CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_EFW-7.2

Free NSE7_EFW-7.2 Exam Braindumps (page: 1)

Page 1 of 9
PDF with 57 Questions

Which two statements about metadata variables are true? (Choose two.)

  1. You create them on FortiGate
  2. They apply only to non-firewall objects.
  3. The metadata format is $<metadata_variabie_name>.
  4. They can be used as variables in scripts

Answer(s): B,D

Explanation:

Metadata variables are custom fields that you can create on FortiManager to store additional information about objects or devices. They can be used as variables in Jinja2 CLI templates or scripts to apply configurations to multiple devices or objects. They do not apply only to non-firewall objects, but also to firewall objects such as addresses, services, policies, etc. The metadata format is not $<metadata_variable_name>, but @<metadata_variable_name>@. Reference := Using meta field variables, Metadata Variables are supported in Firewall Objects configuration, Technical Tip: New Meta Variables and their usage including Jinja Templates, Technical Tip: Firewall objects use as metadata variable



Refer to the exhibit, which contains a partial BGP combination.



You want to configure a loopback as the OGP source.

Which two parameters must you set in the BGP configuration? (Choose two)

  1. ebgp-enforce-multihop
  2. recursive-next-hop
  3. ibgp-enfoce-multihop
  4. update-source

Answer(s): A,D

Explanation:

To configure a loopback as the BGP source, you need to set the "ebgp-enforce-multihop" and "update-source" parameters in the BGP configuration. The "ebgp-enforce-multihop" allows EBGP connections to neighbor routers that are not directly connected, while "update-source" specifies the IP address that should be used for the BGP session1. Reference := BGP on loopback, Loopback interface, Technical Tip: Configuring EBGP Multihop Load-Balancing, Technical Tip: BGP routes are not installed in routing table with loopback as update source



Exhibit.



Refer to the exhibit, which shows a partial web filter profile conjuration

What can you cone udo from this configuration about access to www.facebook, com, which is categorized as Social Networking?

  1. The access is blocked based on the Content Filter configuration
  2. The access is allowed based on the FortiGuard Category Based Filter configuration
  3. The access is blocked based on the URL Filter configuration
  4. The access is hocked if the local or the public FortiGuard server does not reply

Answer(s): C

Explanation:

The access to www.facebook.com is blocked based on the URL Filter configuration. In the exhibit, it shows that the URL "www.facebook.com" is specifically set to "Block" under the URL Filter section1. Reference := Fortigate: How to configure Web Filter function on Fortigate, Web filter | FortiGate / FortiOS 7.0.2 | Fortinet Document Library, FortiGate HTTPS web URL filtering ... - Fortinet ... - Fortinet Community



An administrator has configured two fortiGate devices for an HA cluster.
While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

  1. Verity Mai the speed and duplex settings match between me FortiGate interfaces and the connected switch ports
  2. Configure set link -failed signal enable under-config system ha on both Cluster members
  3. Configure remote Iink monitoring to detect an issue in the forwarding path
  4. Configure set send-garp-on-failover enables under config system ha on both cluster members

Answer(s): B

Explanation:

Virtual MAC Address and Failover

- The new primary broadcasts Gratuitous ARP packets to notify the network that each virtual MAC is now reachable through a different switch port.

- Some high-end switches might not clear their MAC table correctly after a failover - Solution: Force former primary to shut down all its interfaces for one second when the failover happens (excluding heartbeat and reserved management interfaces):

#Config system ha set link-failed-signal enable end

- This simulates a link failure that clears the related entries from MAC table of the switches.



Page 1 of 9



Post your Comments and Discuss Fortinet NSE7_EFW-7.2 exam with other Community members:

Sobhash commented on April 03, 2024
I was required by my company to pass this exam. I studied for 2 months and sat for the exam but failed. So I decided to use this study exam pacakge with practice questions. They questions turned out to be very relavant and accurate. The explanations and references are a big help. I passed the exam last week.
UNITED KINGDOM
upvote