Free NSE7_EFW-7.2 Sample Questions — Fortinet NSE 7 - Enterprise Firewall 7.2

Which statement about meta fields is true?

• A. Meta fields must be set to required
• B. Meta field changes are applied only at the ADOM level
• C. Meta fields are useful for creating multiple objects with the same logical name but different values
• D. Meta fields can be used as variables in scripts or provisioning templates

Which FortiGate in a Security Fabric sends logs to FortiAnalyzer?

• A. Only the root FortiGate
• B. Each FortiGate in the Security Fabric
• C. The FortiGate devices performing network address translation (NAT) or unified threat management (UTM), if configured
• D. Only the last FortiGate that handled a session in the Security Fabric

An administrator is configuring application control with FortiGate running in next-generation firewall (NGFW) policy-based mode. Which two actions must the administrator take? (Choose two.)

• A. Configure the action as quarantine, if an application requires feedback to prevent instability
• B. Configure central source network address translation (SNAT), if NAT is required
• C. Create an application control profile and apply the profile to a firewall policy
• D. Specify an SSLISSH inspection profile on a consolidated policy

Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?

• A. Only the DR receives link state information from non-DR routers
• B. Non-DR and non-BDR routers form full adjacencies to DR only
• C. FortiGate first checks the OSPF ID to elect a DR
• D. Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.

An administrator configured the following command on FortiGate. config router ospf set restart-mode graceful-restart Which two statements correctly describe the result of the above command? (Choose two.)

• A. In an HA cluster, FortiGate devices will keep the OSPF routes in their routing table to avoid traffic interruption during an HA failover
• B. The OSPF neighbor that receives the grace link-state advertisement (LSA) will enter into helper mode
• C. After the default 40 seconds wait time, the OSPF neighbors will resume communication with the restarting router
• D. FortiGate is configured with graceful restart, and will exit graceful mode, if the network topology changes

What are two functions of automation stitches? (Choose two.)

• A. Automation stitches can be created to run diagnostic commands and email the results when CPU or memory usage exceeds specified thresholds
• B. An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions
• C. Automation stitches can be configured on any FortiGate device in a Security Fabric environment
• D. An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action

Which two statements about bfd are true? (Choose two.)

• A. You must configure it globally only
• B. You can disable it at the protocol level
• C. It can support neighbors only over the next hop in BGP
• D. It works for OSPF and BGP

Which two statements about ADVPN are true? (Choose two.)

• A. auto-discovery-receiver must be set to enable on the spokes
• B. Spoke-to-spoke traffic never goes through the hub
• C. It supports NAT for on-demand tunnels
• D. Routing is configured by enabling add-advpn-route

After enabling IPS, you receive feedback about traffic being dropped. What could be the reason?

• A. IPS is configured to monitor
• B. np-accel-node is set to enable
• C. fail-open is set to disable
• D. traffic-submit is set to disable

Which ADVPN configuration must be configured using a script on FortiManager, when using VPN Manager to manage FortiGate VPN tunnels?

• A. Enable AD-VPN in IPsec phase 1
• B. Configure IP addresses on IPsec virtual interfaces
• C. Set protected network to all
• D. Disable add-route on hub