Fortinet NSE7_EFW-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit, which shows an SSL certification inspection configuration.

Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?

AFortiGate uses the first entry listed in the SAN field in the server certificate

BFortiGate uses the CN information from the Subject field in the server certificate

CFortiGate uses the SNI from the user's web browser.

DFortiGate closes the connection because this represents an invalid SSL/TLS configuration

Answer : D

Question 2

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

AOnly the DR receives link state information from non-DR routers.

BNon-DR and non-BDR routers form full adjacencies to DR only.

CFortiGate first checks the OSPF ID to elect a DR.

DNon-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.

Answer : B

Question 3

Refer to the exhibits, which contain the network topology and BGP configuration for a hub.

Exhibit A.

Exhibit B.

An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other.

What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke?

AConfigure the hub as a route reflector

BConfigure auto-discovery-sender on the hub

CAdd a prefix list to the hub that permits routes to be shared between the spokes

DEnable route redistribution under config router bgp

Answer : B

Question 4

What are two functions of automation stitches? (Choose two.)

AAutomation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds.

BAn automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

CAutomation stitches can be configured on any FortiGate device in a Security Fabric environment.

DAn automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Answer : A, D

Question 5

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

AWhen run on the Device Database, changes are applied directly to the managed FortiGate device.

BWhen run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

CWhen run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

DWhen run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device.

Answer : B, D

Question 6

Refer to the exhibit, which shows a routing table.

What two options can you configure in OSPF to block the advertisement of the 10.1.10.0 prefix? (Choose two.)

ARemove the 16.1.10.C prefix from the OSPF network

BConfigure a distribute-list-out

CConfigure a route-map out

DDisable Redistribute Connected

Answer : B, C

To block the advertisement of the 10.1.10.0 prefix in OSPF, you can configure a distribute-list-out or a route-map out.A distribute-list-out is used to filter outgoing routing updates from being advertised to OSPF neighbors1.A route-map out can also be used for filtering and is applied to outbound routing updates2.Reference: Technical Tip: Inbound route filtering in OSPF usi ... - Fortinet Community,OSPF | FortiGate / FortiOS 7.2.2 - Fortinet Documentation

Question 7

Refer to the exhibit.

which contains a partial configuration of the global system. What can you conclude from this output?

ANPs and CPs are enabled

BOnly CPs arc disabled

COnly NPs are disabled

DNPs and CPs arc disabled

Answer : D

The configuration output shows various global settings for a FortiGate device. The terms NP (Network Processor) and CP (Content Processor) relate to FortiGate's hardware acceleration features. However, the provided configuration output does not directly mention the status (enabled or disabled) of NPs and CPs. Typically, the command to disable or enable hardware acceleration features would specifically mention NP or CP in the command syntax. Therefore, based on the output provided, we cannot conclusively determine the status of NPs and CPs, hence option D is the closest answer since the output does not confirm that they are enabled.

FortiOS Handbook - CLI Reference for FortiOS 5.2

Fortinet NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Exam Practice Test