Free NSE7 Sample Questions — NSE7 Enterprise Firewall - FortiOS 5.4

Free NSE7 sample questions for the NSE7 Enterprise Firewall - FortiOS 5.4 exam. No account required: study at your own pace.

Want an interactive quiz? Take the full NSE7 practice test

Looking for more? Click here to get the full PDF with 40+ practice questions for $4 for offline study and deeper preparation.

Question 1

The CLI command set intelligent-mode <enable | disable> controls the IPS engine's adaptive scanning behavior. Which of the following statements describes IPS adaptive scanning?

  • A. Determines the optimal number of IPS engines required based on system load
  • B. Downloads signatures on demand from FDS based on scanning requirements
  • C. Determines when it is secure enough to stop scanning session traffic
  • D. Choose a matching algorithm based on available memory and the type of inspection being performed
Show Answer
Correct Answer:
C. Determines when it is secure enough to stop scanning session traffic
Question 2

Which statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)

  • A. When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate
  • B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate
  • C. When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history
  • D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation
Show Answer
Correct Answer:
  • B. When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate
  • D. When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation
Question 3

A FortiGate is rebooting unexpectedly without any apparent reason. What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)

  • A. Firewall monitor
  • B. Policy monitor
  • C. Logs
  • D. Crashlogs
Show Answer
Correct Answer:
  • C. Logs
  • D. Crashlogs
Question 4

Examine the following partial output from a sniffer command; then answer the question below. # diagnose sniff packet any icmp 4 interfaces=[any] filters=[icmp] 2.101199 wan2 in 192.168.1.110 -> 4.2.2.2: icmp: echo request 2.1011400 wan1 out 172.17.87.16 -> 4.2.2.2: icmp: echo request ..... 2.123500 wan2 out 4.2.2.2 -> 192.168.1.110: icmp: echo reply 244 packets received by filter 5 packets dropped by kernel What is the meaning of the packets dropped counter at the end of the sniffer?

  • A. Number of packets that didn’t match the sniffer filter
  • B. Number of total packets dropped by the FortiGate
  • C. Number of packets that matched the sniffer filter and were dropped by the FortiGate
  • D. Number of packets that matched the sniffer filter but could not be captured by the sniffer
Show Answer
Correct Answer:
D. Number of packets that matched the sniffer filter but could not be captured by the sniffer
Question 5

In which of the following states is a given session categorized as ephemeral? (Choose two.)

  • A. TCP session waiting to complete the three-way handshake
  • B. TCP session waiting for FIN ACK
  • C. UDP session with packets sent and received
  • D. UDP session with only one packet received
Show Answer
Correct Answer:
  • A. TCP session waiting to complete the three-way handshake
  • D. UDP session with only one packet received

Aced these? Get the Full Exam

Download the complete NSE7 study bundle with 40+ questions in a single printable PDF.

Purchase Full Exam PDF | $4