Before taking the Fortinet NSE 7 Network Security Architect (NSE 7 – EFW 6.4) certification exam, you may have some concerns about the format of the exam, the sorts of questions that will be asked, the difficulty level of the questions, and the amount of time it will take to finish the questions. These sample questions and demo exam for Fortinet Network Security Expert 7 – Network Security Architect (NSE 7 – FortiOS 6.4) can help you clear your doubts and prepare for the exam.
All of these questions were taken directly from the real Fortinet exam. Please contact us if you require additional actual exam questions. Also, there is a “Refer a Friend” sales promotion going on. Take advantage of this limited-time offer.
QUESTION 1
Which two configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)
A. AV failopen
B. mem failopen
C. Ips failopen
D. UTM failopen
Correct Answer: AC
QUESTION 2
Which two tasks are automated using the Install Wizard on FortiManager? (Choose two.)
A. Previewing pending configuration changes for managed devices
B. Installing configuration changes to managed devices
C. Adding devices to FortiManager
D. Importing interface mappings from managed devices
Correct Answer: AB
QUESTION 3
Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multiaccess network is true?
A. Non-DR and non-BDR routers will form full adjacencies to DR and BDR only.
B. BDR is responsible for forwarding link state information from one router to another.
C. FortiGate first checks the OSPF ID to elect a DR.
D. Only the DR receives link state information from non-DR routers.
Correct Answer: A
QUESTION 4
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
A. FortiGate uses the CN information from the subject field in the server certificate.
B. FortiGate switches to the full SSL inspection method to decrypt the data.
C. FortiGate uses the requested URL from the user’s web browser.
D. FortiGate blocks the request without any further inspection.
Correct Answer: A
QUESTION 5
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. FortiManager supports only FortiGuard push update to managed devices.
B. FortiManager will respond to update requests only from a managed device.
C. FortiManager can download and maintain local copies of FortiGuard databases.
D. FotiManager does not support web filter rating requests.
Correct Answer: C
QUESTION 6
Which three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)
A. OSPF costs match
B. OSPF peer IDs match
C. Hello and dead intervals match
D. IP addresses are in the same subnet
E. OSPF IP MTUs match
Correct Answer: BCD
QUESTION 7
Which two statements about OCVPN are true? (Choose two.)
A. OCVPN offers only Hub-Spoke VPNs.
B. Only root vdom supports OCVPN.
C. FortiGate devices under different FortiCare accounts can be used to form OCVPN
D. OCVPN supports static and dynamic IPs in WAN interface.
Correct Answer: BD
QUESTION 8
An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device. The administrator decides to enable the setting link-failed-signal to fix the problem. Which statement about this setting is true?
A. It disables all the non-heartbeat interfaces in all HA members for two seconds after a failover.
B. It forces the former primary device to shut down all its non-heartbeat interfaces for one second, while the failover occurs.
C. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.
D. It sends a link failed signal to all connected devices.
Correct Answer: C
QUESTION 9
When using the SSL certificate inspection method to inspect HTTPS traffic, how does FortiGate filter web requests when the client browser does not provide the server name indication (SNI) extension?
A. FortiGate uses the CN information from the subject field in the server certificate.
B. FortiGate switches to the full SSL inspection method to decrypt the data.
C. FortiGate uses the requested URL from the user’s web browser.
D. FortiGate blocks the request without any further inspection.
Correct Answer: A
QUESTION 10
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
A. FortiManager supports only FortiGuard push update to managed devices.
B. FortiManager will respond to update requests only from a managed device.
C. FortiManager can download and maintain local copies of FortiGuard databases.
D. FotiManager does not support web filter rating requests.
Correct Answer: C
Conclusion
Our Fortinet practice questions and answers cover all of the subjects included on the Fortinet NSE7-EFW 6.4 test, ensuring that you are fully prepared to take the actual exam. Right now, you can get a great deal on the most recent dump!
Comments