Fortinet NSE7_EFW-7.2 Exam Practice Test Instant Access

Question 1

You are testing the implementation of a new custom remote desktop application in your network In which two ways can you eliminate false positives in IPS during this testing phase? (Choose two)

ACreate an IP address exception

BAdjust the rate-based signature threshold and its duration.

CEnable the preserve source pore option in the firewall policy

DPermanently bypass the affected endpoints

Answer : B, D

Question 2

Refer to the exhibit.

Refer to the exhibit, which shows information about an OSPF interface

What two conclusions can you draw from this command output? (Choose two.)

ANGFW-1 sends its LSA updates to 224.0.0.6 address

BNGFW-1 sends its LSA updates to 224.0.0. 5 address

CNGFW-1 forms neighbor adjacency only with DR and BDR router.

DNGFW-1 forms neighbor adjacency only if other OSPF routers match the wait time of 40 seconds

Answer : A, C

Question 3

Exhibit.

Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

AThe port3 network has more man one OSPF router

BThe OSPF routers are in the area ID of 0.0.0.1.

CThe interfaces of the OSPF routers match the MTU value that is configured as 1500.

DNGFW-1 is the designated router

Answer : A, C

From the OSPF interface command output, we can conclude that the port3 network has more than one OSPF router because the Neighbor Count is 2, indicating the presence of another OSPF router besides NGFW-1. Additionally, we can deduce that the interfaces of the OSPF routers match the MTU value configured as 1500, which is necessary for OSPF neighbors to form adjacencies. The MTU mismatch would prevent OSPF from forming a neighbor relationship.

Fortinet FortiOS Handbook: OSPF Configuration

Question 4

Refer to the exhibit, which shows an SSL certification inspection configuration.

Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?

AFortiGate uses the first entry listed in the SAN field in the server certificate

BFortiGate uses the CN information from the Subject field in the server certificate

CFortiGate uses the SNI from the user's web browser.

DFortiGate closes the connection because this represents an invalid SSL/TLS configuration

Answer : D

Question 5

Which statement is true regarding the Bidirectional Forwarding Detection protocol in BGP?

ABFD is only supported when two FortiGate devices are directly connected on the same network

BBFD is using BGP keepalive messages to check the status of BGP peer

CBFD is used to detect one way device failure

DBFD is enabled under config router bfd configuration

Answer : C

Question 6

Which FortiGate in a Security I auric sends togs to FortiAnalyzer?

AOnly the root FortiGate.

BEach FortiGate in the Security fabric.

CThe FortiGate devices performing network address translation (NAT) or unified threat management (UTM). if configured.

DOnly the last FortiGate that handled a session in the Security Fabric

Answer : B

Option B is correct because each FortiGate in the Security Fabric can send logs to FortiAnalyzer for centralized logging and analysis12. This allows you to monitor and manage the entire Security Fabric from a single console and view aggregated reports and dashboards.

Option A is incorrect because the root FortiGate is not the only device that can send logs to FortiAnalyzer.The root FortiGate is the device that initiates the Security Fabric and acts as the central point of contact for other FortiGate devices3. However, it does not have to be the only log source for FortiAnalyzer.

Option C is incorrect because the FortiGate devices performing NAT or UTM are not the only devices that can send logs to FortiAnalyzer.These devices can perform additional security functions on the traffic that passes through them, such as firewall, antivirus, web filtering, etc4. However, they are not the only devices that generate logs in the Security Fabric.

Option D is incorrect because the last FortiGate that handled a session in the Security Fabric is not the only device that can send logs to FortiAnalyzer.The last FortiGate is the device that terminates the session and applies the final security policy5. However, it does not have to be the only device that reports the session information to FortiAnalyzer.Reference: =

1: Security Fabric - Fortinet Documentation1

2: FortiAnalyzer Demo6

3: Security Fabric topology

4: Security Fabric UTM features

5: Security Fabric session handling

Question 7

Which three conditions are required (or two FortiGate devices to form an OSPF adjacency? (Choose three.)

AOSPF peer interface must have same cost value

BOSPF peer interface must have same MTU size

COSPF peer interface must have same Hello and Wait time

DOSPF peer interface must have same Hello and Dead time

EOSPF peer interfaces must have same network and mask

Answer : B, D, E

Fortinet NSE 7 - Enterprise Firewall 7.2 NSE7_EFW-7.2 Exam Practice Test