Fortinet nse7-efw-7-2 practice test
fortinet nse 7 - enterprise firewall 7.2
Question 1
Refer to the exhibit, which contains the partial ADVPN configuration of a spoke.
Which two parameters must you configure on the corresponding single hub? (Choose two.)
- A. set auto-discovery-receiver enable
- B. set auto-discovery-sender enable
- C. set ike-version 2
- D. set auto-discovery-forwarder enable
Answer:
bc
Question 2
Refer to the exhibit which shows two configured FortiGate devices and peering over
FGSP.
The main link directly connects the two FortiGate devices and is configured using the set session-syn-dev <interface> command.
What is the primary reason to configure the main link?
- A. To have only configuration synchronization in layer 3
- B. To load balance both sessions and configuration synchronization between layer 2 and 3
- C. To have both sessions and configuration synchronization in layer 3
- D. To have both sessions and configuration synchronization in layer 2
Answer:
d
Question 3
Refer to the exhibit, which shows a central management configuration.
Which server will FortiGate choose for web filter rating requests, if 10.0.1.240 is experiencing an outage?
- A. 10.0.1.244
- B. 10.0.1.242
- C. Public FortiGuard servers
- D. 10.0.1.243
Answer:
a
Question 4
Refer to the exhibit, which shows an error in system fortiguard configuration.
What is the reason you cannot set the protocol to udp in config system fortiguard?
- A. udp is not a protocol option.
- B. fortiguard-anycast is set to enable.
- C. You do not have the corresponding write access.
- D. FortiManager provides FortiGuard.
Answer:
b -
Question 5
Which two statements about the neighbor-group command are true? (Choose two.)
- A. It applies common settings in an OSPF area
- B. You can apply it in Internal BGP (IBGP) and External BGP (EBGP)
- C. You can configure it on the GUI
- D. It is combined with the neighbor-range parameter
Answer:
bd
Question 6
After enabling IPS, you receive feedback about traffic being dropped.
What could be the reason?
- A. IPS is configured to monitor.
- B. np-accel-node is set to enable.
- C. fail-open is set to disable.
- D. traffic-submit is set to disable.
Answer:
c
Question 7
Refer to the exhibit which shows config system central-management information.
Which setting must you configure for the web filtering feature to function?
- A. Set update-server-location to automatic
- B. Add server.fortiguard.net to the Server list
- C. Configure securewf.fortiguard.net on the default servers
- D. Configure server-type with the rating option
Answer:
b
Question 8
Refer to the exhibit, which provides information on BGP neighbors.
What can you conclude from this command output?
- A. You must change the AS number to match the remote peer.
- B. BGP is attempting to establish a TCP connection with the BGP peer.
- C. The bfd configuration is set to enable.
- D. The routers are in the same area ID of 0.0.0.0.
Answer:
b
Question 9
Refer to the exhibits, which contain the network topology and BGP configuration for a hub.
Exhibit A.
Exhibit B.
An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other.
What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke?
- A. Configure the hub as a route reflector
- B. Configure auto-discovery-sender on the hub
- C. Add a prefix list to the hub that permits routes to be shared between the spokes
- D. Enable route redistribution under config router bgp
Answer:
b
Question 10
You want to have faster detection for OSPF.
Which parameter should you enable on both connected FortiGate devices?
- A. distribute-list-in
- B. rfc1583-compatible
- C. restart-on-topology-change
- D. bfd
Answer:
d