Apr-2023 Download Free Latest Exam NSE7_EFW-7.0 Certified Sample Questions [Q40-Q58]

Apr-2023 Download Free Latest Exam NSE7_EFW-7.0 Certified Sample Questions

Prepare for your exam certification with our NSE7_EFW-7.0 Certified Fortinet

NEW QUESTION 40
Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

• A. The FortiGuard license for the primary unit is updated.
• B. Primary unit stops sending HA heartbeat keepalives.
• C. A secondary unit is removed from the HA cluster.
• D. One of the monitored interfaces in the primary unit is disconnected.

Answer: B,D

 

NEW QUESTION 41
Refer to the exhibit, which contains a TCL script configuration on FortiManager.

An administrator has configured the TCL script on FortiManager, but failed to apply any changes to the managed device after being executed.
Why did the TCL script fail to make any changes to the managed device?

• A. The TCL command run_cmd has not been created.
• B. The TCL script must start with #include <>.
• C. Incomplete commands are ignored in TCL scripts.
• D. Changes in an interface configuration can only be done by CLI script.

Answer: A

 

NEW QUESTION 42
Examine the output of the 'get router info bgp summary' command shown in the exhibit; then answer the question below.

Which statement can explain why the state of the remote BGP peer 10.200.3.1 is Connect?

• A. The local peer has received the BGP prefixed from the remote peer.
• B. The local peer is receiving the BGP keepalives from the remote peer but it has not received the OpenConfirm yet.
• C. The local peer is receiving the BGP keepalives from the remote peer but it has not received any BGP prefix yet.
• D. The TCP session for the BGP connection to 10.200.3.1 is down.

Answer: D

 

NEW QUESTION 43
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem.
Which statement about this setting is true?

• A. It sends a link failed signal to all connected devices.
• B. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.
• C. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.
• D. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

Answer: C

 

NEW QUESTION 44
Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below.
diagnose debug authd fsso list -FSSO logons-IP: 192.168.3.1 User: STUDENT Groups: TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?

• A. The reserve DNS lookup forthe IP address 192.168.3.1.
• B. The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
• C. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.
• D. The IP address recorded in the logon event for the user STUDENT.

Answer: C

 

NEW QUESTION 45
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

• A. SIP ALG supports SIP over IPv6; SIP helper does not.
• B. SIP ALG can create expected sessions for media traffic; SIP helper does not.
• C. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.
• D. SIP ALG supports SIP HA failover; SIP helper does not.
• E. SIP session helper runs in the kernel; SIP ALG runs as a user space process.

Answer: A,B,D

 

NEW QUESTION 46
Which of the following statements are true regarding the SIP session helper and the SIP application layer gateway (ALG)? (Choose three.)

• A. SIP ALG supports SIP over IPv6; SIP helper does not.
• B. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.
• C. SIP ALG supports SIP HA failover; SIP helper does not.
• D. SIP ALG can create expected sessions for media traffic; SIP helper does not.
• E. SIP session helper runs in the kernel; SIP ALG runs as a user space process.

Answer: A,C,E

 

NEW QUESTION 47
Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network .
What HA setting must be changed in one of the HA clusters to fix the problem?

• A. Gratuitous ARPs.
• B. Group name.
• C. Session pickup.
• D. Group ID.

Answer: D

 

NEW QUESTION 48
View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.

If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?

• A. This session is for HA heartbeat traffic.
• B. The inspection of this session has been offloaded to the slave unit.
• C. This session cannot be synced with the slave unit.
• D. This session is synced with the slave unit.

Answer: D

 

NEW QUESTION 49
View the exhibit, which contains the output of a web diagnose command, and then answer the question below.

Which one of the following statements explains why the cache statistics are all zeros?

• A. There are no users making web requests.
• B. The administrator has reallocated the cache memory to a separate process.
• C. The FortiGuard web filter cache is disabled in the FortiGate's configuration.
• D. FortiGate is using a flow-based web filter and the cache applies only to proxy-based inspection.

Answer: C

 

NEW QUESTION 50
Exhibits:


Refer to the exhibits, which contain the network topology and BGP configuration for a hub.
An administrator is trying to configure ADVPN with a hub-spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however, the spokes are not receiving route information from each other.
What change must the administrator make to the hub BGP configuration so that the routes learned by one spoke are forwarded to the other spokes?

• A. Configure an individual neighbor and remove neighbor-range configuration.
• B. Change the router id to 10.1.0.254.
• C. Configure the hub as a route reflector client.
• D. Make the configuration of remote-as different from the configuration of local-as.

Answer: C

 

NEW QUESTION 51
View the exhibit, which contains an entry in the session table, and then answer the question below.

Which one of the following statements is true regarding FortiGate's inspection of this session?

• A. FortiGate applied proxy-based inspection.
• B. FortiGate applied flow-based inspection.
• C. FortiGate applied explicit proxy-based inspection.
• D. FortiGate forwarded this session without any inspection.

Answer: A

 

NEW QUESTION 52
A FortiGate device has the following LDAP configuration:

The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user -samid administrator
"CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"
Based on the output, what FortiGate LDAP setting is configured incorrectly?

• A. password.
• B. cnid.
• C. username.
• D. dn.

Answer: C

 

NEW QUESTION 53
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

• A. AV failopen
• B. UTM failopen
• C. mem failopen
• D. IPS failopen

Answer: A,D

 

NEW QUESTION 54
View the exhibit, which contains the output of a debug command, and then answer the question below.

What statement is correct about this FortiGate?

• A. It is currently in kernel conserve mode because of high memory usage.
• B. It is currently in system conserve mode because of high memory usage.
• C. It is currently in system conserve mode because of high CPU usage.
• D. It is currently in FD conserve mode.

Answer: B

 

NEW QUESTION 55
A FortiGate is configured as an explicit web proxy. Clients using this web proxy are reposting DNS errors when accessing any website.
The administrator executes the following debug commands and observes that the n-dns-timeout counter is increasing:

What should the administrator check to fix the problem?

• A. That DNS service is enabled in the explicit web proxy interface.
• B. The connectivity between the client workstations and the DNS server.
• C. The connectivity between the FortiGate unit and the DNS server.
• D. That DNS traffic from client workstations is allowed by the explicit web proxy policies.

Answer: C

 

NEW QUESTION 56
View the exhibit, which contains the output of a BGP debug command, and then answer the question below.

Which of the following statements about the exhibit are true? (Choose two.)

• A. The local router's BGP state is Established with the 10.125.0.60 peer.
• B. Since the counters were last reset; the 10.200.3.1 peer has never been down.
• C. The local router has received a total of three BGP prefixes from all peers.
• D. The local router has not established a TCP session with 100.64.3.1.

Answer: A,D

 

NEW QUESTION 57
View the exhibit, which contains the output of get sys ha status, and then answer the question below.

Which statements are correct regarding the output? (Choose two.)

• A. port 7 is used the HA heartbeat on all devices in the cluster.
• B. The slave configuration is not synchronized with the master.
• C. Master is selected because it is the only device in the cluster.
• D. The HA management IP is 169.254.0.2.

Answer: A,B

 

NEW QUESTION 58
......

Free Fortinet NSE7_EFW-7.0 Exam 2023 Practice Materials Collection: https://www.torrentvalid.com/NSE7_EFW-7.0-valid-braindumps-torrent.html

NSE7_EFW-7.0 Exam Info and Free Practice Test All-in-One Exam Guide Apr-2023: https://drive.google.com/open?id=1J65BIiuDVbLnlVazqykE9v4zDMhN-sDO