Fortinet nse7-efw-7-2 practice test

You created a VPN community using VPN Manager on FortiManager. You also added gateways to the VPN community. Now you are trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces do not appear as available options.
What step must you take to resolve this issue?

• A. Refresh the device status using the Device Manager so that FortiGate populates the IPSec interfaces.
• B. Install the VPN community and gateway configuration on the FortiGate devices so that the VPN interfaces appear on the Policy Objects on FortiManager.
• C. Configure the phase 1 settings in the VPN community that you didnt initially configure. FortiGate automatically generates the interfaces after you configure the required settings.
• D. Create interface mappings for the IPsec VPN interfaces before you use them in a policy.

Which two statements about IKE version 2 fragmentation are true? (Choose two.)

• A. Only some IKE version 2 packets are considered fragmentable
• B. The reassembly timeout default value is 30 seconds
• C. It is performed at the IP layer
• D. The maximum number of IKE version 2 fragments is 128

Refer to the exhibit, which contains a partial policy configuration.

Which setting must you configure to allow SSH?

• A. Specify SSH in the Service field.
• B. Select an application control profile corresponding to SSH in the Security Profiles section.
• C. Include SSH in the Application field.
• D. Configure port 22 in the Protocol Options field.

Which two statements about ADVPN are true? (Choose two.)

• A. The hub adds routes based on IKE negotiations.
• B. You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.
• C. All FortiGate devices must be in the same autonomous system (AS).
• D. You must disable add-route in the hub.

Which two statements about the BFD parameter in BGP are true? (Choose two.)

• A. It detects only two-way failures.
• B. The two routers must be connected to the same subnet.
• C. It allows failure detection in less than one second.
• D. It is supported for neighbors over multiple hops.

Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

• A. OSPF interface network types match.
• B. OSPF interface priority settings are unique.
• C. OSPF router IDs are unique.
• D. OSPF link costs match.
• E. Authentication settings match.

Which FortiGate in a Security Fabric sends logs to FortiAnalyzer?

• A. Only the root FortiGate.
• B. Each FortiGate in the Security Fabric.
• C. The FortiGate devices performing network address translation (NAT) or unified threat management (UTM), if configured.
• D. Only the last FortiGate that handled a session in the Security Fabric.

Refer to the exhibit, which shows a partial routing table.



What two conclusions can you draw from the corresponding FortiGate configuration? (Choose two.)

• A. OSPF is configured to run over IPSec.
• B. net-device is enabled in the tunnel IPSec phase 1 configuration.
• C. IPSec tunnel aggregation is configured.
• D. add-route is disabled in the tunnel IPSec phase 1 configuration.

Refer to the exhibit, which shows an error in system fortiguard configuration.

What is the reason you cannot set the protocol to udp in config system fortiguard?

• A. udp is not a protocol option.
• B. fortiguard-anycast is set to enable.
• C. You do not have the corresponding write access.
• D. FortiManager provides FortiGuard.

Refer to the exhibit, which contains a partial OSPF configuration.

What can you conclude from this output?

• A. Neighbors maintain communication with the restarting router.
• B. The restarting router sends gratuitous ARP for 30 seconds.
• C. FortiGate restarts if the topology changes.
• D. The router sends grace LSAs before it restarts.