Online Access Free NSE7_EFW-7.0 Exam Questions

Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

• A.If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.
• B.If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
• C.If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.
• D.If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

• A.The negotiation is using AES128 encryption with CBC hash.
• B.The initiator provided remote as its IPsec peer ID.
• C.The remote gateway IP address is 10.0.0.1.
• D.It shows a phase 1 negotiation.

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?

• A.Configure remote link monitoring to detect an issue in the forwarding path.
• B.Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.
• C.Configure set send-garp-on-failover enable under config system ha on both cluster members.
• D.Configure set link-failed-signal enable under config system ha on both cluster members.

An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

• A.diagnose sniffer packet any 'udp port 4500'
• B.diagnose sniffer packet any 'ip proto 50'
• C.diagnose sniffer packet any 'ah'
• D.diagnose sniffer packet any 'udp port 500'

An LDAP user cannot authenticate against a FortiGate device. Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.


Based on the output in the exhibit, what can cause this authentication problem?

• A.The FortiGate has been configured with the wrong authentication schema.
• B.The FortiGate has been configured with the wrong password for the LDAP administrator.
• C.User student is not found in the LDAP server.
• D.User student is using a wrong password.