Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the Fortinet NSE 7 Network Security Architect NSE7_EFW-7.2 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam NSE7_EFW-7.2 Premium Access

View all detail and faqs for the NSE7_EFW-7.2 exam

Go to Exam

826 Students Passed

90% Average Score

98% Same Questions
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

Refer to the exhibit, which shows device registration on FortiManager.

Question # 11

What can you conclude about the Spoke-1 and Spoke-2 configurations with respect to the information cond: Modified (recent auto-updated)?

Options:

A.

Based on the policy configuration on NGFW-1, the configuration on both spokes is modified and automatically updated.

B.

On NGFW-A, the configuration was changed and spokes are wailing for an autoupdate.

C.

On both Spoke-1 and Spoke-2, the configuration was changed directly on the FortiGate device, and the changes were automatically retrieved by the device database.

D.

Spoke-1 and Spoke-2 are sharing the same security policy configuration and the same policy package.

Questions # 12:

Refer to the exhibit, which shows two configured FortiGate devices and peering over FGSP.

Question # 12

The main link directly connects the two FortiGate devices and is configured using the set

session-syn-dev command.

What is the primary reason to configure the main link?

Options:

A.

To have both sessions and configuration synchronization in layer 2

B.

To load balance both sessions and configuration synchronization between layer 2 and 3

C.

To have only configuration synchronization in layer 3

D.

To have both sessions and configuration synchronization in layer 3

Questions # 13:

Refer to the exhibits, which show the configurations of two address objects from the same FortiGate.

Question # 13

Why can you modify the Engineering address object, but not the Finance address object?

Options:

A.

You have read-only access.

B.

FortiGate joined the Security Fabric and the Finance address object was configured on the root FortiGate.

C.

FortiGate is registered on FortiManager.

D.

Another user is editing the Finance address object in workspace mode.

Questions # 14:

Which two statements about IKE vision 2 are true? (Choose two.)

Options:

A.

Phase 1 includes main mode

B.

It supports the extensible authentication protocol (EAP)

C.

It supports the XAuth protocol.

D.

It exchanges a minimum of four messages to establish a secure tunnel

Questions # 15:

Which statement is true regarding the Bidirectional Forwarding Detection protocol in BGP?

Options:

A.

BFD is only supported when two FortiGate devices are directly connected on the same network

B.

BFD is using BGP keepalive messages to check the status of BGP peer

C.

BFD is used to detect one way device failure

D.

BFD is enabled under config router bfd configuration

Questions # 16:

Refer to the exhibit, which shows an ADVPN network.

Question # 16

Which VPN phase 1 parameters must you configure on the hub for the ADVPN feature to function? (Choose two.)

Options:

A.

set auto-discovery-forwarder enable

B.

set add-route enable

C.

set auto-discovery-receiver enable

D.

set auto-discovery-sender enable

Questions # 17:

Exhibit.

Question # 17

Refer to the exhibit which provides information on BGP neighbors

What can you conclude from this command output?

Options:

A.

The local FortiGate has initiated a TCP connection, but there is no response from its BGP peer

B.

The local FortiGate starts sending its routing table with its iBGP peer

C.

The local FortiGate is having a fully established and active BGP connection with its peer

D.

The local FortiGate is missing the config neighbor command in its BGP configuration

Questions # 18:

Exhibit.

Question # 18

Refer to the exhibit, which contains the partial interface configuration of two FortiGate devices.

Which two conclusions can you draw from this con figuration? (Choose two)

Options:

A.

10.1.5.254 is the default gateway of the internal network

B.

On failover new primary device uses the same MAC address as the old primary

C.

The VRRP domain uses the physical MAC address of the primary FortiGate

D.

By default FortiGate B is the primary virtual router

Questions # 19:

Winch two statements about ADVPN are true? (Choose two)

Options:

A.

auto-discovery receiver must be set to enable on the Spokes.

B.

Spoke to-spoke traffic never goes through the hub

C.

lt supports NAI for on-demand tunnels

D.

Routing is configured by enabling add-advpn-route

Questions # 20:

Exhibit.

Question # 20

Refer to the exhibit, which shows the output from the webfilter fortiguard cache dump and webfilter categories commands.

Using the output, how can an administrator determine the category of the training.fortinet.com am website?

Options:

A.

The administrator must convert the first three digits of the IP hex value to binary

B.

The administrator can look up the hex value of 34 in the second command output.

C.

The administrator must add both the Pima in and Iphex values of 34 to get the category number

D.

The administrator must convert the first two digits of the Domain hex value to a decimal value

Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA