Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet NSE7_EFW-7.2 - Fortinet NSE 7 - Enterprise Firewall 7.2

Fortinet NSE7_EFW-7.2 Premium Access     Download Demo    
Page: 2 / 3
Total 80 questions

Refer to the exhibit, which shows a network diagram.

Which IPsec phase 2 configuration should you impalement so that only one remote site is connected at any time?

A.

Set route-overlap to allow.

B.

Set single-source to enable

C.

Set route-overlap to either use—new or use-old

D.

Set net-device to enable

You are testing the implementation of a new custom remote desktop application in your network In which two ways can you eliminate false positives in IPS during this testing phase? (Choose two)

A.

Create an IP address exception

B.

Adjust the rate-based signature threshold and its duration.

C.

Enable the preserve source pore option in the firewall policy

D.

Permanently bypass the affected endpoints

Which statement about ADVPN is true?

A.

lt only uses BGP for dynamic routing

B.

It requires all the devices must be on the same AS for inter-region ADVPN topology

C.

lt is a combination of hub-and spoke and full-mesh topologies

D.

It supports only on single hub-and spoke architecture

Refer to the exhibit, which shows an OSPF network.

Which types of ink-state advertisements (LSA) will NGFW-1 send, if itis a backup designated router (BDR)?

A.

ONGFW-1 will send type 1 and type 2 LSAs.

B.

NGFW-1 will send type 1and type 3 LSA.

C.

ONGFW-1 will send type 1 and type 4 LSA.

D.

ONGFW-1 will send type 1and type 5 LSA.

Which two statements about the Security Fabric are true? (Choose two.)

A.

Each member of the Security Fabric maintains the shared Security Fabric map.

B.

Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer.

C.

FortiGate uses the FortiTelemetry protocol to communicate with FortiAnalyzer.

D.

Each FortiGate device in the Security Fabric must have bidirectional FortiTelemetry connectivity.

E.

Only FortiGate devices with configuration-sync sel to Local receive and synchronize the global CMDB objects that the root FortiGate sends.

Exhibit.

Refer to exhibit, which shows a central management configuration

Which server will FortiGate choose for web filler rating requests if 10.0.1.240 is experiencing an outage?

A.

Public FortiGuard servers

B.

10.0.1.242

C.

10.0.1.244

D.

10.0.1.243

Exhibit.

Refer to the exhibit, which shows an ADVPN network.

The client behind Spoke-1 generates traffic to the device located behind Spoke-2.

Which first message floes the hub send to Spoke-110 bring up the dynamic tunnel?

A.

Shortcut query

B.

Shortcut reply

C.

Shortcut offer

D.

Shortcut forward

Refer to the exhibit, which shows a partial routing table.

What two conclusions can you draw from the FortiGate output shown in the

exhibit? (Choose two.)

A.

FortiGate creates separate virtual interfaces for each VPN client.

B.

add-route is enabled in the tunnel IPSec phase 1 configuration.

C.

FortiGate is not using the destination subnets of the quick mode selectors to

populate the routing table.

D.

net-device is disabled in the tunnel IPSec phase 1 configuration.

You want to configure faster failure detection for BGP

Which parameter should you enable on both connected FortiGate devices?

A.

Ebgp-enforce-multihop

B.

bfd

C.

Distribute-list-in

D.

Graceful-restart

Refer to the exhibit, which shows an SSL certification inspection configuration.

Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?

A.

FortiGate uses the first entry listed in the SAN field in the server certificate

B.

FortiGate uses the CN information from the Subject field in the server certificate

C.

FortiGate uses the SNI from the user's web browser.

D.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration