one way device failure

• Question 43:

  You are testing the implementation of a new custom remote desktop application in your network In which two ways can you eliminate false positives in IPS during this testing phase? (Choose two)

  A. Create an IP address exception
  B. Adjust the rate-based signature threshold and its duration.
  C. Enable the preserve source pore option in the firewall policy
  D. Permanently bypass the affected endpoints
  B. Adjust the rate-based signature threshold and its duration.
  D. Permanently bypass the affected endpoints

• Question 44:

  Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

  A. OSPF interface network types match
  B. OSPF router IDs are unique
  C. OSPF interface priority settings are unique
  D. OSPF link costs match
  E. Authentication settings match
  A. OSPF interface network types match
  B. OSPF router IDs are unique
  E. Authentication settings match

  ---

  Option A is correct because the OSPF interface network types determine how the routers form adjacencies and exchange LSAs on a network segment. The network types must match for the routers to become neighbors. Option B is correct because the OSPF router IDs are used to identify each router in the OSPF domain and to establish adjacencies. The router IDs must be unique for the routers to become neighbors. Option E is correct because the authentication settings control how the routers authenticate each other before exchanging OSPF packets. The authentication settings must match for the routers to become neighbors. Option C is incorrect because the OSPF interface priority settings are used to elect the designated router (DR) and the backup designated router (BDR) on a broadcast or non-broadcast multi-access network. The priority settings do not have to be unique for the routers to become neighbors, but they affect the DR/BDR election process. Option D is incorrect because the OSPF link costs are used to calculate the shortest path to a destination network based on the bandwidth of the links. The link costs do not have to match for the routers to become neighbors, but they affect the routing decisions. References: 1: OSPF network types 2: OSPF router ID 3: OSPF authentication 4: OSPF interface priority 5: OSPF link cost

• Question 45:

  Refer to the exhibit, which shows a network diagram.

  

  Which IPsec phase 2 configuration should you impalement so that only one remote site is connected at any time?

  A. Set route-overlap to allow.
  B. Set single-source to enable
  C. Set route-overlap to either use--new or use-old
  D. Set net-device to enable
  C. Set route-overlap to either use--new or use-old

  ---

  To ensure that only one remote site is connected at any given time in an IPsec VPN scenario, you should use route-overlap with the option to either use-new or use-old. This setting dictates which routes are preferred and how overlaps in routes are handled, allowing for one connection to take precedence over the other (C). References: FortiOS Handbook - IPsec VPN

• Question 46:

  Exhibit.

  

  Refer to the exhibit, which shows a partial web filter profile conjuration

  What can you cone udo from this configuration about access to www.facebook, com, which is categorized as Social Networking?

  A. The access is blocked based on the Content Filter configuration
  B. The access is allowed based on the FortiGuard Category Based Filter configuration
  C. The access is blocked based on the URL Filter configuration
  D. The access is hocked if the local or the public FortiGuard server does not reply
  C. The access is blocked based on the URL Filter configuration

  ---

  Explanation Explanation/Reference:The access to www.facebook.com is blocked based on the URL Filter configuration. In the exhibit, it shows that the URL "www.facebook.com" is specifically set to "Block" under the URL Filter section.

• Question 47:

  Refer to the exhibit, which contains a TCL script configuration on FortiManager.

  

  An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run. Why did the TCL script fail to make any changes to the managed device?

  A. The TCL procedure run_cmd has not been created.
  B. The TCL script must start with #include.
  C. There is no corresponding #! to signify the end of the script.
  D. The TCL procedure lacks the required loop statements to iterate through the changes.
  A. The TCL procedure run_cmd has not been created.

• Question 48:

  Refer to the exhibit, which contains a partial configuration of the global system.

  

  What can you conclude from the output?

  A. set strict-d^rty-session-check enable command instructs the FortiGate to offload all dirty session traffic to its SPU
  B. set check-protocol-header loose command enables hardware acceleration on this FortiGate device.
  C. set av-failopen pass command instructs the FortiGate to offload all traffic that uses the antivirus proxy to NP.
  D. set memory-use-threshoId-extreme command instructs the FortiGate to disable hardware acceleration if the memory extreme threshold reaches 95%
  B. set check-protocol-header loose command enables hardware acceleration on this FortiGate device.

• Question 49:

  An administrator is configuring two FortiGate devices in an HA cluster. While configuring the devices, the administrator issues the following commands on both HA cluster members:

  

  In which two ways do these commands impact the HA cluster? (Choose two.)

  A. They force the former primary to send gratuitous ARP packets when the failover happens to indicate that the virtual MAC address is now using a different device.
  B. They force the former primary to shut down all ts interfaces for one second when failover happens, excluding the heartbeat and reserved management interfaces.
  C. They force both HA devices for remote link monitoring to detect an issue in the forwarding path.
  D. They force the switches to update their MAC forwarding tables, when failover happens.
  A. They force the former primary to send gratuitous ARP packets when the failover happens to indicate that the virtual MAC address is now using a different device.
  B. They force the former primary to shut down all ts interfaces for one second when failover happens, excluding the heartbeat and reserved management interfaces.

• Question 50:

  Exhibit.

  

  Refer to the exhibit, which shows information about an OSPF interlace

  What two conclusions can you draw from this command output? (Choose two.)

  A. The port3 network has more man one OSPF router
  B. The OSPF routers are in the area ID of 0.0.0.1.
  C. The interfaces of the OSPF routers match the MTU value that is configured as 1500.
  D. NGFW-1 is the designated router
  A. The port3 network has more man one OSPF router
  C. The interfaces of the OSPF routers match the MTU value that is configured as 1500.

  ---

  Explanation Explanation/Reference:From the OSPF interface command output, we can conclude that the port3 network has more than one OSPF router because the Neighbor Count is 2, indicating the presence of another OSPF router besides NGFW-1. Additionally, we can deduce that the interfaces of the OSPF routers match the MTU value configured as 1500, which is necessary for OSPF neighbors to form adjacencies. The MTU mismatch would prevent OSPF from forming a neighbor relationship. References: Fortinet FortiOS Handbook: OSPF Configuration