Fortinet NSE7_EFW-7.0 Exam Questions Simulate Actual NSE7_EFW-7.0 Exam

Category:

Comments:

0 Comments

Post Date:

April 30, 2023

NSE7_EFW-7.0 exam dumps questions are designed to simulate the actual exam. This means that you will get a feel for the types of questions you can expect to see on the exam, as well as the format and difficulty level. In addition, NSE 7 Network Security Architect NSE7_EFW-7.0 dumps are often accompanied by detailed explanations and answers. This means that if you get a question wrong, you can learn from your mistake and understand why the correct answer is the right one. Test free online NSE7_EFW-7.0 exam dumps below.

Page 1 of 5

1. Refer to the exhibit, which contains partial output from an IKE real-time debug.

Why did the tunnel not come up?

The local gateway has configured less secure encryption and hashing algorithms compared to the remote gateway.

The Diffie-Hellman group does not match on the local and remote gateways.

The proposal ID does not match between local and remote gateways.

The encapsulation method for phase 2 is set to none on local and remote gateways.

2. Which two statements about the Security Fabric are true? (Choose two.)

Only the root FortiGate collects network information and forwards it to FortiAnalyzer.

FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.

All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity.

Branch FortiGate devices must be configured first.

3. An administrator has created a VPN community within VPN Manager on FortiManager. They also added gateways to the VPN community and are now trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces are not listed as available options.

What step must the administrator take to resolve this issue?

Install the VPN community and gateway configuration to the FortiGate devices, in order for the interfaces to be displayed within Policy & Objects on FortiManager

Set up all of the phase 1 settings in the VPN community that they neglected to set up initially. The interfaces will be automatically generated after the administrator configures all of the required settings.

Refresh the device status from the Device Manager so that FortiGate will populate the IPsec interfaces.

Create interface mappings for the IPsec VPN interfaces, before they can be used in a policy.

4. Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

The npu_flag for this tunnel is 03.

Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.

Anti-replay is enabled.

The npu_flag for this tunnel is 02.

5. An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of the SYN/ACKs. When the SYN/ACK packets arrive to the FortiGate, the unit has already deleted the respective sessions.

Which TCP session timer must be increased to fix this problem?

TCP half open.

TCP half close.

TCP time wait.

TCP session time to live.

6. A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user Csamid administrator

“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab”

Based on the output, what FortiGate LDAP setting is configured incorrectly?

cnid.

username.

password.

dn.

7. An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem.

Which statement is correct regarding this command?

Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.

Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

Sends a link failed signal to all connected devices.

Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.

8. Refer to the exhibits.

Which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovered that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must administrator make to fix the issue? (Choose two.)

Use different pre-shared keys on both VPNs

Enable Mode Config on both VPNs.

Set up specific peer IDs on both VPNs.

Change to aggressive mode on both VPNs.

9. View the exhibit, which contains the output of a debug command, and then answer the question below.

Which one of the following statements about this FortiGate is correct?

It is currently in system conserve mode because of high CPU usage.

It is currently in extreme conserve mode because of high memory usage.

It is currently in proxy conserve mode because of high memory usage.

It is currently in memory conserve mode because of high memory usage.

10. View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

The local router's BGP state is Established with the 10.125.0.60 peer.

Since the counters were last reset; the 10.200.3.1 peer has never been down.

The local router has received a total of three BGP prefixes from all peers.

The local router has not established a TCP session with 100.64.3.1.

Page 2 of 5

11. View the exhibit, which contains a partial routing table, and then answer the question below.

Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)

Source IP address 10.1.0.24, Destination IP address 10.72.3.20.

Source IP address 10.72.3.27, Destination IP address 10.1.0.52.

Source IP address 10.72.3.52, Destination IP address 10.1.0.254.

Source IP address 10.73.9.10, Destination IP address 10.72.3.15.

12. Examine the following traffic log; then answer the question below.

date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx"

log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."

What does the log mean?

There is not enough available memory in the system to create a new entry in the NAT port table.

The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.

FortiGate does not have any available NAT port for a new connection.

The limit for the maximum number of entries in the NAT port table has been reached.

13. View the exhibit, which contains the output of a diagnose command, and the answer the question below.

Which statements are true regarding the Weight value?

Its initial value is calculated based on the round trip delay (RTT).

Its initial value is statically set to 10.

Its value is incremented with each packet lost.

It determines which FortiGuard server is used for license validation.

14. Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

SIP session helper runs in the kernel; SIP ALG runs as a user space process.

SIP ALG supports SIP HA failover; SIP helper does not.

SIP ALG supports SIP over IPv6; SIP helper does not.

SIP ALG can create expected sessions for media traffic; SIP helper does not.

SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UD

15. Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to test session failover between the two service provider connections.

What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Configure set snat-route-change enable.

Change the priority of the port2 static route to 5.

Change the priority of the port1 static route to 11.

unset snat-route-change to return it to the default setting.

16. Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

The remote gateway IP address is 10.0.0.1.

The initiator provided remote as its IPsec peer I

It shows a phase 1 negotiation.

The negotiation is using AES128 encryption with CBC hash.

17. Which two configuration commands change the default behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

set av-failopen off

set av-failopen pass

set fail-open enable

set ips fail-open disable

18. Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

OSPF interface network types match.

OSPF router IDs are unique.

OSPF interface priority settings are unique.

Authentication settings match.

OSPF link costs match.

19. View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate’s inspection of this session?

FortiGate applied proxy-based inspection.

FortiGate forwarded this session without any inspection.

FortiGate applied flow-based inspection.

FortiGate applied explicit proxy-based inspection.

20. An administrator has enabled HA session synchronization in a HA cluster with two members.

Which flag is added to a primary unit’s session to indicate that it has been synchronized to the secondary unit?

redir.

dirty.

synced

nds.

Page 3 of 5

21. Which two statements about an auxiliary session are true? (Choose two.)

With the auxiliary session setting disabled, only auxiliary sessions are offloaded.

With the auxiliary session setting enabled, two sessions are created in case of routing change.

With the auxiliary session setting enabled, ECMP traffic is accelerated to the NP6 processor.

With the auxiliary session setting disabled, for each traffic path, FortiGate uses the same auxiliary session.

22. Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

Installing configuration changes to managed devices

Importing interface mappings from managed devices

Adding devices to FortiManager

Previewing pending configuration changes for managed devices

23. Refer to the exhibit, which contains the output of a debug command.

If the default settings are in place, what can be concluded about the conserve mode shown in the exhibit?

FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings due to high memory use.

FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.

FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.

FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.

24. An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.

Which statement about this setting is true?

It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

It sends a link failed signal to all connected devices.

It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.

It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.

25. Examine the following partial outputs from two routing debug commands; then answer the question below.

# get router info kernel

tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.1.254 dev=2(port1)

tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

gwy=10.200.2.254 dev=3(port2)

tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254

gwy=0.0.0.0 dev=4(port3)

# get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2, [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is directly connected, port2

Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

port!

port2.

Both portl and port2.

port3.

26. Examine the output of the ‘get router info bgp summary’ command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.

The TCP session for the BGP connection to 10.200.3.1 is down.

The local peer has received the BGP prefixed from the remote peer.

The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.

27. How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?

FortiManager can download and maintain local copies of FortiGuard databases.

FortiManager supports only FortiGuard push to managed devices.

FortiManager will respond to update requests only if they originate from a managed device.

FortiManager does not support rating requests.

28. Which statement is true regarding File description (FD) conserve mode?

IPS inspection is affected when FortiGate enters FD conserve mode.

A FortiGate enters FD conserve mode when the amount of available description is less than 5%.

FD conserve mode affects all daemons running on the device.

Restarting the WAD process is required to leave FD conserve mode.

29. Which two statements about conserve mode are true? (Choose two.)

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

30. Refer to the exhibit, which contains a CLI script configuration on FortiManager.

An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed.

What are two reasons why the script did not make any changes to the managed device? (Choose two.)

Static routes can be added using only TCL scripts.

The commands that start with the # sign did not run.

CLI scripts must start with #!.

Incomplete commands can cause CLI scripts to fail.

Page 4 of 5

31. Refer to the exhibit, which shows a session entry.

Which statement about this session is true?

It is an ICMP session from 10.1.10.10 to 10.200.5. 1.

It is a TCP session in close_wait state, from 10. l. 10.10 to 10.200.1.1.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

It is a TCP session in the established state, from 10.1.10.10 to 10.200.5.1.

32. Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below.

Which IP addresses are included in the output of this command?

Those whose traffic matches a DoS policy.

Those whose traffic matches an IPS sensor.

Those whose traffic exceeded a threshold of a matching DoS policy.

Those whose traffic was detected as an anomaly by an IPS sensor.

33. Refer to the exhibit, which contains the partial output of a diagnose command.

Based on the output, which two statements are correct? (Choose two.)

Anti-replay is enabled.

DPD is disabled.

Remote gateway IP is 10.200.4.1.

Quick mode selectors are disabled.

34. Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)

Preview pending configuration changes for managed devices.

Add devices to FortiManager.

Import policy packages from managed devices.

Install configuration changes to managed devices.

Import interface mappings from managed devices.

35. A FortiGate is rebooting unexpectedly without any apparent reason.

What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

Firewall monitor.

Policy monitor.

Logs.

Crashlogs.

36. Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

There are two sessions that have not been removed in case of any out-of-order packets that arrive.

There are 166 TCP sessions waiting to complete the three-way handshake.

162 sessions have been deleted because of memory page exhaustion.

All the sessions in the session table are TCP sessions.

37. An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration.

The administrator has also enabled the IKE real time debug:

diagnose debug application ike-1

diagnose debug enable

In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

Phase1; IKE mode configuration; XAuth; phase 2.

Phase1; XAuth; IKE mode configuration; phase2.

Phase1; XAuth; phase 2; IKE mode configuration.

Phase1; IKE mode configuration; phase 2; XAuth.

38. Refer to the exhibit, which shows a session table entry.

Which statement about FortiGate behavior relating to this session is true?

FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.

FortiGate forwarded this session without any inspection.

FortiGate is performing security profile inspection using the CP

Most Voted

FortiGate applied only IPS inspection to this session.

39. Refer to the exhibit, which contains the output of a BGP debug command.

Which statement about the exhibit is true?

The local router has received a total of three BGP prefixes from all peers.

The local router has not established a TCP session with 100.64.3.1.

Since the counters were last reset, the 10.200.3.1 peer has never been down.

The local router BGP state is OpenConfirm with the 10.127.0.75 peer.

40. When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

FortiGate uses CN information from the Subject field in the server’s certificate.

FortiGate switches to the full SSL inspection method to decrypt the data.

FortiGate blocks the request without any further inspection.

FortiGate uses the requested URL from the user’s web browser.

Page 5 of 5

41. An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.

What can the administrator do to fix this problem?

Configure remote link monitoring to detect an issue in the forwarding path.

Configure set send-garp-on-failover enable under config system ha on both cluster members.

Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.

Configure set link-failed-signal enable under config system ha on both cluster members.

42. Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator change to fix the issue?

Increase webfilter-timeout.

Change protocol to TC

Enable fortiguard-anycast.

Disable webfilter-force-off.

43. Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?

FortiGate uses the CN information from the Subject field in the server certificate.

FortiGate uses the first entry listed in the SAN field in the server certificate.

FortiGate uses the SNI from the user's web browser.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

44. Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.

Why did the TCL script fail to make any changes to the managed device?

The TCL command run_cmd has not been created.

The TCL script must start with tinclude <>.

Incomplete commands are ignored in TCL scripts.

Changes to an interface configuration can be made only by a CLI script.

45. Refer to the exhibit, which contains the output of the diagnose vpn tunnel list.

Which command will capture ESP traffic for the VPN named DialUp_0?

diagnose sniffer packet any ‘esp and host 10.200.3.2’

diagnose sniffer packet any ‘ip proto 50’

diagnose sniffer packet any ‘host 10.0.10.10’

diagnose sniffer packet any ‘port 4500’

46. An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link.

What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

Router I

OSPF interface area.

OSPF interface cost.

OSPF interface MT

Interface subnet mask.

47. View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

The administrator does not have access to the remote gateway.

Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

Change phase 1 encryption to 3DES and authentication to SHA128.

Change phase 1 encryption to AES128 and authentication to SHA512.

Change phase 1 encryption to AESCBC and authentication to SHA2.

Change phase 1 encryption to AES256 and authentication to SHA256.

48. Which statement about protocol options is true?

Protocol options allows administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

Protocol options allows administrators the ability to configure the Any setting for all enabled protocols which provides the most efficient use of system resources.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

Protocol options allows administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

49. Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

IPS failopen

mem failopen

AV failopen

UTM failopen

TAGS:

NSE7_EFW-7.0, NSE7_EFW-7.0 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Posts

Fortinet Free Dumps

Get NSE7_EFW-7.0 Dumps Full Version

Q&As: 163
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Fortinet NSE7_EFW-7.0 Exam Questions Simulate Actual NSE7_EFW-7.0 Exam

Related

Posts

2024 Fortinet FCP_FCT_AD-7.2 Exam Dumps Questions

Online FCP_WCS_AD-7.4 Dumps Help You Understand Questions Well

FCSS_ADA_AR-6.7 Dumps Guarantee You Pass FCSS_ADA_AR-6.7 Exam Easily

Study Online FCSS_SASE_AD-23 Exam Dumps to Pass

About Us

EMAIL

Services

Opening Hours