Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

NSE7_EFW-7.2Free trial

By fortinet

Verified

25Q per page

Question 1

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.
Why did the TCL script fail to make any changes to the managed device?

A: The TCL procedure run_cmd has not been created.
B: The TCL script must start with #include.
C: There is no corresponding #! to signify the end of the script.
D: The TCL procedure lacks the required loop statements to iterate through the changes.

—

Question 2

Refer to the exhibit, which shows the output of a BGP summary.

What two conclusions can you draw from this BGP summary? (Choose two.)

A: The BGP session with peer 10.127.0.75 is established.
B: External BGP (EBGP) exchanges routing information.
C: The router 100.64.3.1 has the parameter bfd set to enable.
D: The neighbors displayed are linked to a local router with the neighbor-range set to a value of 4.

—

Question 3

Refer to the exhibit, which shows a custom signature.

Which two modifications must you apply to the configuration of this custom signature so that you can save it on FortiGate? (Choose two.)

A: Ensure that the header syntax is F-SBID.
B: Add severity.
C: Add attack_id.
D: Start options with --.

—

Question 4

What are two functions of automation stitches? (Choose two.)

A: Automation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds.
B: An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.
C: Automation stitches can be configured on any FortiGate device in a Security Fabric environment.
D: An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

—

Question 5

Refer to the exhibit which shows config system central-management information.

Which setting must you configure for the web filtering feature to function?

A: Set update-server-location to automatic
B: Add server.fortiguard.net to the Server list
C: Configure securewf.fortiguard.net on the default servers
D: Configure server-type with the rating option

—

Question 6

Which two statements about the Security Fabric are true? (Choose two.)

A: FortiGate uses the FortiTelemetry protocol to communicate with FortiAnalyzer
B: Only the root FortiGate sends logs to FortiAnalyzer
C: Only FortiGate devices with configuration-sync set to default receive and synchronize global CMDB objects that the root FortiGate sends
D: Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer

—

Question 7

Refer to the exhibit which shows two configured FortiGate devices and peering over
FGSP.

The main link directly connects the two FortiGate devices and is configured using the set session-syn-dev <interface> command.
What is the primary reason to configure the main link?

A: To have only configuration synchronization in layer 3
B: To load balance both sessions and configuration synchronization between layer 2 and 3
C: To have both sessions and configuration synchronization in layer 3
D: To have both sessions and configuration synchronization in layer 2

—

Question 8

Refer to the exhibit, which shows a network diagram.

Which protocol should you use to configure the FortiGate cluster?

A: FGCP in active-passive mode
B: FGCP in active-active mode
C: FGSP
D: VRRP

—

Question 9

After enabling IPS, you receive feedback about traffic being dropped.
What could be the reason?

A: IPS is configured to monitor.
B: np-accel-node is set to enable.
C: fail-open is set to disable.
D: traffic-submit is set to disable.

—

Question 10

Refer to the exhibit which shows an ADVPN network.

Which VPN phase 1 parameters must you configure on the hub for the ADVPN feature to function? (Choose two.)

A: set auto-discovery-sender enable
B: set auto-discovery-receiver enable
C: set add-route enable
D: set auto-discovery-forwarder enable

—

Question 11

Which two statements about metadata variables are true? (Choose two.)

A: The metadata format is $<metadata_variable_name>.
B: You create them on FortiGate.
C: They can be used as variables in scripts.
D: They apply only to non-firewall objects.

—

Question 12

You want to improve reliability over a lossy IPSec tunnel.
Which combination of IPSec phase 1 parameters should you configure?

A: fec-ingress and fsc-egrsss
B: dpd and dpd-retryinterval
C: fragmentation and fragmentation-mtu
D: keepalive and keylive

—

Question 13

Refer to the exhibits, which contain the network topology and BGP configuration for a hub.
Exhibit A.

Exhibit B.

An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other.
What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke?

A: Configure the hub as a route reflector
B: Configure auto-discovery-sender on the hub
C: Add a prefix list to the hub that permits routes to be shared between the spokes
D: Enable route redistribution under config router bgp

—

Question 14

Refer to the exhibit, which contains a partial VPN configuration.

What can you conclude from this configuration?

A: FortiGate creates separate virtual interfaces for each dial-up client
B: The VPN should use the dynamic routing protocol to exchange routing information through the tunnels
C: Dead peer detection is disabled
D: The routing table shows a single IPSec virtual interface

—

Question 15

Refer to the exhibit which shows information about an OSPF interface.

What two conclusions can you draw from this command output? (Choose two.)

A: The interfaces of the OSPF routers match the MTU value that is configured as 1500.
B: NGFW-1 is the designated router.
C: The port3 network has more than one OSPF router.
D: The OSPF routers are in the area ID of 0.0.0.1.

—

Question 16

Which two statements about the BFD parameter in BGP are true? (Choose two.)

A: It detects only two-way failures.
B: The two routers must be connected to the same subnet.
C: It allows failure detection in less than one second.
D: It is supported for neighbors over multiple hops.

—

That’s the end of your free questions

You’ve reached the preview limit for NSE7_EFW-7.2

Consider upgrading to gain full access!

Page 1 of 4 • Questions 1-25 of 76

1 2 3 4

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!