Question No. 1

What are two functions of automation stitches? (Choose two.)

AAutomation stitches can be configured on any FortiGate device in a Security Fabric environment.

BAn automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

CAutomation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

DAn automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

Show Answer

Correct Answer: B, C

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 23, 26

Question No. 2

Refer to exhibit, which contains the output of a BGP debug command.

Which statement explains why the state of the 10.200.3.1 peer is Connect?

AThe local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.

BThe TCP session to 10.200.3.1 has not completed the three-way handshake.

CThe local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.

DThe local router has received the BGP prefixes from the remote peer.

Show Answer

Correct Answer: B

BGP neighbor states and how they change: * Idle: Initial state * Connect: Waiting for a successful three-way TCP connection * Active: Unable to establish the TCP session * OpenSent: Waiting for an OPEN message from the peer * OpenConfirm: Waiting for the keepalive message from the peer * Established: Peers have successfully exchanged OPEN and keepalive messages

Question No. 3

A FortiGate device has the following LDAP configuration:

The administrator executed the 'dsquery' command in the Windows LDAp server 10.0.1.10, and got the following output:

>dsquery user --samid administrator

''CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab''

Based on the output, what FortiGate LDAP setting is configured incorrectly?

Acnid.

Busername.

Cpassword.

Ddn.

Show Answer

Correct Answer: B

https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516

Question No. 4

What is the purpose of an internal segmentation firewall (ISFW)?

AIt inspects incoming traffic to protect services in the corporate DMZ.

BIt is the first line of defense at the network perimeter.

CIt splits the network into multiple security segments to minimize the impact of breaches.

DIt is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

Show Answer

Correct Answer: C

ISFW splits your network into multiple security segments. They serve as a breach containers from attacks that come from inside.

Question No. 5

Refer to the exhibit, which contains the output of a debug command.

If the default settings are in place, what can be concluded about the conserve mode shown in the exhibit?

AFortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings due to high memory use.

BFortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.

CFortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.

DFortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.

Show Answer

Correct Answer: C

Free Fortinet NSE7_EFW-7.0 Exam Actual Questions

The questions for NSE7_EFW-7.0 were last updated On Nov 19, 2024