Is the NSE7 practice exam free?

Yes. ExamCademy offers all 82 NSE7 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the NSE7 practice questions?

All NSE7 questions are community-created and reviewed by moderators to align with Fortinet's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the NSE7 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Fortinet documentation and hands-on experience for best results.

82Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

System configuration

1 2 3 4

→

Know a question that should be here? Contribute to this exam

What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode?

A av-failopen
B mem-failopen
C utm-failopen
D ips-failopen

Examine the following partial output from two system debug commands; then answer the question below.

diagnose hardware sysinfo memory

MemTotal: 3092728 kB
MemFree: 1954204 kB
MemShared: 0 kB
Buffers: 284 kB
Cached: 143004 kB
SwapCached: 0 kB
Active: 34092 kB
Inactive: 109256 kB
HighTotal 1179648 kB
HighFree: 853516 kB
LowTotal: 1913080 kB
LowFree: 1100688 kB
SwapTotal: 0 kB
SwapFree: 0 kB

diagnose hardware sysinfo shm

SHM counter: 285
SHM allocated: 6823936
SHM total: 623452160
concervemode: 0
shm last entered: n/a
system last entered: n/a
SHM FS total: 639725568
SHM FS free: 632614912
SHM FS avail: 632614912
SHM FS alloc: 7110656
Which of the following statements are true regarding the above outputs? (Choose two.)

A The unit is running a 32-bit FortiOS
B The unit is in kernel conserve mode
C The Cached value is always the Active value plus the Inactive value
D Kernel indirectly accesses the low memory (LowTotal) through memory paging

Examine the following partial output from a sniffer command; then answer the question below.

diagnose sniff packet any icmp 4

interfaces=[any]
filters=[icmp]
2.101199 wan2 in 192.168.1.110 -> 4.2.2.2: icmp: echo request
2.1011400 wan1 out 172.17.87.16 -> 4.2.2.2: icmp: echo request
.....
2.123500 wan2 out 4.2.2.2 -> 192.168.1.110: icmp: echo reply
244 packets received by filter
5 packets dropped by kernel
What is the meaning of the packets dropped counter at the end of the sniffer?

A Number of packets that didn’t match the sniffer filter.
B Number of total packets dropped by the FortiGate.
C Number of packets that matched the sniffer filter and were dropped by the FortiGate.
D Number of packets that matched the sniffer filter but could not be captured by the sniffer.

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)
.
B. The FortiGuard license for the primary unit is updated.
C. One of the monitored interfaces in the primary unit is disconnected.
D. A secondary unit is removed from the HA cluster.

A FortiGate's port1 is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP. Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)

A Both session have the local flag on.
B The destination IP addresses of both sessions are IP addresses assigned to FortiGate's interfaces.
C One session has the proxy flag on, the other one does not.
D One of the sessions has the IP address of port2 as the source IP address.

Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.

diagnose debug authd fsso list

----FSSO logons----
IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB
The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

A The IP address recorded in the logon event for the user STUDENT.
B The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
C The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.
D The reserve DNS lookup for the IP address 192.168.3.1.

Examine the partial output from two web filter debug commands; then answer the question below:

Question Image

Based on the above outputs, which is the FortiGuard web filter category for the web site www.fgt99.com?

A Finance and banking
B General organization.
C Business.
D Information technology.

Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?

A Diagnose debug application radius -1.
B Diagnose debug application fnbamd -1.
C Diagnose authd console ""log enable.
D Diagnose radius console ""log enable.

Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

A SIP session helper runs in the kernel; SIP ALG runs as a user space process.
B SIP ALG supports SIP HA failover; SIP helper does not.
C SIP ALG supports SIP over IPv6; SIP helper does not.
D SIP ALG can create expected sessions for media traffic; SIP helper does not.
E SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.

Examine the following partial outputs from two routing debug commands; then answer the question below:

Question Image

Why the default route using port2 is not displayed in the output of the second command?

A It has a lower priority than the default route using port1.
B It has a higher priority than the default route using port1.
C It has a higher distance than the default route using port1.
D It is disabled in the FortiGate configuration.

View the exhibit, which contains the output of diagnose sys session stat, and then answer the question below.

Question Image

Which statements are correct regarding the output shown? (Choose two.)

A There are 0 ephemeral sessions.
B All the sessions in the session table are TCP sessions.
C No sessions have been deleted because of memory pages exhaustion.
D There are 166 TCP sessions waiting to complete the three-way handshake.

Which of the following statements are correct regarding application layer test commands? (Choose two.)

A They are used to filter real-time debugs.
B They display real-time application debugs.
C Some of them display statistics and configuration information about a feature or process.
D Some of them can be used to restart an application.

View these partial outputs from two routing debug commands:

Question Image

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

A Both port1 and port2
B port3
C port1
D port2

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI)?

A FortiGate uses the Issued To: field in the server's certificate.
B FortiGate switches to the full SSL inspection method to decrypt the data.
C FortiGate blocks the request without any further inspection.
D FortiGate uses the requested URL from the user's web browser.

View the exhibit, which contains the output of a diagnose command, and then answer the question below.

Question Image

Which statements are true regarding the output in the exhibit? (Choose two.)

A FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
B Servers with the D flag are considered to be down.
C Servers with a negative TZ value are experiencing a service outage.
D FortiGate used 209.222.147.3 as the initial server to validate its contract.

Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)

A The next-hop IP address is up.
B There is no other route, to the same destination, with a higher distance.
C The link health monitor (if configured) is up.
D The next-hop IP address belongs to one of the outgoing interface subnets.
E The outgoing interface is up.

What conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

A IP addresses are in the same subnet.
B Hello and dead intervals match.
C OSPF IP MTUs match.
D OSPF peer IDs match.
E OSPF costs match.

In which of the following states is a given session categorized as ephemeral? (Choose two.)

A A TCP session waiting to complete the three-way handshake.
B A TCP session waiting for FIN ACK.
C A UDP session with packets sent and received.
D A UDP session with only one packet received.

View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.

Question Image

The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?

A Change phase 1 encryption to AESCBC and authentication to SHA128.
B Change phase 1 encryption to 3DES and authentication to CBC.
C Change phase 1 encryption to AES128 and authentication to SHA512.
D Change phase 1 encryption to 3DES and authentication to SHA256.

What configuration changes can reduce the memory utilization in a FortiGate? (Choose two.)

A Reduce the session time to live.
B Increase the TCP session timers.
C Increase the FortiGuard cache time to live.
D Reduce the maximum file size to inspect.

The CLI command set intelligent-mode <enable | disable> controls the IPS engine's adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

A Determines the optimal number of IPS engines required based on system load.
B Downloads signatures on demand from FDS based on scanning requirements.
C Determines when it is secure enough to stop scanning session traffic.
D Choose a matching algorithm based on available memory and the type of inspection being performed.

View the exhibit, which contains a screenshot of some phase-1 settings, and then answer the question below.

Question Image

The VPN is up, and DPD packets are being exchanged between both IPsec gateways; however, traffic cannot pass through the tunnel. To diagnose, the administrator enters these CLI commands:

Question Image

However, the IKE real time debug does not show any output. Why?

A The debug output shows phases 1 and 2 negotiations only. Once the tunnel is up, it does not show any more output.
B The log-filter setting was set incorrectly. The VPN's traffic does not match this filter.
C The debug shows only error messages. If there is no output, then the tunnel is operating normally.
D The debug output shows phase 1 negotiation only. After that, the administrator must enable the following real time debug: diagnose debug application ipsec -1.

View the exhibit, which contains a session entry, and then answer the question below.

Question Image

Which statement is correct regarding this session?

A It is an ICMP session from 10.1.10.10 to 10.200.1.1.
B It is an ICMP session from 10.1.10.10 to 10.200.5.1.
C It is a TCP session in ESTABLISHED state from 10.1.10.10 to 10.200.5.1.
D It is a TCP session in CLOSE_WAIT state from 10.1.10.10 to 10.200.1.1.

A corporate network allows Internet Access to FSSO users only. The FSSO user student does not have Internet access after successfully logged into the
Windows AD network. The output of the "˜diagnose debug authd fsso list' command does not show student as an active FSSO user. Other FSSO users can access the Internet without problems. What should the administrator check? (Choose two.)

A The user student must not be listed in the CA's ignore user list.
B The user student must belong to one or more of the monitored user groups.
C The student workstation's IP subnet must be listed in the CA's trusted list.
D At least one of the student's user groups must be allowed by a FortiGate firewall policy.

Examine the following traffic log; then answer the question below. date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kernel status=failure msg="NAT port is exhausted."
What does the log mean?

A There is not enough available memory in the system to create a new entry in the NAT port table.
B The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
C FortiGate does not have any available NAT port for a new connection.
D The limit for the maximum number of entries in the NAT port table has been reached.

NSE7Preview

About the NSE7 Exam

Question 1

Question 2

Question 3

Question 5

Question 6

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

Question 27

diagnose hardware sysinfo memory

diagnose hardware sysinfo shm

diagnose sniff packet any icmp 4

diagnose debug authd fsso list

NSE7Preview

About the NSE7 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 5

Question 6

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

Question 27

diagnose hardware sysinfo memory

diagnose hardware sysinfo shm

diagnose sniff packet any icmp 4

diagnose debug authd fsso list