Certbus > Fortinet > Fortinet Certifications > NSE7_EFW-6.0 > NSE7_EFW-6.0 Online Practice Questions and Answers

NSE7_EFW-6.0 Online Practice Questions and Answers

Questions 4

View the central management configuration shown in the exhibit, and then answer the question below.

Which server will FortiGate choose for antivirus and IPS updates if 10.0.1.243 is experiencing an outage?

A. 10.0.1.244

B. Public FortiGuard servers

C. 10.0.1.240

D. 10.0.1.242

Browse 30 Q&As
Questions 5

View the global IPS configuration, and then answer the question below.

Which of the following statements is true regarding this configuration? (Choose two.)

A. IPS will scan every byte in every session.

B. IPS acceleration is disabled in this FortiGate device's configuration.

C. New packets requiring IPS inspection will be passed through during conserve mode.

D. FortiGate will spawn IPS engine instances based on the system load.

Browse 30 Q&As
Questions 6

View the exhibit, which contains the output of a real-time debug, and then answer the question below.

Which of the following statements are true regarding this output (Choose two.)

A. This web request was inspected using the root web filter profile.

B. The requested URL belongs to category ID 52.

C. The web request was blocked by FortiGate.

D. FortiGate found the requested URL in its local cache.

Browse 30 Q&As
Questions 7

Which of the following conditions must be met for a static route to be active in the routing table? (Choose two.)

A. The next-hop IP address is up.

B. There is no other route, to the same destination, with a higher distance.

C. The link health monitor (if configured) is up.

D. The outgoing interface is up.

Browse 30 Q&As
Questions 8

What configuration settings change the behavior for content-inspected traffic while FortiGate is in conserve mode? (Choose two.)

A. mem-failopen

B. ips-failopen

C. utm-failopen

D. av-failopen

Browse 30 Q&As
Questions 9

What does the dirty flag mean in a FortiGate session?

A. The session must be removed from the former primary unit after an HA failover.

B. Traffic has been identified as from an application that is not allowed.

C. The next packet must be re-evaluated against the firewall policies.

D. Traffic has been blocked by the antivirus inspection.

Browse 30 Q&As
Questions 10

View these partial outputs from two routing debug commands:

Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?

A. Both port1 and port2

B. port3

C. port2

D. port1

Browse 30 Q&As
Questions 11

What is the purpose of an internal segmentation firewall (ISFW)?

A. It is the first line of defense at the network perimeter.

B. It inspects incoming traffic to protect services in the corporate DMZ.

C. It is an all-in-one security appliance that is placed at remote sites to extend the enterprise network.

D. It splits the network into multiple security segments to minimize the impact of breaches.

Browse 30 Q&As
Exam Code: NSE7_EFW-6.0
Exam Name: Fortinet NSE 7 - Enterprise Firewall 6.0
Last Update: Mar 17, 2025
Questions: 30 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99