Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

NSE7_NST-7.2Free trial

By fortinet

Verified

25Q per page

Question 1

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

A: FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
B: FortiGate uses the CN information from the Subject field in the server certificate.
C: FortiGate uses the first entry listed in the SAN field in the server certificate.
D: FortiGate uses the SNI from the user’s web browser.

—

Question 2

Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.

What three conclusions can you draw from these log entries? (Choose three.)

A: Remote registry is not running on the workstation.
B: The FortiGate firmware version is not compatible with that of the collector agent.
C: DNS resolution is unable to resolve the workstation name.
D: The user’s status shows as “not verified” in the collector agent.
E: A firewall is blocking traffic to port 139 and 445.

—

Question 3

Refer to the exhibit, which shows the output of get router info ospf neighbor.

What can you conclude from the command output?

A: The local FortiGate is not a DROther.
B: All neighbors are in area 0.0.0.0.
C: The local FortiGate is the BDR.
D: The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

—

Question 4

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

A: In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
B: In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.
C: In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
D: In the phase 1 network configuration, set the IKE version to 2.

—

Question 5

What are two functions of automation stitches? (Choose two.)

A: You can configure automation stitches on any FortiGate device in a Security Fabric environment.
B: You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
C: An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
D: You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.

—

Question 6

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

A: The port2 interface is disabled in the FortiGate configuration.
B: The port1 default route has a higher priority value than the default route using port2.
C: The port1 default route has a lower priority value than the default route using port2.
D: The port1 default route has a lower distance than the default route using port2.

—

Question 7

Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

A: All the sessions in the session table are TCP sessions.
B: 162 sessions have been deleted because of memory page exhaustion.
C: There are 166 TCP sessions waiting to complete the three-way handshake.
D: There are two sessions that have not been removed in case of any out-of- order packets that arrive.

—

Question 8

Refer to the exhibit, which shows a truncated output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

A: The name of the configured LDAP server is Lab.
B: The user is authenticating using CN=John Smith.
C: FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.
D: FortiOS is performing the second step (Search Request) in the LDAP authentication process.

—

Question 9

Refer to the exhibits.

An administrator is attempting to advertise the network configured on port3. However, FGT-A is not receiving the prefix.
Which two actions can the administrator take to fix this problem? (Choose two.)

A: Restart BGP using a soft reset, which forces both peers to exchange their complete BGP routing tables.
B: Manually add the BGP route on FGT-A.
C: Modify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.
D: Use the set network-import-check disable command.

—

Question 10

Refer to the exhibit, which shows the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

A: The local router initiated the BGP session to 10.200.3.1 but did not receive a response.
B: The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.
C: The router 10.200.3.1 has authentication configured for BGP and the local router does not.
D: The local router has a different AS number than the remote peer.

—

Question 11

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

A: The BGP route to 10.0.4.0/24 is not in the forwarding information base.
B: The default static route through port2 is in the forwarding information base.
C: The default static route through 10.200.1.254 is not in the forwarding information base.
D: The egress interface associated with static route 8.8.8.8/32 is administratively up.

—

Question 12

Refer to the exhibit.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?

A: Enable asymmetric routing under config system settings.
B: Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.
C: A firewall policy that allows all ICMP traffic from port3 to port1.
D: Change the configuration from strict RPF check mode to feasible RPF check mode.

—

Question 13

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

A: Refused connection. Potential mismatch of TCP port.
B: Mismatched pre-shared password.
C: Inability to reach IP address of the collector agent.
D: Log is full on the collector agent.
E: Incompatible collector agent software version.

—

Question 14

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

What three actions must you take to ensure successful communication? (Choose three.)

A: Ensure the port for Neighbor Discovery has been changed.
B: FortiGate must not be in NAT mode.
C: Ensure TCP port 8013 is not blocked along the way.
D: You must authorize the downstream FortiGate on the root FortiGate.
E: You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

—

That’s the end of your free questions

You’ve reached the preview limit for NSE7_NST-7.2

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 69

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!