1. Home
  2. Fortinet
  3. NSE7_EFW-7.2 Exam Info
  4. NSE7_EFW-7.2 Exam Questions

Curious about Actual Fortinet Certified Solution Specialist (NSE7_EFW-7.2) Exam Questions?

Here are sample Fortinet NSE 7 - Enterprise Firewall 7.2 (NSE7_EFW-7.2) Exam questions from real exam. You can get more Fortinet Certified Solution Specialist (NSE7_EFW-7.2) Exam premium practice questions at TestInsights.

Page: 1 /
Total 56 questions
Question 1

You want to block access to the website ww.eicar.org using a custom IPS signature.

Which custom IPS signature should you configure?

A)

NSE7_EFW-7.2 Exam Question 1 Exhibit 1

B)

NSE7_EFW-7.2 Exam Question 1 Exhibit 2

C)

NSE7_EFW-7.2 Exam Question 1 Exhibit 3

D)

NSE7_EFW-7.2 Exam Question 1 Exhibit 4


Correct : D

Option D is the correct answer because it specifically blocks access to the website ''www.eicar.org'' using TCP protocol and HTTP service, which are commonly used for web browsing. The other options either use the wrong protocol (UDP), the wrong service (DNS or SSL), or the wrong pattern (''eicar'' instead of ''www.eicar.org'').Reference:=Configuring custom signatures | FortiGate / FortiOS 7.4.0 - Fortinet Document Library, section ''Signature to block access to example.com''.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

Exhibit.

NSE7_EFW-7.2 Exam Question 2 Exhibit 1

Refer to the exhibit, which shows an ADVPN network.

The client behind Spoke-1 generates traffic to the device located behind Spoke-2.

Which first message floes the hub send to Spoke-110 bring up the dynamic tunnel?


Correct : A

In an ADVPN scenario, when traffic is initiated from a client behind one spoke to another spoke, the hub sends a shortcut query to the initiating spoke. This query is used to determine if there is a more direct path for the traffic, which can then trigger the establishment of a dynamic tunnel between the spokes.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

Exhibit.

NSE7_EFW-7.2 Exam Question 3 Exhibit 1

Refer to the exhibit, which contains a partial VPN configuration.

What can you conclude from this configuration1?


Correct : C

The configuration line ''set dpd on-idle'' indicates that dead peer detection (DPD) is set to trigger only when the tunnel is idle, not actively disabled1.Reference:FortiGate IPSec VPN User Guide - Fortinet Document Library

From the given VPN configuration, dead peer detection (DPD) is set to 'on-idle', indicating that DPD is enabled and will be used to detect if the other end of the VPN tunnel is still alive when no traffic is detected. Hence, option C is incorrect. The configuration shows the tunnel set to type 'dynamic', which does not create separate virtual interfaces for each dial-up client (A), and it is not specified that dynamic routing will be used (B). Since this is a phase 1 configuration snippet, the routing table aspect (D) cannot be concluded from this alone.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

You contoured an address object on the tool fortiGate in a Security Fabric. This object is not synchronized with a downstream device. Which two reasons could be the cause? (Choose two)


Correct : A, C

Option A is correct because the address object on the tool FortiGate will not be synchronized with the downstream devices if it has fabric-object set to disable.This option controls whether the address object is shared with other FortiGate devices in the Security Fabric or not1.

Option C is correct because the downstream FortiGate will not receive the address object from the tool FortiGate if it has fabric-object-unification set to local.This option controls whether the downstream FortiGate uses the address objects from the root FortiGate or its own local address objects2.

Option B is incorrect because the root FortiGate has configuration-sync set to enable by default, which means that it will synchronize the address objects with the downstream devices unless they are disabled by the fabric-object option3.

Option D is incorrect because the downstream FortiGate has configuration-sync set to local by default, which means that it will receive the address objects from the root FortiGate unless they are overridden by the fabric-object-unification option4.Reference: =

1: Group address objects synchronized from FortiManager5

2: Security Fabric address object unification6

3: Configuration synchronization7

4: Configuration synchronization7

: Security Fabric - Fortinet Documentation


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

Which two statements about the BFD parameter in BGP are true? (Choose two.)


Correct : A, C

Bidirectional Forwarding Detection (BFD) is a rapid protocol for detecting failures in the forwarding path between two adjacent routers, including interfaces, data links, and forwarding planes. BFD is designed to detect forwarding path failures in a very short amount of time, often less than one second, which is significantly faster than traditional failure detection mechanisms like hold-down timers in routing protocols.

Fortinet supports BFD for BGP, and it can be used over multiple hops, which allows the detection of failures even if the BGP peers are not directly connected. This functionality enhances the ability to maintain stable BGP sessions over a wider network topology and is documented in Fortinet's guides.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 12   
Total 56 questions