Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

NSE7_EFW-7.0 Exam Dumps - Fortinet NSE 7 Network Security Architect Questions and Answers

Question # 14

An administrator has been assigned the task of creating a set of firewall policies which must be evaluated before any custom policies defined within the policy packages of managed FortiGate devices, across all 25 ADOMSs in FortiManager.

How should the administrator accomplish this task?

Options:

A.

Create a footer policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this footer policy to all other ADOMs.

B.

Create a header policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this header policy to all other ADOMs.

C.

Move the FortiGate devices into a single globally scoped ADOM, and merge policy packages, inserting the new firewall policies at the top.

D.

Use a CLI script from the root ADOM on FortiManager to push these new policies to all FortiGate devices, through the FGFM tunnel.

Buy Now
Question # 15

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Based on the debug output, which phase 1 setting is enabled in the configuration of this VPN?

Options:

A.

auto-discovery-shortcut

B.

auto-discovery-forwarder

C.

auto-discovery-sender

D.

auto-discovery-receiver

Buy Now
Question # 16

Examine the partial output from two web filter debug commands; then answer the question below:

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

Options:

A.

Finance and banking

B.

General organization.

C.

Business.

D.

Information technology.

Buy Now
Question # 17

An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.

If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

Options:

A.

diagnose sniffer packet any ‘ah’

B.

diagnose sniffer packet any ‘ip proto 50’

C.

diagnose sniffer packet any ‘udp port 4500’

D.

diagnose sniffer packet any ‘udp port 500’

Buy Now
Question # 18

Refer to exhibit, which contains the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

Options:

A.

The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.

B.

The TCP session to 10.200.3.1 has not completed the three-way handshake.

C.

The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.

D.

The local router has received the BGP prefixes from the remote peer.

Buy Now
Question # 19

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set the priority of the static default route using port1 to 10. Most Voted

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set snat-route-change to enable.

Buy Now
Question # 20

Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?

Options:

A.

FortiGate uses the CN information from the Subject field in the server certificate.

B.

FortiGate uses the first entry listed in the SAN field in the server certificate.

C.

FortiGate uses the SNI from the user's web browser.

D.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

Buy Now
Question # 21

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

Options:

A.

In the network connected to port 4, two OSPF routers are down.

B.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.

C.

Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.

D.

There are a total of 5 OSPF routers attached to the Port4 network segment.

Buy Now
Question # 22

You have configured FortiManager as a local FDS to provide FortiGate AV and IPS updates, but FortiGate devices are not receiving updates to their AV signature databases, IPS engines, or IPS signature databases.

Which two settings need to be verified for these features to function? (Choose two.)

Options:

A.

FortiGate needs to have the server list entry for FortiManager set to server-type update under config system central-management.

B.

FortiManager needs to be the license validation server for FortiGate devices trying to retrieve updated AV and IPS packages.

C.

Service access needs to be enabled on FortiManager under System Settings > Network.

D.

FortiGate needs to have include-default-servers disabled under config system central-management.

Buy Now
Question # 23

Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router The second unit is elected as the backup designated router Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?

Options:

A.

1

B.

2

C.

3

D.

4

Buy Now
Exam Code: NSE7_EFW-7.0
Exam Name: Fortinet NSE 7 - Enterprise Firewall 7.0
Last Update: Feb 22, 2025
Questions: 163
NSE7_EFW-7.0 pdf

NSE7_EFW-7.0 PDF

$25.5  $84.99
 Add to Cart
NSE7_EFW-7.0 Engine

NSE7_EFW-7.0 Testing Engine

$28.5  $94.99
 Add to Cart
NSE7_EFW-7.0 PDF + Engine

NSE7_EFW-7.0 PDF + Testing Engine

$40.5  $134.99
 Add to Cart