Download Fortinet NSE 7 -Enterprise Firewall 6-2.test-king.NSE7_EFW-6.2.2020-02-26.1e.18q.vcex

Download Exam

File Info

Exam Fortinet NSE 7 - Enterprise Firewall 6.2
Number NSE7_EFW-6.2
File Name Fortinet NSE 7 -Enterprise Firewall 6-2.test-king.NSE7_EFW-6.2.2020-02-26.1e.18q.vcex
Size 2.44 Mb
Posted February 26, 2020
Downloads 61

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Coupon: EXAM_HUB

Discount: 20%


Demo Questions

Question 1
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.) 

  • A: IPS failopen
  • B: mem failopen
  • C: AV failopen
  • D: UTM failopen

Question 2
Refer to the exhibit, which contains the partial output of a diagnose command. 


Based on the output, which two statements are correct? (Choose two.)

  • A: Anti-replay is enabled.
  • B: DPD is disabled.
  • C: Remote gateway IP is
  • D: Quick mode selectors are disabled.

Question 3
Which two statements about application layer test commands are true? (Choose two.)

  • A: They are used to filter real-time debugs.
  • B: They display real-time application debugs.
  • C: Some of them can be used to restart an application.
  • D: Some of them display statistics and configuration information about a feature or process.

Question 4
Which three conditions are required for two FortiGate devices to form an OSP adjacency? (Choose three.)

  • A: OSPF costs match
  • B: OSPF peer IDs match
  • C: Hello and dead intervals match
  • D: OSPF IP MTUs match
  • E: IP addresses are in the same subnet

Question 5
Which two statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

  • A: When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate.
  • B: When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
  • C: When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
  • D: When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

Question 6
Refer to the exhibit, which contains the output of diagnose sys session stat. 


Which two statements about the output shown are correct? (Choose two.)

  • A: No sessions have been deleted because of memory pages exhaustion.
  • B: There are 0 ephemeral sessions.
  • C: There are 168 TCP sessions waiting to complete the three-way handshake.
  • D: All the sessions in the session table are TCP sessions.

Question 7
Refer to the exhibit, which contains the output of diagnose sys session list. 


If the HA ID for the primary unit is zero (0), which statement about the output is true?

  • A: This session cannot be synced with the slave unit.
  • B: The inspection of this session has been offloaded to the slave unit.
  • C: The master unit is processing this traffic.
  • D: This session is for HA heartbeat traffic.

Question 8
Refer to the exhibit, which contains the partial output of an IKE real-time debug. 


Why did the tunnel not come up?

  • A: The pre-shared keys do not match
  • B: The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration.
  • C: The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration.
  • D: The remote gateway is using aggressive mode and the local gateway is configured to use main mode.

Question 9
An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem. 
Which statement about this command is true?

  • A: It forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
  • B: It disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
  • C: It sends a link failed signal to all connected devices.
  • D: It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

Question 10
What does the dirty flag mean in a FortiGate session?

  • A: The session must be removed from the former primary unit after an HA failover.
  • B: Traffic has been blocked by the antivirus inspection.
  • C: Traffic has been identified as from an application that is not allowed.
  • D: The next packet must be re-evaluated against the firewall policies.



You can buy ProfExam with a 20% discount..

Get Now!


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen


Use VCE Exam Simulator to open VCE files