Fortinet NSE7_EFW-7.2 Exam Practice Test Instant Access

Question 1

Exhibit.

Refer to the exhibit, which provides information on BGP neighbors.

Which can you conclude from this command output?

AThe router are in the number to match the remote peer.

BYou must change the AS number to match the remote peer.

CBGP is attempting to establish a TCP connection with the BGP peer.

DThe bfd configuration to set to enable.

Answer : C

The BGP state is ''Idle'', indicating that BGP is attempting to establish a TCP connection with the peer. This is the first state in the BGP finite state machine, and it means that no TCP connection has been established yet. If the TCP connection fails, the BGP state will reset to either active or idle, depending on the configuration.Reference: You can find more information about BGP states and troubleshooting in the following Fortinet Enterprise Firewall 7.2 documents:

Troubleshooting BGP

How BGP works

Question 2

Which two statements about metadata variables are true? (Choose two.)

AYou create them on FortiGate

BThey apply only to non-firewall objects.

CThe metadata format is $<metadata_variabie_name>.

DThey can be used as variables in scripts

Answer : C, D

Metadata variables in FortiGate are created to store metadata associated with different FortiGate features. These variables can be used in various configurations and scripts to dynamically replace the variable with its actual value during processing. A: You create metadata variables on FortiGate. They are used to store metadata for FortiGate features and can be called upon in different configurations. D: They can be used as variables in scripts. Metadata variables are utilized within the scripts to dynamically insert values as per the context when the script runs.

Fortinet FortiOS Handbook: CLI Reference

Question 3

Exhibit.

Refer to exhibit, which shows a central management configuration

Which server will FortiGate choose for web filler rating requests if 10.0.1.240 is experiencing an outage?

APublic FortiGuard servers

B10.0.1.242

C10.0.1.244

D10.0.1.243

Answer : C

In the event of an outage at 10.0.1.240, the FortiGate will choose the next server in the sequence for web filter rating requests, which is 10.0.1.244 according to the configuration shown in the exhibit. This is because the server list is ordered by priority, and the server with the lowest priority number is chosen first. If that server is unavailable, the next server with the next lowest priority number is chosen, and so on. The public FortiGuard servers are only used if the include-default-servers option is enabled and all the custom servers are unavailable.Reference:=Fortinet Enterprise Firewall Study Guide for FortiOS 7.2, page 132.

Question 4

Refer to the exhibit, which shows device registration on FortiManager.

What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?

ABased on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.

BOn NGFW-A, the configuration was changed and spokes are wailing for an autoupdate.

COn both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.

DSpoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.

Answer : B

Question 5

Which three conditions are required (or two FortiGate devices to form an OSPF adjacency? (Choose three.)

AOSPF peer interface must have same cost value

BOSPF peer interface must have same MTU size

COSPF peer interface must have same Hello and Wait time

DOSPF peer interface must have same Hello and Dead time

EOSPF peer interfaces must have same network and mask

Answer : B, D, E

Question 6

Refer to the exhibit, which shows an ADVPN network,