Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

NSE7_EFW-7.2 Fortinet NSE 7 - Enterprise Firewall 7.2 Questions and Answers

Questions 4

Refer to the exhibit, which shows a network diagram.

NSE7_EFW-7.2 Question 4

Which IPsec phase 2 configuration should you impalement so that only one remote site is connected at any time?

Options:

A.

Set route-overlap to allow.

B.

Set single-source to enable

C.

Set route-overlap to either use—new or use-old

D.

Set net-device to enable

Buy Now
Questions 5

Which two statements about IKE version 2 fragmentation are true? (Choose two.)

Options:

A.

Only some IKE version 2 packets are considered fragmentable.

B.

The reassembly timeout default value is 30 seconds.

C.

It is performed at the IP layer.

D.

The maximum number of IKE version 2 fragments is 128.

Buy Now
Questions 6

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

Options:

A.

Verify that the speed and duplex settings match between me FortiGate interfaces and the connected switch ports

B.

Configure set link -failed signal enable under-config system ha on both Cluster members

C.

Configure remote Iink monitoring to detect an issue in the forwarding path

D.

Configure set send-garp-on-failover enables under config system ha on both cluster members

Buy Now
Questions 7

Which two statements about bfd are true? (Choose two)

Options:

A.

It can support neighbor only over the next hop in BGP

B.

You can disable it at the protocol level

C.

It works for OSPF and BGP

D.

You must configure n globally only

Buy Now
Questions 8

Exhibit.

NSE7_EFW-7.2 Question 8

Refer to the exhibit, which contains a partial policy configuration.

Which setting must you configure to allow SSH?

Options:

A.

Specify SSH in the Service field

B.

Configure pot 22 in the Protocol Options field.

C.

Include SSH in the Application field

D.

Select an application control profile corresponding to SSH in the Security Profiles section

Buy Now
Questions 9

You want to improve reliability over a lossy IPSec tunnel.

Which combination of IPSec phase 1 parameters should you configure?

Options:

A.

fec-ingress and fec-egress

B.

Odpd and dpd-retryinterval

C.

fragmentation and fragmentation-mtu

D.

keepalive and keylive

Buy Now
Questions 10

Refer to the exhibit, which shows an error in system fortiguard configuration.

NSE7_EFW-7.2 Question 10

What is the reason you cannot set the protocol to udp in config system fortiguard?

Options:

A.

FortiManager provides FortiGuard.

B.

fortiguard-anycast is set to enable.

C.

You do not have the corresponding write access.

D.

udp is not a protocol option.

Buy Now
Questions 11

Which two statements about IKE vision 2 are true? (Choose two.)

Options:

A.

Phase 1 includes main mode

B.

It supports the extensible authentication protocol (EAP)

C.

It supports the XAuth protocol.

D.

It exchanges a minimum of four messages to establish a secure tunnel

Buy Now
Questions 12

Exhibit.

NSE7_EFW-7.2 Question 12

Refer to the exhibit, which contains an active-active toad balancing scenario.

During the traffic flow the primary FortiGate forwards the SYN packet to the secondary FortiGate.

What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to the secondary FortiGate?

Options:

A.

Secondary physical MAC port1

B.

Secondary virtual MAC port1

C.

Secondary virtual MAC port1 then physical MAC port1

D.

Secondary physical MAC port2 then virtual MAC port2

Buy Now
Questions 13

Refer to the exhibit, which contains a partial OSPF configuration.

NSE7_EFW-7.2 Question 13

What can you conclude from this output?

Options:

A.

Neighbors maintain communication with the restarting router.

B.

The router sends grace LSAs before it restarts.

C.

FortiGate restarts if the topology changes.

D.

The restarting router sends gratuitous ARP for 30 seconds.

Buy Now
Questions 14

Exhibit.

NSE7_EFW-7.2 Question 14

Refer to the exhibit, which shows an ADVPN network.

The client behind Spoke-1 generates traffic to the device located behind Spoke-2.

Which first message floes the hub send to Spoke-110 bring up the dynamic tunnel?

Options:

A.

Shortcut query

B.

Shortcut reply

C.

Shortcut offer

D.

Shortcut forward

Buy Now
Questions 15

Exhibit.

NSE7_EFW-7.2 Question 15

Refer to the exhibit, which provides information on BGP neighbors.

Which can you conclude from this command output?

Options:

A.

The router are in the number to match the remote peer.

B.

You must change the AS number to match the remote peer.

C.

BGP is attempting to establish a TCP connection with the BGP peer.

D.

The bfd configuration to set to enable.

Buy Now
Exam Code: NSE7_EFW-7.2
Exam Name: Fortinet NSE 7 - Enterprise Firewall 7.2
Last Update: Oct 16, 2025
Questions: 80

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99