NSE7_EFW-7.0 Online Practice Questions and Answers

Two independent FortiGate HA clusters are connected to the same broadcast domain. The administrator has reported that both clusters are using the same HA virtual MAC address. This creates a duplicated MAC address problem in the network. What HA setting must be changed in one of the HA clusters to fix the problem?

A. Group ID.

B. Group name.

C. Session pickup.

D. Gratuitous ARPs.

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link- failed-signal to fix the problem.

Which statement about this setting is true?

A. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

B. It sends a link failed signal to all connected devices.

C. It disabled all the non-heartbeat interfaces in all HA members for two seconds after a failover.

D. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.

Which configuration can be used to reduce the number of BGP sessions in an IBGP network?

A. Neighbor range

B. Route reflector

C. Next-hop-self

D. Neighbor group

Which statement is true regarding File description (FD) conserve mode?

A. IPS inspection is affected when FortiGate enters FD conserve mode.

B. A FortiGate enters FD conserve mode when the amount of available description is less than 5%.

C. FD conserve mode affects all daemons running on the device.

D. Restarting the WAD process is required to leave FD conserve mode.

Refer to the exhibit, which contains the output of diagnose sys session list.

If the HA ID for the primary unit is zero (0), which statement about the output is true?

A. This session cannot be synced with the slave unit.

B. The inspection of this session has been offloaded to the slave unit.

C. The master unit is processing this traffic.

D. This session is for HA heartbeat traffic.

View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration?

A. IPS will scan every byte in every session.

B. FortiGate will spawn IPS engine instances based on the system load.

C. New packets will be passed through without inspection if the IPS socket buffer runs out of memory.

D. IPS will use the faster matching algorithm which is only available for units with more than 4 GB memory.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

A. The remote gateway IP address is 10.0.0.1.

B. The initiator provided remote as its IPsec peer ID.

C. It shows a phase 1 negotiation.

D. The negotiation is using AES128 encryption with CBC hash.

Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)

A. The link health monitor (if configured) is up.

B. There is no other route, to the same destination, with a higher distance.

C. The outgoing interface is up.

D. The next-hop IP address is up.

What is the diagnose test application ipsmonitor 99 command used for?

A. To enable IPS bypass mode

B. To provide information regarding IPS sessions

C. To disable the IPS engine

D. To restart all IPS engines and monitors

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

A. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

B. When run on the Device Database, changes are applied directly to the managed FortiGate device.

C. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

D. When run on the Policy Package, ADOM database, you must use the installation wizard to apply the changes to the managed FortiGate device