nse7_efw-70

Here you have the best Fortinet nse7_efw-70 practice exam questions

  • You have 60 total questions to study from
  • Each page has 5 questions, making a total of 12 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on November 16, 2024
Question 1 of 60

Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

    Correct Answer: A, B, D

    For two FortiGate devices to form an OSPF adjacency, three key conditions must be met. First, OSPF interface network types must match, ensuring that both devices operate on the same OSPF network type and can communicate effectively. Second, OSPF router IDs must be unique to avoid identification conflicts. Each OSPF router within an OSPF area must have a unique router ID for proper routing operations. Third, the authentication settings must match to ensure secure and validated communication between the two devices. Mismatched authentication settings will prevent the formation of an adjacency.

Question 2 of 60

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

    Correct Answer: C

    The debug output shows that the remote gateway offers proposals including AES-CBC for encryption and SHA-2 for hashing. To resolve the phase 1 negotiation error, adding the proposal with AES-CBC and SHA-2 to the local gateway's phase 1 proposal configuration ensures compatibility with the remote gateway's proposals. Hence, adding AESCBC-SHA2 to the list of encryption algorithms would be the correct configuration change.

Question 3 of 60

Refer to the exhibit, which shows the output of a web filtering diagnose command.

Which configuration change would result in non-zero results in the cache statistics section?

    Correct Answer: B

    To result in non-zero results in the cache statistics section, the web filtering cache must be enabled. The correct configuration change to achieve this is setting 'webfilter-cache enable' under 'config system fortiguard'. This setting enables the web filtering cache, allowing statistics to be populated.

Question 4 of 60

Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

    Correct Answer: D

    Since the 'snat-route-change' setting is disabled, sessions using SNAT will continue to use the same outbound interface as long as the old route is still active. This means that even if the priority on route ID 2 were changed from 10 to 0, the session would remain in the session table and its traffic would continue to egress from port1, which is the interface associated with the initial route.

Question 5 of 60

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to test session failover between the two service provider connections.

What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

    Correct Answer: A, C

    To force the existing session to immediately start using the other interface, the administrator needs to enable the 'snat-route-change' setting and change the priority of the static routes. Enabling 'snat-route-change' ensures that routing information is flushed from existing SNAT sessions after a routing change, enabling these sessions to use the new best route. Additionally, changing the priority of the port1 static route to a higher value will force the failover by making port2 the preferred route. Therefore, the correct options are to configure 'set snat-route-change enable' and to change the priority of the port1 static route to 11.