Fortinet NSE7_EFW-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

The partial interlace configurator! of two FortiGate devices is shown

Which two conclusions can you draw from this configuration? (Choose two.)

AYou can include 4.4.4.4 and 4.4.4.2 IP addresses using sat vrdst command

BAt the time of failover, FortiGate_A will change its priority to 30

CBy default, preemption mode is enabled

DIn VRRP, you are restricted to add a third FortiGate into VRRP group 1.

Answer : B, C

Question 2

Refer to the exhibit.

Refer to the exhibit, which shows information about an OSPF interface

What two conclusions can you draw from this command output? (Choose two.)

ANGFW-1 sends its LSA updates to 224.0.0.6 address

BNGFW-1 sends its LSA updates to 224.0.0. 5 address

CNGFW-1 forms neighbor adjacency only with DR and BDR router.

DNGFW-1 forms neighbor adjacency only if other OSPF routers match the wait time of 40 seconds

Answer : A, C

Question 3

Which statement about ADVPN is true?

Alt only uses BGP for dynamic routing

BIt requires all the devices must be on the same AS for inter-region ADVPN topology

Clt is a combination of hub-and spoke and full-mesh topologies

DIt supports only on single hub-and spoke architecture

Answer : C

Question 4

In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)

AIt caches available firmware updates for both managed and unmanaged devices

BIt can be configured as an update server a rating server or both

CIt functions as rating server only for web filtering and antispam services

DIt downloads license information for registered and unregistered devices

Answer : B, C

Question 5

Refer to the exhibit, which contains a partial configuration of the global system.

What can you conclude from the output?

Aset strict-d^rty-session-check enable command instructs the FortiGate to offload all dirty session traffic to its SPU

Bset check-protocol-header loose command enables hardware acceleration on this FortiGate device.

Cset av-failopen pass command instructs the FortiGate to offload all traffic that uses the antivirus proxy to NP.

Dset memory-use-threshoId-extreme command instructs the FortiGate to disable hardware acceleration if the memory extreme threshold reaches 95%

Answer : B

Question 6

You are testing the implementation of a new custom remote desktop application in your network In which two ways can you eliminate false positives in IPS during this testing phase? (Choose two)

ACreate an IP address exception

BAdjust the rate-based signature threshold and its duration.

CEnable the preserve source pore option in the firewall policy

DPermanently bypass the affected endpoints

Answer : B, D

Question 7

Which statement is true regarding the Bidirectional Forwarding Detection protocol in BGP?

ABFD is only supported when two FortiGate devices are directly connected on the same network

BBFD is using BGP keepalive messages to check the status of BGP peer

CBFD is used to detect one way device failure

DBFD is enabled under config router bfd configuration

Answer : C

Fortinet NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Exam Practice Test