Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet NSE7_EFW-7.2 - Fortinet NSE 7 - Enterprise Firewall 7.2

Fortinet NSE7_EFW-7.2 Premium Access     Download Demo    
Page: 1 / 3
Total 80 questions

You contoured an address object on the tool fortiGate in a Security Fabric. This object is not synchronized with a downstream device. Which two reasons could be the cause? (Choose two)

A.

The address object on the tool FortiGate has fabric-object set to disable

B.

The root FortiGate has configuration-sync set to enable

C.

The downstream TortiGate has fabric-object-unification set to local

D.

The downstream FortiGate has configuration-sync set to local

Refer to the exhibit, which shows config system central-management information.

Which setting must you configure for the web filtering feature to function?

A.

Add server. fortiguard. net to the server list.

B.

Configure securewf.fortiguard. net on the default servers.

C.

Set update-server-location to automatic.

D.

Configure server-type with the rating option.

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

A.

Verify that the speed and duplex settings match between me FortiGate interfaces and the connected switch ports

B.

Configure set link -failed signal enable under-config system ha on both Cluster members

C.

Configure remote Iink monitoring to detect an issue in the forwarding path

D.

Configure set send-garp-on-failover enables under config system ha on both cluster members

Refer to the exhibits, which show the configurations of two address objects from the same FortiGate.

Why can you modify the Engineering address object, but not the Finance address object?

A.

You have read-only access.

B.

FortiGate joined the Security Fabric and the Finance address object was configured on the root FortiGate.

C.

FortiGate is registered on FortiManager.

D.

Another user is editing the Finance address object in workspace mode.

Refer to the exhibits, which contain the network topology and BGP configuration for a hub.

Exhibit A.

Exhibit B.

An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other.

What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke?

A.

Configure the hub as a route reflector

B.

Configure auto-discovery-sender on the hub

C.

Add a prefix list to the hub that permits routes to be shared between the spokes

D.

Enable route redistribution under config router bgp

Which three conditions are required (or two FortiGate devices to form an OSPF adjacency? (Choose three.)

A.

OSPF peer interface must have same cost value

B.

OSPF peer interface must have same MTU size

C.

OSPF peer interface must have same Hello and Wait time

D.

OSPF peer interface must have same Hello and Dead time

E.

OSPF peer interfaces must have same network and mask

Refer to the exhibit which shows an OSPF network.

Which types of link-state advertisements (LSA) will NGFW-1 send if it is a backup designated router (BDR)

A.

NGFW-1 will send type 1 and type 2 LSAs

B.

NGFW-1 will send type 1 and type 4 LSAs.

C.

NGFW-1 will send type 1 and type 3 LSAs

D.

NGFW-1 will send type 1 and type 5 LSAs

Which statement about network processor (NP) offloading is true?

A.

For TCP traffic FortiGate CPU offloads the first packets of SYN/ACK and ACK of the three-way handshake to NP

B.

The NP provides IPS signature matching

C.

You can disable the NP for each firewall policy using the command np-acceleration st to loose.

D.

The NP checks the session key or IPSec SA

What are two functions of automation stitches? (Choose two.)

A.

Automation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds.

B.

An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

C.

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.

D.

An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed

to apply any changes to the managed device after being run.

Why did the TCL script fail to make any changes to the managed device?

A.

The TCL procedure run_cmd has not been created.

B.

The TCL script must start with #include.

C.

There is no corresponding #! to signify the end of the script.

D.

The TCL procedure lacks the required loop statements to iterate through the changes.