Fortinet
NSE7_EFW-7.2
Q1:
Which two statements about the neighbor-group command are true? (Choose two.)
☐
A
You can configure it on the GUI.☐
B
It applies common settings in an OSPF area.☐
C
It is combined with the neighbor-range parameter.☐
D
You can apply it in Internal BGP (IBGP) and External BGP (EBGP).
Fortinet
NSE7_EFW-7.2
Q2:
Which statement about network processor (NP) offloading is true?
○
A
For TCP traffic FortiGate CPU offloads the first packets of SYN/ACK and ACK of the three-way handshake to NP○
B
The NP provides IPS signature matching○
C
You can disable the NP for each firewall policy using the command np-acceleration st to loose.○
D
The NP checks the session key or IPSec SA
Fortinet
NSE7_EFW-7.2
Q3:
Which two statements about IKE vision 2 are true? (Choose two.)
☐
A
Phase 1 includes main mode☐
B
It supports the extensible authentication protocol (EAP)☐
C
It supports the XAuth protocol.☐
D
It exchanges a minimum of four messages to establish a secure tunnel
Fortinet
NSE7_EFW-7.2
Q4:
Exhibit.
Refer to the exhibit, which contains an active-active toad balancing scenario.
During the traffic flow the primary FortiGate forwards the SYN packet to the secondary FortiGate.
What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to the secondary FortiGate?
○
A
Secondary physical MAC port1○
B
Secondary virtual MAC port1○
C
Secondary virtual MAC port1 then physical MAC port1○
D
Secondary physical MAC port2 then virtual MAC port2
Fortinet
NSE7_EFW-7.2
Q5:
Which configuration can be used to reduce the number of BGP sessions in on IBGP network?
○
A
Route-reflector-peer enable○
B
Route-reflector-client enable○
C
Route-reflector enable○
D
Route-reflector-server enable