Question No. 1

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?

AIn the phase 1 network configuration, set the IKE version to 2.

BIn the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

CIn the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

DIn the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

Show Answer

Correct Answer: D

https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/238852

Question No. 2

Refer to the exhibit, which shows the output of a web filtering diagnose command.

Which configuration change would result in non-zero results in the cache statistics section?

Aset server-type rating under config system central-management

Bset webfilter-cache enable under config system fortiguard

Cset webfilter-force-off disable under config system fortiguard

Dset ngfw-mode policy-based under config system settings

Show Answer

Correct Answer: B

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 362

Question No. 3

Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

AThe session would remain in the session table, but its traffic would now egress from both port1 and port2.

BThe session would remain in the session table, and its traffic would egress from port2.

CThe session would be deleted, and the client would need to start a new session.

DThe session would remain in the session table, and its traffic would egress from port1.

Show Answer

Correct Answer: D

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-SNAT-route-change-to-update-existing-NAT/ta-p/198439

Question No. 4

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to test session failover between the two service provider connections.

What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

AConfigure set snat-route-change enable.

BChange the priority of the port2 static route to 5.

CChange the priority of the port1 static route to 11.

Dunset snat-route-change to return it to the default setting.

Show Answer

Correct Answer: A, C

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 148-149

Question No. 5

What are two functions of automation stitches? (Choose two.)

AAutomation stitches can be configured on any FortiGate device in a Security Fabric environment.

BAn automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.

CAutomation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

DAn automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.

Show Answer

Correct Answer: B, C

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 23, 26

Free Fortinet NSE7_EFW-7.0 Exam Actual Questions

The questions for NSE7_EFW-7.0 were last updated On Sep 15, 2024