Practice Exams:

Free NSE7_EFW-7.0 Exam Braindumps

Pass your Fortinet NSE 7 - Enterprise Firewall 7.0 exam with these free Questions and Answers

Page 4 of 33
PDF with 163 Questions
QUESTION 11

Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

  1. A. Primary unit stops sending HA heartbeat keepalives.
  2. B. The FortiGuard license for the primary unit is updated.
  3. C. One of the monitored interfaces in the primary unit is disconnected.
  4. D. A secondary unit is removed from the HA cluster.

Correct Answer: AC

QUESTION 12

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

  1. A. FortiGate first checks the OSPF ID to elect a DR.
  2. B. Non-DR and non-BDR routers will form full adjacencies to DR and BDR only.
  3. C. BDR is responsible for forwarding link state information from one router to another.
  4. D. Only the DR receives link state information from non-DR routers.

Correct Answer: B

QUESTION 13

An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug:
diagnose debug application ike-1 diagnose debug enable
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?

  1. A. Phase1; IKE mode configuration; XAuth; phase 2.
  2. B. Phase1; XAuth; IKE mode configuration; phase2.
  3. C. Phase1; XAuth; phase 2; IKE mode configuration.
  4. D. Phase1; IKE mode configuration; phase 2; XAuth.

Correct Answer: B
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Concepts/IKE_Packet

QUESTION 14

View the exhibit, which contains the output of get sys ha status, and then answer the question below.
NSE7_EFW-7.0 dumps exhibit
Which statements are correct regarding the output? (Choose two.)

  1. A. The slave configuration is not synchronized with the master.
  2. B. The HA management IP is 169.254.0.2.
  3. C. Master is selected because it is the only device in the cluster.
  4. D. port 7 is used the HA heartbeat on all devices in the cluster.

Correct Answer: AD

QUESTION 15

The logs in a FSSO collector agent (CA) are showing the following error: failed to connect to registry: PIKA1026 (192.168.12.232)
What can be the reason for this error?

  1. A. The CA cannot resolve the name of the workstation.
  2. B. The FortiGate cannot resolve the name of the workstation.
  3. C. The remote registry service is not running in the workstation 192.168.12.232.
  4. D. The CA cannot reach the FortiGate with the IP address 192.168.12.232.

Correct Answer: C
https://kb.fortinet.com/kb/documentLink.do?externalID=FD30548

Page 4 of 33
PDF with 163 Questions

Post your Comments and Discuss Fortinet NSE7_EFW-7.0 exam with other Community members: