Fortinet NSE7_EFW-7.2 Exam Questions Instant Access

Question 1

Refer to the exhibit, which shows an error in system fortiguard configuration.

What is the reason you cannot set the protocol to udp in config system fortiguard?

AFortiManager provides FortiGuard.

Bfortiguard-anycast is set to enable.

CYou do not have the corresponding write access.

Dudp is not a protocol option.

Answer : B

The reason for the command failure when trying to set the protocol to UDP in the config system fortiguard is likely that UDP is not a protocol option in this context. The command syntax might be incorrect or the option to set a protocol for FortiGuard updates might not exist in this manner. So the correct answer is D. udp is not a protocol option.

Question 2

Exhibit.

ISFW is installed in the access layer NGFW is performing SNAT and web tittering DCFW is running IPS Which two statements are true regarding the Security Fabric logging? (Choose two.)

ADCFW is responsible for generating UTM logs for file server sessions initiated by Client-1. only if an IPS inspection is triggered

BISFW is responsible for generating traffic logs for only Web traffic and SMB traffic from Client-1.

CThe SMB session which is forwarded to NGFW logs that event

DDCFW generates traffic logs for all sessions from Corporate File Server

EThe web session forwarded to the NGFW generates the relevant UTM logs along with initial traffic log

Answer : A, B

Question 3

An administrator configured the following command on FortiGate

config router ospf

sec reszart-mode graceful-restart

Which two statements correctly describe the result of the above command? (Choose two.)

AFortiGate is configured with graceful restart and will exit graceful mode, if the network topology changes

BAfter the default 40 seconds wait time the OSPF neighbors will resume communication with the restarting router

CThe OSPF neighbor that receives the grace link-state advertisement (LSA) will enter into helper mode

DIn an HA cluster FortiGate devices will keep the OSPF routes in their routing table to avoid traffic interruption during an HA failover

Answer : B, C

Question 4

Which three conditions are required (or two FortiGate devices to form an OSPF adjacency? (Choose three.)

AOSPF peer interface must have same cost value

BOSPF peer interface must have same MTU size

COSPF peer interface must have same Hello and Wait time

DOSPF peer interface must have same Hello and Dead time

EOSPF peer interfaces must have same network and mask

Answer : B, D, E

Question 5

Refer to the exhibit.

The exhibit shows a prefix list configuration

What can you conclude from the above prefix-list configuration?

AThe prefix 10.10.0.0/16 will be denied

BThe prefixes 10.10.0/16 and 10.0.0.0/16 will be denied

CThe prefix 10.10.10.0/24 will be permitted

DThe prefix 10.0.0.0/8 will be permitted

Answer : C

Question 6

Exhibit.

Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

AThe port3 network has more man one OSPF router

BThe OSPF routers are in the area ID of 0.0.0.1.

CThe interfaces of the OSPF routers match the MTU value that is configured as 1500.

DNGFW-1 is the designated router

Answer : A, C

From the OSPF interface command output, we can conclude that the port3 network has more than one OSPF router because the Neighbor Count is 2, indicating the presence of another OSPF router besides NGFW-1. Additionally, we can deduce that the interfaces of the OSPF routers match the MTU value configured as 1500, which is necessary for OSPF neighbors to form adjacencies. The MTU mismatch would prevent OSPF from forming a neighbor relationship.

Fortinet FortiOS Handbook: OSPF Configuration

Question 7

Refer to the exhibit, which shows device registration on FortiManager.

What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?

ABased on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.

BOn NGFW-A, the configuration was changed and spokes are wailing for an autoupdate.

COn both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.

DSpoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.

Answer : B

Fortinet NSE 7 - Enterprise Firewall 7.2 NSE7_EFW-7.2 Exam Questions