New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Questions and Answers

Questions 4

Exhibit.

NSE7_EFW-7.2 Question 4

Refer to the exhibit, which shows a partial web filter profile conjuration

What can you cone udo from this configuration about access to www.facebook , com, which is categorized as Social Networking?

Options:

A.

The access is blocked based on the Content Filter configuration

B.

The access is allowed based on the FortiGuard Category Based Filter configuration

C.

The access is blocked based on the URL Filter configuration

D.

The access is hocked if the local or the public FortiGuard server does not reply

Buy Now
Questions 5

You contoured an address object on the tool fortiGate in a Security Fabric. This object is not synchronized with a downstream device. Which two reasons could be the cause? (Choose two)

Options:

A.

The address object on the tool FortiGate has fabric-object set to disable

B.

The root FortiGate has configuration-sync set to enable

C.

The downstream TortiGate has fabric-object-unification set to local

D.

The downstream FortiGate has configuration-sync set to local

Buy Now
Questions 6

Exhibit.

NSE7_EFW-7.2 Question 6

Refer to the exhibit, which contains the partial ADVPN configuration of a spoke.

Which two parameters must you configure on the corresponding single hub? (Choose two.)

Options:

A.

Set auto-discovery-sender enable

B.

Set ike-version 2

C.

Set auto-discovery-forwarder enable

D.

Set auto-discovery-receiver enable

Buy Now
Questions 7

Refer to the exhibit, which contains a partial BGP combination.

NSE7_EFW-7.2 Question 7

You want to configure a loopback as the OGP source.

Which two parameters must you set in the BGP configuration? (Choose two)

Options:

A.

ebgp-enforce-multihop

B.

recursive-next-hop

C.

ibgp-enfoce-multihop

D.

update-source

Buy Now
Questions 8

Exhibit.

NSE7_EFW-7.2 Question 8

NSE7_EFW-7.2 Question 8

Refer to the exhibit, which contains an ADVPN network diagram and a partial BGP con figuration Which two parameters Should you configure in config neighbor range? (Choose two.)

Options:

A.

set prefix 172.16.1.0 255.255.255.0

B.

set route reflector-client enable

C.

set neighbor-group advpn

D.

set prefix 10.1.0 255.255.254.0

Buy Now
Questions 9

What are two functions of automation stitches? (Choose two.)

Options:

A.

Automation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds.

B.

An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

C.

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.

D.

An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Buy Now
Questions 10

Refer to the exhibit, which shows two configured FortiGate devices and peering over FGSP.

NSE7_EFW-7.2 Question 10

The main link directly connects the two FortiGate devices and is configured using the set

session-syn-dev command.

What is the primary reason to configure the main link?

Options:

A.

To have both sessions and configuration synchronization in layer 2

B.

To load balance both sessions and configuration synchronization between layer 2 and 3

C.

To have only configuration synchronization in layer 3

D.

To have both sessions and configuration synchronization in layer 3

Buy Now
Questions 11

Exhibit.

NSE7_EFW-7.2 Question 11

Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

Options:

A.

The port3 network has more man one OSPF router

B.

The OSPF routers are in the area ID of 0.0.0.1.

C.

The interfaces of the OSPF routers match the MTU value that is configured as 1500.

D.

NGFW-1 is the designated router

Buy Now
Questions 12

Which statement about network processor (NP) offloading is true?

Options:

A.

For TCP traffic FortiGate CPU offloads the first packets of SYN/ACK and ACK of the three-way handshake to NP

B.

The NP provides IPS signature matching

C.

You can disable the NP for each firewall policy using the command np-acceleration st to loose.

D.

The NP checks the session key or IPSec SA

Buy Now
Questions 13

Refer to the exhibits, which contain the network topology and BGP configuration for a hub.

Exhibit A.

NSE7_EFW-7.2 Question 13

Exhibit B.

NSE7_EFW-7.2 Question 13

An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other.

What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke?

Options:

A.

Configure the hub as a route reflector

B.

Configure auto-discovery-sender on the hub

C.

Add a prefix list to the hub that permits routes to be shared between the spokes

D.

Enable route redistribution under config router bgp

Buy Now
Questions 14

Refer to the exhibit, which contains information about an IPsec VPN tunnel.

NSE7_EFW-7.2 Question 14

What two conclusions can you draw from the command output? (Choose two.)

Options:

A.

Dead peer detection is set to enable.

B.

The IKE version is 2.

C.

Both IPsec SAs are loaded on the kernel.

D.

Forward error correction in phase 2 is set to enable.

Buy Now
Questions 15

Which ADVPN configuration must be configured using a script on fortiManager, when using VPN Manager to manage fortiGate VPN tunnels?

Options:

A.

Enable AD-VPN in IPsec phase 1

B.

Disable add-route on hub

C.

Configure IP addresses on IPsec virtual interlaces

D.

Set protected network to all

Buy Now
Questions 16

Which two statements about IKE vision 2 are true? (Choose two.)

Options:

A.

Phase 1 includes main mode

B.

It supports the extensible authentication protocol (EAP)

C.

It supports the XAuth protocol.

D.

It exchanges a minimum of four messages to establish a secure tunnel

Buy Now
Exam Code: NSE7_EFW-7.2
Exam Name: Fortinet NSE 7 - Enterprise Firewall 7.2
Last Update: Dec 21, 2024
Questions: 56

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now NSE7_EFW-7.2 testing engine

PDF (Q&A)

$36.75  $104.99
buy now NSE7_EFW-7.2 pdf