DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Fortinet NSE7_EFW-7.2 Certification Exam Questions & Practice Tests, Fortinet NSE 7 - Enterprise Firewall | SPOTO

Embark on your journey to Fortinet NSE7_EFW-7.2 certification success with SPOTO's comprehensive exam questions and practice tests! As part of the esteemed NSE 7 Network Security Architect program, this certification showcases expertise in Fortinet solutions within enterprise security infrastructure environments. Prepare thoroughly with our wide range of exam questions and sample questions covering essential topics. Access exam materials and exam dumps for in-depth study and revision. Our practice tests are meticulously designed to mirror the real exam scenario, ensuring optimal preparation and confidence for exam day. At SPOTO, we prioritize high-quality practice tests as the cornerstone of exam success. Our exam simulator provides a realistic testing environment for effective exam practice. Trust SPOTO's expertise to help you pass the Fortinet NSE7_EFW-7.2 certification exam with flying colors!
Take other online exams

Question #1
Refer to the exhibit, which contains the output of a web filtering diagnose command. Which statement explains why the cache statistics are all zeros?
A. The FortiGate web filter cache is disabled in the FortiGate configuration
B. FortiGate is using flow-based inspection which does not use the cache
C. The administrator has reallocated the cache memory to a separate process
D. There are no users making web requests
View answer
Correct Answer: A
Question #2
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement about this command is true?
A. It forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs
B. It disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover
C. It sends a link failed signal to all connected devices
D. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover
View answer
Correct Answer: AB
Question #3
View the exhibit, which contains a session table entry, and then answer the question below. Which one of the following statements is true regarding FortiGates's inspection of this session?
A. FortiGate applied flow-based inspection
B. FortiGate applied proxy-based inspection
C. FortiGate forwarded this session without any inspection
D. FortiGate applied NGFW flow-based inspection
View answer
Correct Answer: AB
Question #4
Refer to the exhibit, which contains a TCL script configuration on FortiManager. An administrator has configured the TCL script on FortiManager, but failed to apply any changes to the managed device after being executed. Why did the TCL script fail to make any changes to the managed device?
A. Changes in an interface configuration can only be done by CLI script
B. The TCL script must start with #include <>
C. Incomplete commands are ignored in TCL scripts
D. The TCL command run_cmd has not been created
View answer
Correct Answer: B
Question #5
Refer to the exhibit, which contains a partial output of an IKE real-time debug. Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
A. auto-discovery-receiver
B. auto-discovery-forwarder
C. auto-discovery-sender
D. auto-discovery-shortcut
View answer
Correct Answer: CD
Question #6
View the global IPS configuration, and then answer the question below. Which of the following statements is true regarding this configuration? (Choose two.)
A. IPS will scan every byte in every session
B. IPS acceleration is disabled in this FortiGate device's configuration
C. New packets requiring IPS inspection will be passed through during conserve mode
D. FortiGate will spawn IPS engine instances based on the system load
View answer
Correct Answer: AD
Question #7
View the exhibit, which contains the partial output of a diagnose command, and then answer the question below. Based on the output, which one of the following statements is correct?
A. Quick mode selectors are disabled
B. DPD is disabled
C. Anti-replay is enabled
D. Remote gateway IP is 10
View answer
Correct Answer: CD
Question #8
Refer to the exhibit, which contains the output of a debug command. Which statement about this FortiGate is correct?
A. It is currently in system conserve mode because of high CPU usage
B. It is currently in extreme conserve mode because of high memory usage
C. It is currently in proxy conserve mode because of high memory usage
D. It is currently in memory conserve mode because of high memory usage
View answer
Correct Answer: C
Question #9
Refer to the exhibit, which contains a partial routing table. Assuming all the appropriate firewall policies are configured, which two pings will FortiGate route? (Choose two.)
A. Source IP address: 10
B. Source IP address: 10
C. Source IP address: 10
D. Source IP address: 10
View answer
Correct Answer: B
Question #10
An administrator wants to capture ESP traffic between two FortiGate devices using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator execute?
A. diagnose sniffer packet any ‘esp’
B. diagnose sniffer packet any ‘udp port 4500’
C. diagnose sniffer packet any ‘udp port 500’
D. diagnose sniffer packet any ‘tcp port 500 or tcp port 4500’
View answer
Correct Answer: D
Question #11
View the exhibit, which contains the output of a BGP debug command, and then answer the question below. Which of the following statements about the exhibit are true? (Choose two.)
A. The local router's BGP state is Established with the 10
B. Since the counters were last reset; the 10
C. The local router has received a total of three BGP prefixes from all peers
D. The local router has not established a TCP session with 100
View answer
Correct Answer: B
Question #12
Refer to the exhibits, which contain configuration on FortiGate and partial session information. All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network. If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?
A. The session would remain in the session table, but its traffic would now egress from both port1 and port2
B. The session would remain in the session table, and its traffic would still egress from port1
C. The session would remain in the session table, and its traffic would start to egress from port2
D. The session would be deleted, so the client would need to start a new session
View answer
Correct Answer: AD
Question #13
Refer to the exhibit, which contains the partial output of a diagnose command. Based on the output, which two statements are correct? (Choose two.)
A. Anti-replay is enabled
B. DPD is disabled
C. Remote gateway IP is 10
D. Quick mode selectors are disabled
View answer
Correct Answer: AC
Question #14
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. Why didn't the tunnel come up?
A. The remote gateway is using aggressive mode and the local gateway is configured to use main mode
B. The remote gateway's phase 1 configuration does not match the local gateway's phase 1 configuration
D. The pre-shared keys do not match
View answer
Correct Answer: AD
Question #15
View the exhibit, which contains the output of a debug command, and then answer the question below. Which one of the following statements about this FortiGate is correct?
A. It is currently in system conserve mode because of high CPU usage
B. It is currently in extreme conserve mode because of high memory usage
C. It is currently in proxy conserve mode because of high memory usage
D. It is currently in memory conserve mode because of high memory usage
View answer
Correct Answer: C
Question #16
Refer to the exhibit, which contains partial outputs from two routing debug commands. Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
A. port3
B. port2
C. port1
D. Both port1 and port2
View answer
Correct Answer: C
Question #17
View the exhibit, which contains the output of diagnose sys session list, and then answer the question below. If the HA ID for the primary unit is zero (0), which one of the following statements about the output is true?
A. This session is for HA heartbeat traffic
B. This session cannot be synced with the slave unit
C. The master unit is processing this traffic
D. The inspection of this session has been offloaded to the slave unit
View answer
Correct Answer: C
Question #18
Refer to the exhibit, which contains the output of a diagnose command. Which two statements regarding the output in the exhibit are true? (Choose two.)
A. FortiGate will probe 121
B. Servers with a negative TZ value are experiencing a service outage
C. Servers with the D flag are considered to be down
D. FortiGate used 209
View answer
Correct Answer: AC
Question #19
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. Which of the following statements about this debug output are correct? (Choose two.)
A. It shows a phase 1 negotiation
B. The initiator has provided remote as its IPsec peer ID
C. The negotiation is using AES128 encryption with CBC hash
D. The remote gateway IP address is 10
View answer
Correct Answer: BC
Question #20
Refer to the exhibit, which contains the output of a debug command. Which two statements about the exhibit are true? (Choose two.)
A. The local FortiGate OSPF router ID is 0
B. The local FortiGate is the backup designated router
C. In the network connected to port4, two OSPF routers are down
D. Port4 is connected to the OSPF backbone area
View answer
Correct Answer: AD
Question #21
Refer to the exhibit, which contains the partial output of an IKE real-time debug. Which two statements about this debug output are correct? (Choose two.)
A. The initiator has provided remote as its IPsec peer ID
B. The negotiation is using AES128 encryption with CBC hash
C. The remote gateway IP address is 10
D. It shows a phase 1 negotiation
View answer
Correct Answer: A
Question #22
Refer to the exhibit, which contains central management configuration. Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
A. 10
B. 10
C. Public FortiGuard servers
D. 10
View answer
Correct Answer: D
Question #23
Refer to the exhibit, which contains the output of a BGP debug command. Which statement about the exhibit is true?
A. The local router has received a total of three BGP prefixes from all peers
B. The local router has not established a TCP session with 100
C. Since the counters were last reset, the 10
D. The local router BGP state is OpenConfirm with the 10
View answer
Correct Answer: B
Question #24
Refer to the exhibit, which contains the output of a real-time debug. Which statement regarding this output is true?
A. FortiGate found the requested URL in its local cache
B. The requested URL belongs to category ID 52
C. The client hostname is training
D. This web request was inspected using the root web filter profile
View answer
Correct Answer: D
Question #25
Refer to the exhibit, which contains a session table entry. Which statement about FortiGate inspection of this session is true?
A. FortiGate applied proxy-based inspection
B. FortiGate applied flow-based NGFW policy-based inspection
C. FortiGate applied flow-based inspection
D. FortiGate forwarded this session without any inspection
View answer
Correct Answer: CDE
Question #26
Refer to the exhibit, which contains the output of diagnose sys session list. If the HA ID for the primary unit is zero (0), which statement about the output is true?
A. This session cannot be synced with the slave unit
B. The inspection of this session has been offloaded to the slave unit
C. The master unit is processing this traffic
D. This session is for HA heartbeat traffic
View answer
Correct Answer: A
Question #27
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator noticed that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. Which one of the following statements about this command is true?
A. Forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs
B. Sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover
C. Disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover
D. Sends a link failed signal to all connected devices
View answer
Correct Answer: ADE
Question #28
View the exhibit, which contains a partial routing table, and then answer the question below. Assuming all the appropriate firewall policies are configured, which of the following pings will FortiGate route? (Choose two.)
A. Source IP address 10
B. Source IP address 10
C. Source IP address 10
D. Source IP address 10
View answer
Correct Answer: B
Question #29
View the following FortiGate configuration. All traffic to the Internet currently egresses from port1. The exhibit shows partial session information for Internet traffic from a user on the internal network. If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user's session?
A. The session would be deleted, so the client would need to start a new session
B. The session would remain in the session table, and its traffic would still egress from port1
C. The session would remain in the session table, and its traffic would start to egress from port2
D. The session would remain in the session table, but its traffic would now egress from both port1 and port2
View answer
Correct Answer: AD
Question #30
View the exhibit, which contains the output of a web filtering diagnose command, and then answer the question below. Which one of the following statements explains why the cache statistics are all zeros?
A. There are no users making web requests
B. The administrator has reallocated the cache memory to a separate process
C. The FortiGuard web filter cache is disabled in the FortiGate's configuration
D. FortiGate is using flow-based inspection which doesn't use the cache
View answer
Correct Answer: B
Question #31
Refer to the exhibit, which contains the partial output of an IKE real-time debug. Why did the tunnel not come up?
A. The pre-shared keys do not match
B. The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration
C. The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration
D. The remote gateway is using aggressive mode and the local gateway is configured to use main mode
View answer
Correct Answer: AD
Question #32
View the exhibit, which contains the output of a diagnose command, and then answer the question below. Which statements are true regarding the output in the exhibit? (Choose two.)
A. FortiGate used 209
B. Servers with the D flag are considered to be down
C. FortiGate will probe 121
D. Servers with a negative TZ value are experiencing a service outage
View answer
Correct Answer: D
Question #33
View the exhibit, which contains a partial output of an IKE real-time debug, and then answer the question below. Based on the debug output, which phase-1 setting is enabled in the configuration of this VPN?
A. auto-discovery-receiver
B. auto-discovery-forwarder
C. auto-discovery-sender
D. auto-discovery-shortcut
View answer
Correct Answer: CD
Question #34
View these partial outputs from two routing debug commands: Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
A. Both port1 and port2
B. port3
C. port2
D. port1
View answer
Correct Answer: C
Question #35
View the central management configuration shown in the exhibit, and then answer the question below. Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?
A. 10
B. Public FortiGuard servers
C. 10
D. 10
View answer
Correct Answer: B
Question #36
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
A. FortiGate uses the requested URL from the user’s web browser
B. FortiGate uses the CN information from the Subject field in the server certificate
C. FortiGate blocks the request without any further inspection
D. FortiGate switches to the full SSL inspection method to decrypt the data
View answer
Correct Answer: C
Question #37
Refer to the exhibit, which contains the output of diagnose sys session stat. Which two statements about the output shown are correct? (Choose two.)
A. No sessions have been deleted because of memory pages exhaustion
B. There are 0 ephemeral sessions
C. There are 168 TCP sessions waiting to complete the three-way handshake
D. All the sessions in the session table are TCP sessions
View answer
Correct Answer: C
Question #38
View the exhibit, which contains the output of a real-time debug, and then answer the question below. Which of the following statements are true regarding this output (Choose two.)
A. This web request was inspected using the root web filter profile
B. The requested URL belongs to category ID 52
C. The web request was blocked by FortiGate
D. FortiGate found the requested URL in its local cache
View answer
Correct Answer: A
Question #39
View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below. Which of the following statements about the output shown are correct? (Choose two.)
A. There are 166 TCP sessions waiting to complete the three-way handshake
B. All the sessions in the session table are TCP sessions
C. There are 0 ephemeral sessions
D. No sessions have been deleted because of memory pages exhaustion
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: