Fortinet NSE7_EFW-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit, which shows an SSL certification inspection configuration.

Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?

AFortiGate uses the first entry listed in the SAN field in the server certificate

BFortiGate uses the CN information from the Subject field in the server certificate

CFortiGate uses the SNI from the user's web browser.

DFortiGate closes the connection because this represents an invalid SSL/TLS configuration

Answer : D

Question 2

Refer to the exhibits, which contain the network topology and BGP configuration for a hub.

Exhibit A.

Exhibit B.

An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other.

What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke?

AConfigure the hub as a route reflector

BConfigure auto-discovery-sender on the hub

CAdd a prefix list to the hub that permits routes to be shared between the spokes

DEnable route redistribution under config router bgp

Answer : B

Question 3

What are two functions of automation stitches? (Choose two.)

AAutomation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds.

BAn automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

CAutomation stitches can be configured on any FortiGate device in a Security Fabric environment.

DAn automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Answer : A, D

Question 4

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

AWhen run on the Device Database, changes are applied directly to the managed FortiGate device.

BWhen run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

CWhen run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

DWhen run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device.

Answer : B, D

Question 5

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed

to apply any changes to the managed device after being run.

Why did the TCL script fail to make any changes to the managed device?

AThe TCL procedure run_cmd has not been created.

BThe TCL script must start with #include.

CThere is no corresponding #! to signify the end of the script.

DThe TCL procedure lacks the required loop statements to iterate through the changes.

Answer : A

Question 6

Refer to the exhibit, which shows an error in system fortiguard configuration.

What is the reason you cannot set the protocol to udp in config system fortiguard?

AFortiManager provides FortiGuard.

Bfortiguard-anycast is set to enable.

CYou do not have the corresponding write access.

Dudp is not a protocol option.

Answer : B

The reason for the command failure when trying to set the protocol to UDP in the config system fortiguard is likely that UDP is not a protocol option in this context. The command syntax might be incorrect or the option to set a protocol for FortiGuard updates might not exist in this manner. So the correct answer is D. udp is not a protocol option.

Question 7

Exhibit.

Refer to exhibit, which shows a central management configuration

Which server will FortiGate choose for web filler rating requests if 10.0.1.240 is experiencing an outage?

APublic FortiGuard servers

B10.0.1.242

C10.0.1.244

D10.0.1.243

Answer : C

In the event of an outage at 10.0.1.240, the FortiGate will choose the next server in the sequence for web filter rating requests, which is 10.0.1.244 according to the configuration shown in the exhibit. This is because the server list is ordered by priority, and the server with the lowest priority number is chosen first. If that server is unavailable, the next server with the next lowest priority number is chosen, and so on. The public FortiGuard servers are only used if the include-default-servers option is enabled and all the custom servers are unavailable.Reference: Fortinet Enterprise Firewall Study Guide for FortiOS 7.2, page 132.

Fortinet NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Exam Practice Test