Fortinet nse7-efw-7-2 practice test

Which two statements about ADVPN are true? (Choose two.)

• A. auto-discovery-receiver must be set to enable on the spokes.
• B. Spoke-to-spoke traffic never goes through the hub.
• C. It supports NAT for on-demand tunnels.
• D. Routing is configured by enabling add-advpn-route.

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?

• A. Configure set link-failed-signal enable under config system ha on both cluster members
• B. Configure set send-garp-on-failover enable under config system ha on both cluster members.
• C. Configure remote link monitoring to detect an issue in the forwarding path.
• D. Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.

Which statement about network processor (NP) offloading is true?

• A. The NP checks the session key or IPSec SA.
• B. The NP provides IPS signature matching.
• C. You can disable the NP for each firewall policy using the command np-acceleration set to loose.
• D. For TCP traffic, FortiGate CPU offloads the first packets of SYN/ACK and ACK of the three-way handshake to NP.

Refer to the exhibit, which shows a partial routing table.



What two conclusions can you draw from the corresponding FortiGate configuration? (Choose two.)

• A. OSPF is configured to run over IPSec.
• B. net-device is enabled in the tunnel IPSec phase 1 configuration.
• C. IPSec tunnel aggregation is configured.
• D. add-route is disabled in the tunnel IPSec phase 1 configuration.

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

• A. route-reflector-peer enable
• B. route-reflector-server enable
• C. route-reflector-client enable
• D. route-reflector enable

Which two statements about bfd are true? (Choose two.)

• A. You must configure it globally only.
• B. You can disable it at the protocol level.
• C. It can support neighbors only over the next hop in BGP.
• D. It works for OSPF and BGP.

Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

• A. OSPF interface network types match.
• B. OSPF interface priority settings are unique.
• C. OSPF router IDs are unique.
• D. OSPF link costs match.
• E. Authentication settings match.

Refer to the exhibit, which contains the partial interface configuration of two FortiGate devices.



Which two conclusions can you draw from this configuration? (Choose two.)

• A. The VRRP domain uses the physical MAC address of the primary FortiGate.
• B. On failover, new primary device uses the same MAC address as the old primary.
• C. 10.1.5.254 is the default gateway of the internal network.
• D. By default, FortiGate-B is the primary virtual router.

Refer to the exhibit, which shows a partial web filter profile configuration.



What can you conclude from this configuration about access to www.facebook.com, which is categorized as Social Networking?

• A. The access is blocked, based on the URL Filter configuration.
• B. The access is blocked, based on the Content Filter configuration.
• C. The access is allowed, based on the FortiGuard Category Based Filter configuration.
• D. The access is blocked if the local or the public FortiGuard server does not reply.

Refer to the exhibit, which shows a custom signature.

Which two modifications must you apply to the configuration of this custom signature so that you can save it on FortiGate? (Choose two.)

• A. Ensure that the header syntax is F-SBID.
• B. Add severity.
• C. Add attack_id.
• D. Start options with --.