Scribd Logo
Upload

Welcome to Scribd!

  • 388 views

    Nse7 Efw-7.2

    Uploaded by

    Eric Balé

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Nse7 Efw-7.2

    Uploaded by

    Eric Balé
    388 views5 pages

    Original Title

    nse7_efw-7.2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    388 views5 pages

    Nse7 Efw-7.2

    Uploaded by

    Eric Balé

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 5

    Actual4Test

    http://www.actual4test.com
    Actual4test - actual test exam dumps-pass for IT exams
    NSE7_EFW-7.2 actual exam dumps, Fortinet NSE7_EFW-7.2 practice test
    IT Certification Guaranteed, The Easy Way!

    Exam : NSE7_EFW-7.2

    Title : Fortinet NSE 7 - Enterprise


    Firewall 7.2

    Vendor : Fortinet

    Version : DEMO

    1
    Fortinet NSE7_EFW-7.2, NSE7_EFW-7.2 actual test, NSE7_EFW-7.2 actual test latest version
    https://www.actual4test.com/NSE7_EFW-7.2_examcollection.html
    NSE7_EFW-7.2 actual exam dumps, Fortinet NSE7_EFW-7.2 practice test
    IT Certification Guaranteed, The Easy Way!

    NO.1 You want to configure faster failure detection for BGP.


    Which parameter should you enable on both connected FortiGate devices?
    A. Ebgp-enforce-multihop
    B. bfd
    C. Distribute-list-in
    D. Graceful-restart
    Answer: B
    Explanation:
    BFD (Bidirectional Forwarding Detection) is a protocol that provides fast failure detection for BGP by
    sending periodic messages to verify the connectivity between two peers1. BFD can be enabled on
    both connected FortiGate devices by using the command set bfd enable under the BGP
    configuration2. References:
    = Technical Tip : FortiGate BFD implementation and examples ..., Configure BGP | FortiGate / FortiOS
    7.0.2
    - Fortinet Documentation

    NO.2 Which two statements about metadata variables are true? (Choose two.)
    A. You create them on FortiGate
    B. They apply only to non-firewall objects.
    C. The metadata format is $<metadata_variabie_name>.
    D. They can be used as variables in scripts
    Answer: A D
    Explanation:
    Metadata variables in FortiGate are created to store metadata associated with different FortiGate
    features.
    These variables can be used in various configurations and scripts to dynamically replace the variable
    with its actual value during processing. A: You create metadata variables on FortiGate. They are used
    to store metadata for FortiGate features and can be called upon in different configurations. D: They
    can be used as variables in scripts. Metadata variables are utilized within the scripts to dynamically
    insert values as per the context when the script runs.
    Fortinet FortiOS Handbook: CLI Reference

    NO.3 Refer to the exhibit, which shows a routing table.

    What two options can you configure in OSPF to block the advertisement of the 10.1.10.0 prefix?
    (Choose two.)
    A. Remove the 16.1.10.C prefix from the OSPF network
    B. Configure a distribute-list-out
    C. Configure a route-map out
    D. Disable Redistribute Connected

    2
    Fortinet NSE7_EFW-7.2, NSE7_EFW-7.2 actual test, NSE7_EFW-7.2 actual test latest version
    https://www.actual4test.com/NSE7_EFW-7.2_examcollection.html
    NSE7_EFW-7.2 actual exam dumps, Fortinet NSE7_EFW-7.2 practice test
    IT Certification Guaranteed, The Easy Way!

    Answer: B C
    Explanation:
    To block the advertisement of the 10.1.10.0 prefix in OSPF, you can configure a distribute-list-out or a
    route-map out. A distribute-list-out is used to filter outgoing routing updates from being advertised
    to OSPF neighbors1. A route-map out can also be used for filtering and is applied to outbound routing
    updates2. References := Technical Tip: Inbound route filtering in OSPF usi ... - Fortinet Community,
    OSPF | FortiGate / FortiOS 7.2.2 - Fortinet Documentation

    NO.4 You contoured an address object on the tool fortiGate in a Security Fabric. This object is not
    synchronized with a downstream device. Which two reasons could be the cause? (Choose two)
    A. The address object on the tool FortiGate has fabric-object set to disable
    B. The root FortiGate has configuration-sync set to enable
    C. The downstream TortiGate has fabric-object-unification set to local
    D. The downstream FortiGate has configuration-sync set to local
    Answer: A C
    * Option A is correct because the address object on the tool FortiGate will not be synchronized with
    the downstream devices if it has fabric-object set to disable. This option controls whether the
    address object is shared with other FortiGate devices in the Security Fabric or not1.
    * Option C is correct because the downstream FortiGate will not receive the address object from the
    tool FortiGate if it has fabric-object-unification set to local. This option controls whether the
    downstream FortiGate uses the address objects from the root FortiGate or its own local address
    objects2.
    * Option B is incorrect because the root FortiGate has configuration-sync set to enable by default,
    which means that it will synchronize the address objects with the downstream devices unless they
    are disabled by the fabric-object option3.
    * Option D is incorrect because the downstream FortiGate has configuration-sync set to local by
    default, which means that it will receive the address objects from the root FortiGate unless they are
    overridden by the fabric-object-unification option4. References: =
    * 1: Group address objects synchronized from FortiManager5
    * 2: Security Fabric address object unification6
    * 3: Configuration synchronization7
    * 4: Configuration synchronization7
    * : Security Fabric - Fortinet Documentation

    NO.5 You created a VPN community using VPN Manager on FortiManager. You also added gateways
    to the VPN community. Now you are trying to create firewall policies to permit traffic over the tunnel
    however, the VPN interfaces do not appear as available options.
    A. Create interface mappings for the IPsec VPN interfaces before you use them in a policy.
    B. Refresh the device status using the Device Manager so that FortiGate populates the IPSec
    interfaces
    C. Configure the phase 1 settings in the VPN community that you didnt initially configure. FortiGate
    automatically generates the interfaces after you configure the required settings
    D. install the VPN community and gateway configuration on the fortiGate devices so that the VPN
    interfaces appear on the Policy Objects on fortiManager.
    Answer: D

    3
    Fortinet NSE7_EFW-7.2, NSE7_EFW-7.2 actual test, NSE7_EFW-7.2 actual test latest version
    https://www.actual4test.com/NSE7_EFW-7.2_examcollection.html
    NSE7_EFW-7.2 actual exam dumps, Fortinet NSE7_EFW-7.2 practice test
    IT Certification Guaranteed, The Easy Way!

    Explanation:
    To use the VPN interfaces in a policy, you need to install the VPN community and gateway
    configuration on the FortiGate devices first. This will create the VPN interfaces on the FortiGate and
    sync them with FortiManager. References:
    * Creating IPsec VPN communities
    * VPN | FortiGate / FortiOS 7.2.0

    4
    Fortinet NSE7_EFW-7.2, NSE7_EFW-7.2 actual test, NSE7_EFW-7.2 actual test latest version
    https://www.actual4test.com/NSE7_EFW-7.2_examcollection.html

    You might also like