Free Download NSE7_EFW-7.0 Examp Dump: Fortinet.NSE7_EFW-7.0.CertKingdom.2024-10-10.163q.tqb

Question 1

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

In the phase 1 network configuration, set the IKE version to 2.
In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

Correct answer: D

Explanation:

https://docs.fortinet.com/document/fortigate.0.0/administration-guide852

Question 2

Refer to the exhibit, which shows the output of a web filtering diagnose command.

Which configuration change would result in non-zero results in the cache statistics section?

set server-type rating under config system central-management
set webfilter-cache enable under config system fortiguard
set webfilter-force-off disable under config system fortiguard
set ngfw-mode policy-based under config system settings

Correct answer: B

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 362

Question 3

Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

The session would remain in the session table, but its traffic would now egress from both port1 and port2.
The session would remain in the session table, and its traffic would egress from port2.
The session would be deleted, and the client would need to start a new session.
The session would remain in the session table, and its traffic would egress from port1.

Correct answer: D

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-SNAT-route-change-to-updateexisting-NAT/ta-p439

Question 4

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to test session failover between the two service provider connections.

What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Configure set snat-route-change enable.
Change the priority of the port2 static route to 5.
Change the priority of the port1 static route to 11.
unset snat-route-change to return it to the default setting.

Correct answer: AC

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 148-149

Question 5

What are two functions of automation stitches? (Choose two.)

Automation stitches can be configured on any FortiGate device in a Security Fabric environment.
An automation stitch configured to execute actions sequentially can take parameters fromprevious actions as input for the current action.
Automation stitches can be created to run diagnostic commands and attach the results to an emailmessage when CPU or memory usage exceeds specified thresholds.
An automation stitch configured to execute actions in parallel can be set to insert a specific delaybetween actions.

Correct answer: BC

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 23, 26

Question 6

Refer to the exhibit, which shows a partial web filter profile configuration.

Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

FortiGate will block the connection, based on the FortiGuard category based filter configuration.
FortiGate will block the connection as an invalid URL.
FortiGate will exempt the connection, based on the Web Content Filter configuration.
FortiGate will allow the connection, based on the URL Filter configuration.

Correct answer: A

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 351 url filter -> FortiGuard Web Filter -> Web Content Filter -> Advanced Filter Options Allow -> Block

Question 7

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

The npu_flag for this tunnel is 03.
Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.
Anti-replay is enabled.
The npu_flag for this tunnel is 02.

Correct answer: AC

Question 8

Refer to the exhibit, which shows a session table entry.

Which statement about FortiGate behavior relating to this session is true?

FortiGate redirected the client to the captive portal to authenticate, so that a correct policy matchcould be made.
FortiGate forwarded this session without any inspection.
FortiGate is performing security profile inspection using the CPU. Most Voted
FortiGate applied only IPS inspection to this session.

Correct answer: C

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 91, 92 First digit of "proto_state" value at 1 and considering all counters are at 0 for HW acceleration means CPU usage

Question 9

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Set the priority of the static default route using port1 to 10. Most Voted
Set the priority of the static default route using port2 to 1.
Set preserve-session-route to enable.
Set snat-route-change to enable.

Correct answer: A

Explanation:

ECMP pre-requisite is "routes must have the same destination and costs. In the case of static routes, costs include distance and priority". In this case traffic is routed through port 1 because of the lower priority. If we raise priority on port 1 to the value of 10 the traffic should be routed through both ports 1 and 2.https://docs.fortinet.com/document/fortigate.0.1/administration-guide67/equal-cost-multipath

ECMP pre-requisite is "routes must have the same destination and costs. In the case of static routes, costs include distance and priority". In this case traffic is routed through port 1 because of the lower priority. If we raise priority on port 1 to the value of 10 the traffic should be routed through both ports 1 and 2.

https://docs.fortinet.com/document/fortigate.0.1/administration-guide67/equal-cost-multipath

Question 10

Refer to the exhibit, which shows a partial routing table.

Assuming all the appropriate firewall policies are configured, what two changes would an administrator need to make if they wanted to send traffic from a client directly connected to port3, to a server directly connected to port4? (Choose two.)

Configure route leaking between VRF 12 and VRF 21.
Disable auto-asic-offload as this is not supported between VRF instances.
Configure RIPv2 to exchange route information between the VRF instances.
Configure route leaking between port3 and port4.
Enable SNAT on the relevant firewall policies to prevent RPF check drops.

Correct answer: AE

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 148, 159

Exam	Fortinet NSE 7 - Enterprise Firewall 7.0
Number	NSE7_EFW-7.0
File Name	Fortinet.NSE7_EFW-7.0.CertKingdom.2024-10-10.163q.tqb
Size	24 MB
Posted	Oct 10, 2024
Download	Fortinet.NSE7_EFW-7.0.CertKingdom.2024-10-10.163q.tqb

Download Fortinet.NSE7_EFW-7.0.CertKingdom.2024-10-10.163q.tqb

File Info

How to open VCEX & EXAM Files?

Demo Questions