Fortinet NSE7_EFW-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit, which contains a partial configuration of the global system.

What can you conclude from the output?

Aset strict-d^rty-session-check enable command instructs the FortiGate to offload all dirty session traffic to its SPU

Bset check-protocol-header loose command enables hardware acceleration on this FortiGate device.

Cset av-failopen pass command instructs the FortiGate to offload all traffic that uses the antivirus proxy to NP.

Dset memory-use-threshoId-extreme command instructs the FortiGate to disable hardware acceleration if the memory extreme threshold reaches 95%

Answer : B

Question 2

An administrator configured the following command on FortiGate

config router ospf

sec reszart-mode graceful-restart

Which two statements correctly describe the result of the above command? (Choose two.)

AFortiGate is configured with graceful restart and will exit graceful mode, if the network topology changes

BAfter the default 40 seconds wait time the OSPF neighbors will resume communication with the restarting router

CThe OSPF neighbor that receives the grace link-state advertisement (LSA) will enter into helper mode

DIn an HA cluster FortiGate devices will keep the OSPF routes in their routing table to avoid traffic interruption during an HA failover

Answer : B, C

Question 3

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

AOnly the DR receives link state information from non-DR routers.

BNon-DR and non-BDR routers form full adjacencies to DR only.

CFortiGate first checks the OSPF ID to elect a DR.

DNon-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.

Answer : B

Question 4

Refer to the exhibit.

which contains a partial configuration of the global system. What can you conclude from this output?

ANPs and CPs are enabled

BOnly CPs arc disabled

COnly NPs are disabled

DNPs and CPs arc disabled

Answer : A

The configuration output shows various global settings for a FortiGate device. The terms NP (Network Processor) and CP (Content Processor) relate to FortiGate's hardware acceleration features. However, the provided configuration output does not directly mention the status (enabled or disabled) of NPs and CPs. Typically, the command to disable or enable hardware acceleration features would specifically mention NP or CP in the command syntax. Therefore, based on the output provided, we cannot conclusively determine the status of NPs and CPs, hence option D is the closest answer since the output does not confirm that they are enabled.

FortiOS Handbook - CLI Reference for FortiOS 5.2

Question 5

Exhibit.

Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

AThe port3 network has more man one OSPF router

BThe OSPF routers are in the area ID of 0.0.0.1.

CThe interfaces of the OSPF routers match the MTU value that is configured as 1500.

DNGFW-1 is the designated router

Answer : A, C

From the OSPF interface command output, we can conclude that the port3 network has more than one OSPF router because the Neighbor Count is 2, indicating the presence of another OSPF router besides NGFW-1. Additionally, we can deduce that the interfaces of the OSPF routers match the MTU value configured as 1500, which is necessary for OSPF neighbors to form adjacencies. The MTU mismatch would prevent OSPF from forming a neighbor relationship.

Fortinet FortiOS Handbook: OSPF Configuration

Question 6

Exhibit.

Refer to the exhibit, which contains a CLI script configuration on FortiManager.

An administrator configured the CLI script on FortiManager Which statement is true based on the script configuration?

AThe script successfully added a static route with gateway 10.20.121.2 on the manages device

BCLI scripts must start with # l.

CThe commands are missing d3_cmd at beginning

DThe CLI scripts failed to execute because of an incomplete command

Answer : D

Question 7

Refer to the exhibit.

The exhibit shows a prefix list configuration

What can you conclude from the above prefix-list configuration?

AThe prefix 10.10.0.0/16 will be denied

BThe prefixes 10.10.0/16 and 10.0.0.0/16 will be denied

CThe prefix 10.10.10.0/24 will be permitted

DThe prefix 10.0.0.0/8 will be permitted

Answer : C

Fortinet NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Exam Practice Test