Fortinet NSE7_EFW-7.2 Exam Practice Test Instant Access

Question 1

Which two statements about metadata variables are true? (Choose two.)

AYou create them on FortiGate

BThey apply only to non-firewall objects.

CThe metadata format is $<metadata_variabie_name>.

DThey can be used as variables in scripts

Answer : C, D

Metadata variables in FortiGate are created to store metadata associated with different FortiGate features. These variables can be used in various configurations and scripts to dynamically replace the variable with its actual value during processing. A: You create metadata variables on FortiGate. They are used to store metadata for FortiGate features and can be called upon in different configurations. D: They can be used as variables in scripts. Metadata variables are utilized within the scripts to dynamically insert values as per the context when the script runs.

Fortinet FortiOS Handbook: CLI Reference

Question 2

Refer to the exhibit, which shows device registration on FortiManager.

What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?

ABased on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.

BOn NGFW-A, the configuration was changed and spokes are wailing for an autoupdate.

COn both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.

DSpoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.

Answer : B

Question 3

Exhibit.

ISFW is installed in the access layer NGFW is performing SNAT and web tittering DCFW is running IPS Which two statements are true regarding the Security Fabric logging? (Choose two.)

ADCFW is responsible for generating UTM logs for file server sessions initiated by Client-1. only if an IPS inspection is triggered

BISFW is responsible for generating traffic logs for only Web traffic and SMB traffic from Client-1.

CThe SMB session which is forwarded to NGFW logs that event

DDCFW generates traffic logs for all sessions from Corporate File Server

EThe web session forwarded to the NGFW generates the relevant UTM logs along with initial traffic log

Answer : A, B

Question 4

Refer to the exhibit, which contains a partial OSPF configuration.

What can you conclude from this output?

ANeighbors maintain communication with the restarting router.

BThe router sends grace LSAs before it restarts.

CFortiGate restarts if the topology changes.

DThe restarting router sends gratuitous ARP for 30 seconds.

Answer : C

From the partial OSPF (Open Shortest Path First) configuration output:

B . The router sends grace LSAs before it restarts: This is implied by the command 'set restart-mode graceful-restart'. When OSPF is configured with graceful restart, the router sends grace LSAs (Link State Advertisements) to inform its neighbors that it is restarting, allowing for a seamless transition without recalculating routes.

Fortinet documentation on OSPF configuration clearly states that enabling graceful restart mode allows the router to maintain its adjacencies and routes during a brief restart period.

Question 5

An administrator configured the following command on FortiGate

config router ospf

sec reszart-mode graceful-restart

Which two statements correctly describe the result of the above command? (Choose two.)

AFortiGate is configured with graceful restart and will exit graceful mode, if the network topology changes

BAfter the default 40 seconds wait time the OSPF neighbors will resume communication with the restarting router

CThe OSPF neighbor that receives the grace link-state advertisement (LSA) will enter into helper mode

DIn an HA cluster FortiGate devices will keep the OSPF routes in their routing table to avoid traffic interruption during an HA failover

Answer : B, C

Question 6

What are two functions of automation stitches? (Choose two.)

AAutomation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds.

BAn automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

CAutomation stitches can be configured on any FortiGate device in a Security Fabric environment.

DAn automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Answer : A, D

Question 7

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

AVerify that the speed and duplex settings match between me FortiGate interfaces and the connected switch ports

BConfigure set link -failed signal enable under-config system ha on both Cluster members

CConfigure remote Iink monitoring to detect an issue in the forwarding path

DConfigure set send-garp-on-failover enables under config system ha on both cluster members

Answer : D

Virtual MAC Address and Failover

- The new primary broadcasts Gratuitous ARP packets to notify the network that each virtual MAC is now reachable through a different switch port.

- Some high-end switches might not clear their MAC table correctly after a failover - Solution: Force former primary to shut down all its interfaces for one second when the failover happens (excluding heartbeat and reserved management interfaces):

#Config system ha

set link-failed-signal enable

end

- This simulates a link failure that clears the related entries from MAC table of the switches.

Fortinet NSE 7 - Enterprise Firewall 7.2 NSE7_EFW-7.2 Exam Practice Test