Fortinet NSE7_EFW-7.0 Exam Practice Questions (P. 1)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
- AOSPF interface network types match.Most Voted
- BOSPF router IDs are unique.Most Voted
- COSPF interface priority settings are unique.
- DAuthentication settings match.Most Voted
- EOSPF link costs match.
Correct Answer:
ABD
ABD

To achieve OSPF adjacency between FortiGate devices, it's crucial that the OSPF interface network types are the same to ensure communication compatibility. Additionally, unique router IDs prevent identity conflicts within the network, while matching authentication settings authenticate the identity of communicating routers, safeguarding against unauthorized access. These conditions together ensure a secure and efficient OSPF setup.
send
light_mode
delete
Question #2
Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?
- AIn the phase 1 network configuration, set the IKE version to 2.
- BIn the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
- CIn the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
- DIn the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.Most Voted
Correct Answer:
D
D
send
light_mode
delete
Question #3
Refer to the exhibit, which shows the output of a web filtering diagnose command.

Which configuration change would result in non-zero results in the cache statistics section?

Which configuration change would result in non-zero results in the cache statistics section?
- Aset server-type rating under config system central-management
- Bset webfilter-cache enable under config system fortiguardMost Voted
- Cset webfilter-force-off disable under config system fortiguard
- Dset ngfw-mode policy-based under config system settings
Correct Answer:
B
B
send
light_mode
delete
Question #4
Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?
- AThe session would remain in the session table, but its traffic would now egress from both port1 and port2.
- BThe session would remain in the session table, and its traffic would egress from port2.
- CThe session would be deleted, and the client would need to start a new session.
- DThe session would remain in the session table, and its traffic would egress from port1.Most Voted
Correct Answer:
B
B
send
light_mode
delete
Question #5
Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to test session failover between the two service provider connections.
What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

An administrator would like to test session failover between the two service provider connections.
What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)
- AConfigure set snat-route-change enable.Most Voted
- BChange the priority of the port2 static route to 5.
- CChange the priority of the port1 static route to 11.Most Voted
- Dunset snat-route-change to return it to the default setting.
Correct Answer:
AB
AB
send
light_mode
delete
All Pages