Fortinet NSE 7 – Enterprise Firewall 7.0
Exam series: NSE7_EFW-7.0
Number of questions: 35
Exam time: 60 minutes
Language: English and Japanese
Product version: FortiOS 7.0.1, FortiManager 7.0.1, FortiAnalyzer 7.0.1
Status: Available
Exam details: exam description
NSE 7 Certification
The Fortinet Network Security Architect designation identifies your advanced skills in deploying, administering, and troubleshooting Fortinet security solutions. Fortinet recommends this certification for network and security
professionals who are involved in the advanced administration and support of security infrastructures using Fortinet solutions. Visit the Fortinet NSE Certification Program page for information about certification requirements.
Fortinet NSE 7—Enterprise Firewall 7.0
The Fortinet NSE 7—Enterprise Firewall 7.0 exam is part of the NSE 7 Network Security Architect program, and recognizes the successfu* candidate’s knowledge and expertise with Fortinet solutions in enterprise security
infrastructure environments.
The exam tests applied knowledge of the integration, administration, troubleshooting, and centra* management of an enterprise Firewall solution composed of FortiOS 7.0.1, FortiManager 7.0.1, and FortiAnalyzer 7.0.1.
Audience
The Fortinet NSE 7—Enterprise Firewall 7.0 exam is intended for network and security professionals who are responsible for the design, administration, and support of an enterprise security infrastructure composed of many
Examkingdom Fortinet NSE7_EFW-7.0 Exam pdf,
Best Fortinet NSE7_EFW-7.0 Free downloads , Fortinet NSE7_EFW-7.0 Dumps at Certkingdom.com
FortiGate devices.
Exam Details
Exam name Fortinet NSE 7—Enterprise Firewall 7.0
Exam series NSE7_EFW-7.0
Time allowed 60 minutes
Exam questions 35 multiple-choice questions
Language English and Japanese
Product version FortiOS 7.0.1, FortiManager 7.0.1, FortiAnalyzer 7.0.1
Exam Topics
Successful candidates have applied knowledge and skills in the following areas and tasks:
* System and session troubleshooting
* Implement the Fortinet Security Fabric
* Diagnose and troubleshoot resource problems using built-in tools
* Diagnose and troubleshoot connectivity problems using built-in tools
* Troubleshoot different operation modes for a FGCP HA cluster
* Central management
* Troubleshoot central management issues
* Content inspection
* Troubleshoot FortiGuard issues
* Troubleshoot web filtering issues
* Troubleshoot the Intrusion Prevention System (IPS)
* Routing
* Troubleshoot routing packets using static routes
* Troubleshoot Border Gateway Protocol (BGP) routing for enterprise traffic
* Troubleshoot OSPF routing for enterprise traffic
* VPN
* Implement a meshed or partially redundant IPsec VPN
* Troubleshoot Autodiscovery VPN (ADVPN) to enable on-demand VPN tunnels between sites
Training Resources
The following resources are recommended for attaining the knowledge and skills that are covered on the exam. The recommended training is available as a foundation for exam preparation. In addition to training, candidates are
strongly encouraged to have hands-on experience with the exam topics and objectives.
NSE Training Institute Courses
* NSE 7 Enterprise Firewall
* NSE 4 FortiGate Security
* NSE 4 FortiGate Infrastructure
* NSE 5 FortiManager
* NSE 5 FortiAnalyzer
Other Resources
* Fortinet Technical Documentation
* Fortinet Knowledge Base
Experience
You should be familiar with the design, administration, and support of an enterprise security infrastructure using FortiGate devices.
Exam Sample Questions
QUESTION 1
Refer to the exhibit, which contains partial output from an IKE real-time debug.
The administrator does not have access to the remote gateway.
Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error?
A. In the phase 1 network configuration, set the IKE version to 2.
B. In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.
C. In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.
D. In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.
Answer: D
QUESTION 2
Refer to the exhibit, which shows the output of a web filtering diagnose command.
Which configuration change would result in non-zero results in the cache statistics section?
A. set server-type rating under config system central-management
B. set webfilter-cache enable under config system fortiguard
C. set webfilter-force-off disable under config system fortiguard
D. set ngfw-mode policy-based under config system settings
Answer: B
QUESTION 3
Refer to the exhibits, which show the configuration on FortiGate and partial session information for
internet traffic from a user on the internal network.
If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?
A. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
B. The session would remain in the session table, and its traffic would egress from port2.
C. The session would be deleted, and the client would need to start a new session.
D. The session would remain in the session table, and its traffic would egress from port1.
Answer: D
QUESTION 4
Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.
An administrator would like to test session failover between the two service provider connections.
What changes must the administrator make to force this existing session to immediately start using
the other interface? (Choose two.)
A. Configure set snat-route-change enable.
B. Change the priority of the port2 static route to 5.
C. Change the priority of the port1 static route to 11.
D. unset snat-route-change to return it to the default setting.
Answer: AC
QUESTION 5
What are two functions of automation stitches? (Choose two.)
A. Automation stitches can be configured on any FortiGate device in a Security Fabric environment.
B. An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
C. Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
D. An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.
Answer: BC