NSE7_EFW-7.2 Fortinet Exam Questions and Free Practice Test

Question 7

Refer to the exhibit, which shows a network diagram.
NSE7_EFW-7.2 dumps exhibit
Which protocol should you use to configure the FortiGate cluster?

A. FGCP in active-passive mode

B. OFGSP

C. VRRP

D. FGCP in active-active mode

Correct Answer:A
Given the network diagram and the presence of two FortiGate devices, the Fortinet Gate Clustering Protocol (FGCP) in active-passive mode is the most appropriate for setting up a FortiGate cluster. FGCP supports high availability configurations and is designed to allow one FortiGate to seamlessly take over if the other fails, providing continuous network availability. This is supported by Fortinet documentation for high availability configurations using FGCP.

Question 8

Exhibit.
NSE7_EFW-7.2 dumps exhibit
Refer to the exhibit, which shows a partial web filter profile conjuration
What can you cone udo from this configuration about access towww.facebook, com, which is categorized as Social Networking?

A. The access is blocked based on the Content Filter configuration

B. The access is allowed based on the FortiGuard Category Based Filter configuration

C. The access is blocked based on the URL Filter configuration

D. The access is hocked if the local or the public FortiGuard server does not reply

Correct Answer:C
The access to www.facebook.com is blocked based on the URL Filter configuration. In the exhibit, it shows that the URL “www.facebook.com” is specifically set to “Block” under the URL Filter section1. References := Fortigate: How to configure Web Filter function on Fortigate, Web filter | FortiGate / FortiOS 7.0.2 | Fortinet Document
Library, FortiGate HTTPS web URL filtering … - Fortinet … - Fortinet Community

Question 9

Refer to the exhibit, which shows an ADVPN network.
NSE7_EFW-7.2 dumps exhibit
Which VPN phase 1 parameters must you configure on the hub for the ADVPN feature to function? (Choose two.)

A. set auto-discovery-forwarder enable

B. set add-route enable

C. set auto-discovery-receiver enable

D. set auto-discovery-sender enable

Correct Answer:AC
For the ADVPN feature to function properly on the hub, the following phase 1 parameters must be configured:
* A. set auto-discovery-forwarder enable: This enables the hub to forward shortcut information to the spokes, which is essential for them to establish direct tunnels.
* C. set auto-discovery-receiver enable: This allows the hub to receive shortcut offers from the spokes.
This information is corroborated by the Fortinet documentation, which explains that in an ADVPN setup, the hub must be able to both forward and receive shortcut information for dynamic tunnel creation between spokes.

Question 10

You want to improve reliability over a lossy IPSec tunnel.
Which combination of IPSec phase 1 parameters should you configure?

A. fec-ingress and fec-egress

B. Odpd and dpd-retryinterval

C. fragmentation and fragmentation-mtu

D. keepalive and keylive

Correct Answer:C
For improving reliability over a lossy IPSec tunnel, the fragmentation and fragmentation-mtu parameters should be configured. In scenarios where there might be issues with packet size or an unreliable network, setting the IPsec phase 1 to allow for fragmentation will enable large packets to be broken down, preventing them from being dropped due to size or poor network quality. The fragmentation-mtu specifies the size of the fragments. This is aligned with Fortinet's recommendations for handling IPsec VPN over networks with potential packet loss or size limitations.

Question 11

Exhibit.
NSE7_EFW-7.2 dumps exhibit
Refer to the exhibit, which shows information about an OSPF interlace
What two conclusions can you draw from this command output? (Choose two.)

A. The port3 network has more man one OSPF router

B. The OSPF routers are in the area ID of 0.0.0.1.

C. The interfaces of the OSPF routers match the MTU value that is configured as 1500.

D. NGFW-1 is the designated router

Correct Answer:AC
From the OSPF interface command output, we can conclude that the port3 network has more than one OSPF router because the Neighbor Count is 2, indicating the presence of another OSPF router besides NGFW-1. Additionally, we can deduce that the interfaces of the OSPF routers match the MTU value configured as 1500, which is necessary for OSPF neighbors to form adjacencies. The MTU mismatch would prevent OSPF from forming a neighbor relationship.
References:
✑ Fortinet FortiOS Handbook: OSPF Configuration

Question 12

Refer to the exhibit.
NSE7_EFW-7.2 dumps exhibit
which contains a partial configuration of the global system. What can you conclude from this output?

A. NPs and CPs are enabled

B. Only CPs arc disabled

C. Only NPs are disabled

D. NPs and CPs arc disabled

Correct Answer:D
The configuration output shows various global settings for a FortiGate device. The terms NP (Network Processor) and CP (Content Processor) relate to FortiGate's hardware acceleration features. However, the provided configuration output does not directly mention the status (enabled or disabled) of NPs and CPs. Typically, the command to disable or enable hardware acceleration features would specifically mention NP or CP in the command syntax. Therefore, based on the output provided, we cannot conclusively determine the status of NPs and CPs, hence option D is the closest answer since the output does not confirm that they are enabled.
References:
✑ FortiOS Handbook - CLI Reference for FortiOS 5.2

START NSE7_EFW-7.2 EXAM