Fortinet NSE7_EFW-7.2 Practice Questions

Winch two statements about ADVPN are true? (Choose two)

A. auto-discovery receiver must be set to enable on the Spokes.

B. Spoke to-spoke traffic never goes through the hub

C. lt supports NAI for on-demand tunnels

D. Routing is configured by enabling add-advpn-route

You created a VPN community using VPN Manager on FortiManager. You also added gateways to the VPN community. Now you are trying to create firewall policies to permit traffic over the tunnel however, the VPN interfaces do not appear as available options.

A. Create interface mappings for the IPsec VPN interfaces before you use them in a policy.

B. Refresh the device status using the Device Manager so that FortiGate populates the IPSec interfaces

C. Configure the phase 1 settings in the VPN community that you didnt initially configure. FortiGate automatically generates the interfaces after you configure the required settings

D. install the VPN community and gateway configuration on the fortiGate devices so that the VPN interfaces appear on the Policy Objects on fortiManager.

After enabling IPS you receive feedback about traffic being dropped.
What could be the reason?

A. Np-accel-mode is set to enable

B. Traffic-submit is set to disable

C. IPS is configured to monitor

D. Fail-open is set to disable

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

A. Verify that the speed and duplex settings match between me FortiGate interfaces and the connected switch ports

B. Configure set link -failed signal enable under-config system ha on both Cluster members

C. Configure remote Iink monitoring to detect an issue in the forwarding path

D. Configure set send-garp-on-failover enables under config system ha on both cluster members

Refer to the exhibit, which shows two configured FortiGate devices and peering over FGSP.

A. To have both sessions and configuration synchronization in layer 2

B. To load balance both sessions and configuration synchronization between layer 2 and 3

C. To have only configuration synchronization in layer 3

D. To have both sessions and configuration synchronization in layer 3

An administrator is configuring two FortiGate devices in an HA cluster. While configuring the devices, the administrator issues the following commands on both HA cluster members:

A. They force the former primary to send gratuitous ARP packets when the failover happens to indicate that the virtual MAC address is now using a different device.

B. They force the former primary to shut down all ts interfaces for one second when failover happens, excluding the heartbeat and reserved management interfaces.

C. They force both HA devices for remote link monitoring to detect an issue in the forwarding path.

D. They force the switches to update their MAC forwarding tables, when failover happens.

Refer to the exhibit, which contains information about an IPsec VPN tunnel.

A. Dead peer detection is set to enable.

B. The IKE version is 2.

C. Both IPsec SAs are loaded on the kernel.

D. Forward error correction in phase 2 is set to enable.