Fortinet nse7-efw-7-0 practice test
NSE 7 - Enterprise Firewall 7.0
Last exam update: Jul 20 ,2024
Question 1
What does the dirty flag mean in a FortiGate session configured for NGFW policy mode?
- A. The existing session table entry has been updated with the app_id and the firewall policy table needs to be checked for a match.
- B. The application or URL category is unknown and needs to be rescanned by the IPS engine to try to identify the Layer 7 details.
- C. The URL category for this session has been updated by FortiGuard and the session needs to be checked against the policy again to ensure proper web filtering is applied.
- D. Traffic has been identified as coming from an application that is not allowed and the relevant replacement message needs to be displayed to the user, if configured.
Answer:
c
Question 2
Refer to the exhibit, which contains the output of a debug command.
If the default settings are in place, what can be concluded about the conserve mode shown in the exhibit?
- A. FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings due to high memory use.
- B. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.
- C. FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.
- D. FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.
Answer:
b
Question 3
Refer to the exhibit, which shows partial outputs from two routing debug commands.
Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?
- A. Set the priority of the static default route using port1 to 10.
- B. Set the priority of the static default route using port2 to 1.
- C. Set preserve-session-route to enable.
- D. Set snat-route-change to enable.
Answer:
b
Question 4
Refer to the exhibit, which shows the output of a debug command.
Which two statements about the output are true? (Choose two.)
- A. In the network connected to port 4, two OSPF routers are down.
- B. Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.
- C. Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.
- D. There are a total of 5 OSPF routers attached to the Port4 network segment.
Answer:
ab
Question 5
Refer to the exhibit, which shows the output of a BGP debug command.
What can be concluded about the router in this scenario?
- A. The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the BGP session with the local router.
- B. The State/PfxRcd for neighbor 100.64.3.1 will not change until an administrator on the local router adjusts the inbound route filtering so that prefixes received can be added to the RIB.
- C. All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.
- D. The BGP session with peer 10.127.0.75 is up.
Answer:
d
Question 6
Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.
If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?
- A. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
- B. The session would remain in the session table, and its traffic would egress from port2.
- C. The session would be deleted, and the client would need to start a new session.
- D. The session would remain in the session table, and its traffic would egress from port1.
Answer:
b
Question 7
Refer to the exhibit, which contains a CLI script configuration on FortiManager.
An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed.
What are two reasons why the script did not make any changes to the managed device? (Choose two.)
- A. Static routes can be added using only TCL scripts.
- B. The commands that start with the # sign did not run.
- C. CLI scripts must start with #!.
- D. Incomplete commands can cause CLI scripts to fail.
Answer:
bd
Question 8
Refer to the exhibit, which shows the output of a diagnose command
What can you conclude from the RTT value?
- A. Its value represents the time it takes to receive a response after a rating request is sent to a particular server.
- B. Its value is incremented with each packet lost.
- C. It determines which FortiGuard server is used for license validation.
- D. Its initial value is statically set to 10.
Answer:
a
Question 9
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator do to fix the issue?
- A. Increase webfilter-timeout.
- B. Change protocol to TCP.
- C. Enable fortiguard-anycast.
- D. Disable webfilter-force-off.
Answer:
d
Question 10
Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)
- A. Importing firewall address objects from managed devices
- B. Importing interface mappings from managed devices
- C. Importing static and dynamic route configurations from managed devices
- D. Importing devices to FortiManager
Answer:
ac