Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

NSE7-EFW-7-2 by Fortinet - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 4 • Questions 1-25 of 76

1 2 3 4

→

Know a question that should be here? Contribute to this exam

You want to improve reliability over a lossy IPSec tunnel.
Which combination of IPSec phase 1 parameters should you configure?

A fec-ingress and fsc-egrsss
B dpd and dpd-retryinterval
C fragmentation and fragmentation-mtu
D keepalive and keylive

Refer to the exhibit, which contains a TCL script configuration on FortiManager.

Question Image

An administrator has configured the TCL script on FortiManager, but the TCL script failed to apply any changes to the managed device after being run.
Why did the TCL script fail to make any changes to the managed device?

A The TCL procedure run_cmd has not been created.
B The TCL script must start with #include.
C There is no corresponding #! to signify the end of the script.
D The TCL procedure lacks the required loop statements to iterate through the changes.

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

A When run on the Device Database, changes are applied directly to the managed FortiGate device.
B When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
C When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.
D When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device.

Refer to the exhibit, which contains a partial configuration of the global system.

Question Image

What can you conclude from this output?

A Only NPs are disabled
B Only CPs are disabled
C NPs and CPs are enabled
D NPs and CPs are disabled

Which two statements about the neighbor-group command are true? (Choose two.)

A It applies common settings in an OSPF area
B You can apply it in Internal BGP (IBGP) and External BGP (EBGP)
C You can configure it on the GUI
D It is combined with the neighbor-range parameter

Refer to the exhibits, which show the configurations of two address objects from the same FortiGate.

Engineering address object -

Question Image

Finance address object -

Question Image

Why can you modify the Engineering address object, but not the Finance address object?

A You have read-only access.
B Another user is editing the Finance address object in workspace mode.
C FortiGate joined the Security Fabric and the Finance address object was configured on the root FortiGate.
D FortiGate is registered on FortiManager.

Which two statements about IKE version 2 fragmentation are true? (Choose two.)

A Only some IKE version 2 packets are considered fragmentable
B The reassembly timeout default value is 30 seconds
C It is performed at the IP layer
D The maximum number of IKE version 2 fragments is 128

Refer to the exhibit, which contains information about an IPsec VPN tunnel.

Question Image

What two conclusions can you draw from the command output? (Choose two.)

A Dead peer detection is set to enable
B The IKE version is 2
C Both IPsec SAs are loaded on the kernel
D Forward error correction in phase 2 is set to enable

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?

A Configure set link-failed-signal enable under config system ha on both cluster members
B Configure set send-garp-on-failover enable under config system ha on both cluster members.
C Configure remote link monitoring to detect an issue in the forwarding path.
D Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.

Refer to the exhibit, which shows a custom signature.

Question Image

Which two modifications must you apply to the configuration of this custom signature so that you can save it on FortiGate? (Choose two.)

A Ensure that the header syntax is F-SBID.
B Add severity.
C Add attack_id.
D Start options with --.

Refer to the exhibit, which shows the output of a BGP summary.

Question Image

What two conclusions can you draw from this BGP summary? (Choose two.)

A The BGP session with peer 10.127.0.75 is established.
B External BGP (EBGP) exchanges routing information.
C The router 100.64.3.1 has the parameter bfd set to enable.
D The neighbors displayed are linked to a local router with the neighbor-range set to a value of 4.

What are two functions of automation stitches? (Choose two.)

A Automation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds.
B An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.
C Automation stitches can be configured on any FortiGate device in a Security Fabric environment.
D An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

Refer to the exhibit which shows config system central-management information.

Question Image

Which setting must you configure for the web filtering feature to function?

A Set update-server-location to automatic
B Add server.fortiguard.net to the Server list
C Configure securewf.fortiguard.net on the default servers
D Configure server-type with the rating option

Refer to the exhibit which shows two configured FortiGate devices and peering over
FGSP.

Question Image

The main link directly connects the two FortiGate devices and is configured using the set session-syn-dev <interface> command.
What is the primary reason to configure the main link?

A To have only configuration synchronization in layer 3
B To load balance both sessions and configuration synchronization between layer 2 and 3
C To have both sessions and configuration synchronization in layer 3
D To have both sessions and configuration synchronization in layer 2

Which two statements about the Security Fabric are true? (Choose two.)

A FortiGate uses the FortiTelemetry protocol to communicate with FortiAnalyzer
B Only the root FortiGate sends logs to FortiAnalyzer
C Only FortiGate devices with configuration-sync set to default receive and synchronize global CMDB objects that the root FortiGate sends
D Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer

Refer to the exhibit, which shows a network diagram.

Question Image

Which protocol should you use to configure the FortiGate cluster?

A FGCP in active-passive mode
B FGCP in active-active mode
C FGSP
D VRRP

NSE7-EFW-7-2Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

That's the end of the Preview