Pre-Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

NSE7_EFW-7.0 Fortinet NSE 7 - Enterprise Firewall 7.0 Questions and Answers

Questions 4

Refer to the exhibit, which shows a partial web filter profile configuration.

NSE7_EFW-7.0 Question 4

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

Options:

A.

FortiGate will block the connection, based on the FortiGuard category based filter configuration.

B.

FortiGate will block the connection as an invalid URL.

C.

FortiGate will exempt the connection, based on the Web Content Filter configuration.

D.

FortiGate will allow the connection, based on the URL Filter configuration.

Buy Now
Questions 5

View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

NSE7_EFW-7.0 Question 5

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

Options:

A.

This session is for HA heartbeat traffic.

B.

This session is synced with the slave unit.

C.

The inspection of this session has been offloaded to the slave unit.

D.

This session cannot be synced with the slave unit.

Buy Now
Questions 6

Refer to the exhibit, which shows the output of a diagnose command.

NSE7_EFW-7.0 Question 6

What can be concluded about the debug output in this scenario?

Options:

A.

Servers with a negative TZ value are less preferred for rating requests.

B.

There is a natural correlation between the value in the Packets field and the value in the Weight field.

C.

FortiGate used 64.26.151.37 as the initial server to validate its contract.

D.

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.

Buy Now
Questions 7

View these partial outputs from two routing debug commands:

NSE7_EFW-7.0 Question 7

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

Options:

A.

Both port1 and port2

B.

port3

C.

port1

D.

port2

Buy Now
Questions 8

Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?

Options:

A.

Set protected network to all

B.

Enable AD-VPN in IPsec phase 1

C.

Configure IP addresses on IPsec virtual interfaces

D.

Disable add-route on hub

Buy Now
Questions 9

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

Options:

A.

SIP session helper runs in the kernel; SIP ALG runs as a user space process.

B.

SIP ALG supports SIP HA failover; SIP helper does not.

C.

SIP ALG supports SIP over IPv6; SIP helper does not.

D.

SIP ALG can create expected sessions for media traffic; SIP helper does not.

E.

SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Buy Now
Questions 10

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:

diagnose debug application ike-1

diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

Options:

A.

Phase1; IKE mode configuration; XAuth; phase 2.

B.

Phase1; XAuth; IKE mode configuration; phase2.

C.

Phase1; XAuth; phase 2; IKE mode configuration.

D.

Phase1; IKE mode configuration; phase 2; XAuth.

Buy Now
Questions 11

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement is correct regarding this command?

Options:

A.

Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

B.

Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

C.

Sends a link failed signal to all connected devices.

D.

Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

Buy Now
Questions 12

In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)

Options:

A.

It provides VM license validation services.

B.

It supports rating requests from non-FortiGate devices.

C.

It caches available firmware updates for unmanaged devices.

D.

It can be configured as an update server, a rating server, or both.

Buy Now
Questions 13

Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)

Options:

A.

Importing firewall address objects from managed devices

B.

Importing interface mappings from managed devices

C.

Importing static and dynamic route configurations from managed devices

D.

Importing devices to FortiManager

Buy Now
Questions 14

Refer to the exhibit, which shows a FortiGate configuration.

NSE7_EFW-7.0 Question 14

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator change to fix the issue?

Options:

A.

Increase webfilter-timeout.

B.

Change protocol to TCP.

C.

Enable fortiguard-anycast.

D.

Disable webfilter-force-off.

Buy Now
Questions 15

Examine the output of the ‘get router info ospf neighbor’ command shown in the exhibit; then answer the question below.

NSE7_EFW-7.0 Question 15

Which statements are true regarding the output in the exhibit? (Choose two.)

Refer to the exhibit, which shows the output of a debug command.

Which statement about the output is true?

Options:

A.

TheOSPF routers with the IDs 0.0.0.69 and 0.0.0.117 are both designated routers for the war. l network.

B.

The OSPF router with the ID 0.0.0.2 is the designated router for the ToRemote network.

C.

The local FortiGate is the designated router for the wan1 network.

D.

The interface ToRemote is a point-to-point OSPF network.

Buy Now
Questions 16

Refer to the exhibit, which shows the output of a BGP debug command.

NSE7_EFW-7.0 Question 16

What can be concluded about the router in this scenario?

Options:

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.

B.

The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Buy Now
Questions 17

Refer to the exhibit, which contains the output of a BGP debug command.

NSE7_EFW-7.0 Question 17

Which statement about the exhibit is true?

Options:

A.

The local router has received a total of three BGP prefixes from all peers.

B.

The local router has not established a TCP session with 100.64.3.1.

C.

Since the counters were last reset, the 10.200.3.1 peer has never been down.

D.

The local router BGP state is OpenConfirm with the 10.127.0.75 peer.

Buy Now
Questions 18

View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

NSE7_EFW-7.0 Question 18

Which of the following statements about the exhibit are true? (Choose two.)

Options:

A.

For the peer 10.125.0.60, the BGP state of is Established.

B.

The local BGP peer has received a total of three BGP prefixes.

C.

Since the BGP counters were last reset, the BGP peer 10.200.3.1 has never been down.

D.

The local BGP peer has not established a TCP session to the BGP peer 10.200.3.1.

Buy Now
Questions 19

Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

Options:

A.

Diagnose debug application radius -1.

B.

Diagnose debug application fnbamd -1.

C.

Diagnose authd console –log enable.

D.

Diagnose radius console –log enable.

Buy Now
Questions 20

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

Options:

A.

Group ID.

B.

Group name.

C.

Session pickup.

D.

Gratuitous ARPs.

Buy Now
Questions 21

View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

NSE7_EFW-7.0 Question 21

Which one of the following statements explains why the cache statistics are all zeros?

Options:

A.

The administrator has reallocated the cache memory to a separate process.

B.

There are no users making web requests.

C.

The FortiGuard web filter cache is disabled in the FortiGate’s configuration.

D.

FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

Buy Now
Questions 22

Refer to the exhibit, which shows a session table entry.

NSE7_EFW-7.0 Question 22

Which statement about FortiGate behavior relating to this session is true?

Options:

A.

FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.

B.

FortiGate forwarded this session without any inspection.

C.

FortiGate is performing security profile inspection using the CPU. Most Voted

D.

FortiGate applied only IPS inspection to this session.

Buy Now
Questions 23

Refer to the exhibit, which shows a session entry. Which statement about this session is true?

NSE7_EFW-7.0 Question 23

Options:

A.

It is an ICMP session from 10.1.10.10 to 10.200.5. 1.

B.

It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

Buy Now
Questions 24

View the exhibit, which contains a partial routing table, and then answer the question below.

NSE7_EFW-7.0 Question 24

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

Options:

A.

Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

B.

Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

C.

Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

D.

Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

Buy Now
Exam Code: NSE7_EFW-7.0
Exam Name: Fortinet NSE 7 - Enterprise Firewall 7.0
Last Update: Sep 27, 2024
Questions: 163

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now NSE7_EFW-7.0 testing engine

PDF (Q&A)

$35  $99.99
buy now NSE7_EFW-7.0 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 03 Oct 2024