New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0

NSE7_EFW-7.0 Exam Dumps - Fortinet NSE 7 - Enterprise Firewall 7.0

Go to page:
Question # 17

Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

A.

If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

B.

If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.

C.

If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.

D.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

Full Access
Question # 18

When using the SSL certificate inspection method for HTTPS traffic, how does FortiGate filter web requests when the browser client does not provide the server name indication (SNI) extension?

A.

FortiGate uses CN information from the Subject field in the server’s certificate.

B.

FortiGate switches to the full SSL inspection method to decrypt the data.

C.

FortiGate blocks the request without any further inspection.

D.

FortiGate uses the requested URL from the user’s web browser.

Full Access
Question # 19

Refer to the exhibit, which contains a CLI script configuration on FortiManager.

An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed.

What are two reasons why the script did not make any changes to the managed device? (Choose two.)

A.

Static routes can be added using only TCL scripts.

B.

The commands that start with the # sign did not run.

C.

CLI scripts must start with #!.

D.

Incomplete commands can cause CLI scripts to fail.

Full Access
Question # 20

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

A.

In the phase 1 network configuration, set the IKE version to 2.

B.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

C.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

D.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

Full Access
Question # 21

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

A.

The port2 interface is disabled in the FortiGate configuration.

B.

The port1 default route has a lower distance than the default route using port2.

C.

The port1 default route has a higher priority value than the default route using port2.

D.

The port1 default route has a lower priority value than the default route using port2.

Full Access
Question # 22

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.

Based on the output, which two statements are correct? (Choose two.)

A.

The npu_flag for this tunnel is 03.

B.

Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.

C.

Anti-replay is enabled.

D.

The npu_flag for this tunnel is 02.

Full Access
Question # 23

Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)

A.

The link health monitor (if configured) is up.

B.

There is no other route, to the same destination, with a higher distance.

C.

The outgoing interface is up.

D.

The next-hop IP address is up.

Full Access
Question # 24

Which two statements about OCVPN are true? (Choose two.)

A.

Only root vdom supports OCVPN.

B.

OCVPN supports static and dynamic IPs in WAN interface.

C.

OCVPN offers only Hub-Spoke VPNs.

D.

FortiGate devices under different FortiCare accounts can be used to form OCVPN.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps