Fortinet - NSE7_EFW-7.

Question #:1

Exhibit.

Refer to the exhibit, which shows a partial touting table

What two concisions can you draw from the corresponding FortiGate configuration? (Choose two.)

A. IPSec Tunnel aggregation is configured

B. net-device is enabled in the tunnel IPSec phase 1 configuration
C. OSPI is configured to run over IPSec.
D. add-route is disabled in the tunnel IPSec phase 1 configuration.
Answer: B D

Question #:2

Refer to the exhibit.

which contains a partial configuration of the global system. What can you conclude from this output?
A. NPs and CPs are enabled
B. Only CPs arc disabled
C. Only NPs are disabled
D. NPs and CPs arc disabled
Answer: A

Question #:3

Exhibit.

Refer to the exhibit, which provides information on BGP neighbors. Which can you conclude from this command

output?

A. The router are in the number to match the remote peer.

B. You must change the AS number to match the remote peer.
C. BGP is attempting to establish a TCP connection with the BGP peer.
D. The bfd configuration to set to enable.
Answer: C

Question #:4

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator
notices that some of the switches in the network continue to send traffic to the former primary device What can the
administrator do to fix this problem?

A. Verity Mai the speed and duplex settings match between me FortiGate interfaces and the connected switch
ports
B. Configure set link -failed signal enable under-config systemha on both Cluster members
C. Configure remote Iink monitoring to detect an issue in theforwarding path
D. Configure set send-garp-on-failover enablesunder configsystem ha on both clustermembers
1 of 28
 Fortinet - NSE7_EFW-7.2

Answer: D
Question #:5

Winch two statements about ADVPN are true? (Choose two)

A. auto-discovery receiver must be set to enable on the Spokes.

B. Spoke to-spoke traffic never goes through the hub
C. lt supports NAI foron-demand tunnels
D. Routing is configured by enabling add-advpn-route
Answer: A C

Question #:6

Which statement about network processor (NP) offloading is true?

A. For TCP traffic FortiGateCPU offloads the first packetsof SYN/ACK and ACK of the three-way
handshake to NP
B. The NP providesIPS signature matching
C. You can disable the NP for each firewall policy using the command np-acceleration st to loose.
D. The NP checks the session key or IPSec SA

Answer: D

Question #:7

Which two statements about bfdare true? (Choose two)

A. It can support neighbor only over the next hop in BGP

B. You can disable it at the protocol level
C. It works for OSPF and BGP
D. You must configure n globally only

Answer: B C

Question #:8

Exhibit.

Refer to exhibit, which shows a central management configuration

Which server will FortiGate choose for web filler rating requests if 10.0.1.240 is experiencing an outage?

A. Public FortiGuard servers

B. 10.0.1.242
C. 10.0.1.244
D. 10.0.1.243
Answer: C

2 of 28
 Fortinet - NSE7_EFW-7.2

Question #:9

Exhibit.

Refer to the exhibit, which contains a partial policy configuration. Which

setting must you configure to allow SSH?

A. Specify SSH in the Service field

B. Configure pot 22 in the Protocol Options field.

C. Include SSH in the Application field

D. Select an application control profile corresponding to SSH in the Security Profiles section

Answer: C

Question #:10

You contoured an address object on the tool fortiGate in a Security Fabric. This object is not synchronized with a
downstream device.Which two reasons could be the cause? (Choose two)

A. The address object on the tool FortiGate has fabric-object set to disable
B. The root FortiGate has configuration-sync set to enable
C. The downstream FortiGate has fabric-object-unification set to local
D. The downstream FortiGate has configuration-sync set to local
Answer: A C

Question #:11

Exhibit.

Refer to the exhibit, which contains the partial ADVPN configuration of a spoke.

Which two parameters must you configure on the corresponding single hub? (Choose two.)

A. Set auto-discovery-sender enable

B. Set ike-version 2
C. Set auto-discovery-forwarder enable
D. Set auto-discovery-receiver enable

Answer: AC / ＡＢ？

Question #:12

Which configuration can be used to reduce the number of BGP sessions inon IBGP network?

3 of 28
 Fortinet - NSE7_EFW-7.2

A. Route-reflector-peer enable
B. Route-reflector-client enable
C. Route-reflector enable
D. Route-reflector-server enable

Answer: B

Question #:13

Exhibit.

Refer to the exhibit, which contains an active-active toad balancing scenario.

During the traffic flow the primary FortiGate forwards the SYN packet to the secondary FortiGate.

What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to the
secondary FortiGate?

A. Secondary physical MAC port1

B. Secondary virtual MAC port1
C. Secondary virtual MAC port1 then physical MAC port1
D. Secondary physical MAC port2 then virtual MAC port2

Answer: A

Question #:14
Which two statements about IKE vision 2 are true? (Choose two.)

A. Phase 1 includes main mode

B. It supports the extensible authentication protocol (EAP)

C. It supports the XAuth protocol.

D. It exchanges a minimum of four messages to establish a secure tunnel

Answer: B D

Question #:15

Exhibit

4 of 28
 Fortinet - NSE7_EFW-7.2

Refer to the exhibit, which shows a partial web filter profile conjuration

What can you cone udo from this configuration about access to www.facebook.com, which is categorized as Social
Networking?

A. The access is blocked based on the Content Filter configuration

B. The access is allowed based on the FortiGuard Category Based Filter configuration
C. The access is blocked based on the URL Filter configuration
D. The access is hocked if the local or the public FortiGuard server does not reply

Answer: C

Question #:16

Which FortiGate in a Security I auric sends togs to FortiAnalyzer?

A. Only the root FortiGate.

B. Each FortiGate in the Security fabric.
C. The FortiGate devices performing network address translation (NAT) or unified threat management (UTM).
if configured.
D. Only the last FortiGate that handled a session in the Security Fabric

Answer: B

Question #:17

Exhibit.

Refer to the exhibit, which shows an ADVPN network.

The client behind Spoke-1 generates traffic to the devicelocated behind Spoke-2. Which first

message floes the hub send to Spoke-110 bring up the dynamic tunnel?

A. Shortcut query
B. Shortcut reply
C. Shortcut offer
D. Shortcut forward

Answer: C

Question #:18

You created aVPN community using VPN Manager on FortiManager. You also added gateways to the VPN
community.Now you are trying to create firewall policies to permit traffic over the tunnel however, theVPN
interfaces do not appear as available options.

A. Create interface mappings for the IPsec VPN interfaces before you use them in a policy.

B. Refresh the device status using the Device Manager so that FortiGate populates the IPSec interfaces

C. Configure the phase 1 settings in the VPN community that you didnt initially configure. FortiGate
5 of 28
 Fortinet - NSE7_EFW-7.2

automatically generates theinterfaces after you configure the required settings

D. install the VPN community andgateway configuration on the fortiGate devices so that the VPN
interfaces appear on the Policy Objects on fortiManager.

Answer: D

Question #:19

After enabling IPS you receive feedback about traffic being dropped.

What could be thereason?

A. Np-accel-mode is set to enable

B. Traffic-submit is set to disable

C. IPS is configured to monitor

D. Fail-open is set to disable

Answer: D

Question #:20

Exhibit.

Refer to the exhibit, which contains the partial interface configuration of two FortiGate devices. Which two

conclusions can you draw from this con figuration? (Choose two)

A. 10.1.5.254 is the default gateway of the internal network

B. On failover new primary device uses the same MAC address as the old primary
C. The VRRP domain uses the physical MAC address of the primary FortiGate
D. By default FortiGate B is the primary virtual router
Answer: B C

Question #:21

Exhibit.

Refer to the exhibit, which shows information about an OSPF interface

What two conclusions can you draw from this command output? (Choose two.)

A. The port3 network has more man one OSPF router

B. The OSPF routers are in the area ID of 0.0.0.1.

6 of 28
 Fortinet - NSE7_EFW-7.2

C. The interfaces of the OSPF routers match the MTU value that is configured as 1500.

D. NGFW-1 is the designated router

Answer: A C

Question #:22

Exhibit.

Refer to the exhibit, which shows the output from the webfilter fortiguard cache dump and webfilter categories commands.

Using theoutput, how can an administrator determine the category of the training.fortinet.comam website?

A. The administrator must convert the first three digits of the IPhex value to binary

B. The administrator can look up the hex valueof34 in the second command output.

C. The administratormust add both the Pima in and Iphex values of 34 to get the category number

D. The administrator must convert the first two digits of the Domain hex value to a decimal value

Answer: B

Question #:23

Refer to the exhibit, which contains a partial BGP combination.

You want to configure a loopback as the OGP source.

Which two parameters must you set in the BGP configuration? (Choose two)

A. ebgp-enforce-multihop

B. recursive-next-hop

C. ibgp-enfoce-multihop

D. update-source

Answer: A D

Question #:24

You want to block access to the website ww.eicar.orgusing a custom IPS signature.

Which custom IPS signature should you configure?

A. F-SBID ( --name “detect_eicar”; --protocol udp; --service ssl; --flow from_client; --pattern “www.eicar.org”; --
no_case; --context host;)

7 of 28
 Fortinet - NSE7_EFW-7.2

B. F-SBID ( --name “eicar”; --protocol udp; --flow from_server; --pattern “eicar”; --context host;)

C. F-SBID ( --name “detect_eicar”; --protocol tcp; --service dns; --flow from_server; --pattern “eicar”; --no_case;)

D. F-SBID ( --name “eicar”; --protocol tcp; --service HTTP; --flow from_client; --pattern “www.eicar.org”; --
no_case; --context host;)

Answer: D

Question #:25

Exhibit.

Refer to the exhibit,which contains an ADVPN network diagram and a partial BGP con figuration Which twoparameters
Should you configure in config neighbor range? (Choose two.)

A. set prefix 172.16.1.0 255.255.255.0

B. set route reflector-client enable

C. set neighbor-group advpn

D. set prefix 10.1.0 255.255.255.0

Answer: AC

Question #:26

Which ADVPN configuration must be configured using a script on fortiManager, when using VPN Manager
to manage fortiGate VPN tunnels?

A. Enable AD-VPN in IPsec phase 1

B. Disable add-route on hub

C. Configure IP addresses on IPsec virtual interlaces

D. Set protected network to all

Answer: A

Question #:27

Referto theexhibit, which shows a networkdiagram.

Which IPsec phase 2 configuration should you impalement so that only one remote site is connected at any time?

8 of 28
 Fortinet - NSE7_EFW-7.2

A. Set route-overlap to allow.

B. Set single-source to enable
C. Set route-overlap to either use—new or use-old
D. Set net-device to enable

Answer: B

Question #:28

You want to configure faster failure detection for BGP

Which parameter should you enable on both connected FortiGate devices?

A. Ebgp-enforce-multihop

B. bfd

C. Distribute-list-in

D. Graceful-restart

Answer: B

Question #:29

Exhibit.

Refer to the exhibit, which contains a partial VPN configuration. What

can you conclude from this configuration1?

A. FortiGate creates separate virtual interfaces for each dial up client.

B. The VPN should usethe dynamic routing protocol to exchange routing information Through the tunnels.
C. Dead peer detection s disabled.
D. The routing table shows a single IPSec virtual interface.

Answer: D

Question #:30

Which two statements about the Security fabric are true? (Choose two.)

A. FortiGate uses the FortiTelemetry protocol to communicate with FortiAnatyzer.

B. Only the root FortiGate sends logs to FortiAnalyzer

C. Only FortiGate devices with configuration-sync receive and synchronize global CMDB objects that the toot
FortiGate sends

9 of 28
 Fortinet - NSE7_EFW-7.2

D. Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer

Answer: C D

Question #:31

Which, three conditions are required for two FortiGate devices to form an OSPF adjacency? (Choose three.)

A. OSPF interface network types match

B. OSPF router IDs are unique
C. OSPF interface priority settings are unique
D. OSPF link costs match
E. Authentication settings match
Answer: A B E

Question #:32

Exhibit.

Refer to the exhibit, which contains a CLI script configuration on fortiManager. An administrator configured the CLI

script on FortiManager rut the script tailed to apply any changes to the managed device after being executed.

What are two reasons why the script did not make any changes to the managed device? (Choose two)

A. The commands that start with the # sign did not run.
B. Incomplete commands can cause CLI scripts to fail.
C. Static routes can be added using only TCI scripts.
D. CLI scripts must start with #!.

Answer: A B

Explanation

Question #:33

Refer to the exhibit, which shows a routing table.

What two optionscan you configure in OSPF to block the advertisement of the 10.1.10.0 prefix? (Choose two.)
A. Remove the 16.1.10.C prefix from the OSPF network
B. Configure a distribute-list-out
C. Configure a route-map out
D. Disable Redistribute Connected
Answer: B C

Question #:34

10 of 28
 Fortinet - NSE7_EFW-7.2

Which two statements about metadata variables are true? (Choose two.)

A. You create them on FortiGate

B. They apply only to non-firewall objects.

C. The metadata format is $<metadata_variabie_name>.

D. They can be used as variables in scripts

Answer: C D

Question #:35

In which two ways does fortiManager function when it is deployed as a local FDS? (Choose two)

A. lt can be configured as an update server a rating server or both

B. It provides VM license validation services

C. It supports rating requests from non-FortiGate devices.

D. It caches available firmware updates for unmanaged devices

Answer: A B

11 of 28
 Fortinet - NSE7_EFW-7.2

36. Refer to the exhibit which shows two configured FortiGate devices and peering over

FGSP.
The main link directly connects the two FortiGate devices and is configured using the set session-syn-dev
<interface> command.
What is the primary reason to configure the main link?

 A. To have only configuration synchronization in layer 3

 B. To load balance both sessions and configuration synchronization between layer 2 and 3

 C. To have both sessions and configuration synchronization in layer 3

 D. To have both sessions and configuration synchronization in layer 2

Ans：D

2.
Question #8Topic 1
Which two statements about IKE version 2 fragmentation are true? (Choose two.)

 A. Only some IKE version 2 packets are considered fragmentable

 B. The reassembly timeout default value is 30 seconds
 C. It is performed at the IP layer
 D. The maximum number of IKE version 2 fragments is 128

Ans：AC

12 of 28
 Fortinet - NSE7_EFW-7.2

3.
Refer to the exhibits, which show the configurations of two address objects from the same FortiGate.

Engineering address object -

Finance address object -

Why can you modify the Engineering address object, but not the Finance address object?

 A. You have read-only access.

 B. Another user is editing the Finance address object in workspace mode.

 C. FortiGate joined the Security Fabric and the Finance address object was configured on the root
FortiGate.

 D. FortiGate is registered on FortiManager.

Ans：C
13 of 28
 Fortinet - NSE7_EFW-7.2

Question #: 12
Topic #: 1
[All NSE7_EFW-7.0 Questions]
Refer to the exhibit, which shows a partial routing table.

Assuming all the appropriate firewall policies are configured, what two changes would an administrator need to
make if they wanted to send traffic from a client directly connected to port3, to a server directly connected to
port4? (Choose two.)

 A. Configure route leaking between VRF 12 and VRF 21.

 B. Disable auto-asic-offload as this is not supported between VRF instances.
 C. Configure RIPv2 to exchange route information between the VRF instances.
 D. Configure route leaking between port3 and port4.
 E. Enable SNAT on the relevant firewall policies to prevent RPF check drops.

ANS:AE

Actual exam question from Fortinet's NSE7_EFW-7.2

Question #: 36
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Refer to the exhibit, which contains an active-active load balancing scenario.

14 of 28
 Fortinet - NSE7_EFW-7.2

During the traffic flow, the primary FortiGate forwards the SYN packet to the secondary FortiGate.

What is the destination MAC address or addresses when packets are forwarded from the primary FortiGate to
the secondary FortiGate?

 A. Secondary virtual MAC port1 then physical MAC port1

 B. Secondary virtual MAC port1
 C. Secondary physical MAC port1
 D. Secondary physical MAC port1 then virtual MAC port2

ANS：C

Actual exam question for Fortinet's NSE7_EFW-7.0 exam

Question #: 28
Topic #: 5
[All NSE7_EFW-7.0 Questions]
Refer to the exhibits.

Which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are
not able to connect to the VPN. After running a diagnostics command, the administrator discovered that
FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must administrator make to fix the issue? (Choose tw

A. Use different pre-shared keys on both VPNs

B. Enable Mode Config on both VPNs.
C. Set up specific peer IDs on both VPNs.
D. Change to aggressive mode on both VPNs.

Ans：CD

15 of 28
 Fortinet - NSE7_EFW-7.2

Question #2Topic 1
You want to improve reliability over a lossy IPSec tunnel.
Which combination of IPSec phase 1 parameters should you configure?

 A. fec-ingress and fsc-egrsss

 B. dpd and dpd-retryinterval
 C. fragmentation and fragmentation-mtu
 D. keepalive and keylive

ANS: A

16 of 28
 Fortinet - NSE7_EFW-7.2

Question #: 4
Topic #: 1
[All NSE7_NST-7.2 Questions]
Refer to the exhibit, which shows a session table entry.

Which statement about FortiGate behavior relating to this session is true?

 A. FortiGate forwarded this session without any inspection.

 B. FortiGate is performing a security profile inspection using the CPU.
 C. FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match
could be made.
 D. FortiGate applied only IPS inspection to this session.

ANS：B

Topic #: 1
[All NSE7_EFW-7.2 Questions]
Which two statements about the BFD parameter in BGP are true? (Choose two.)

 A. It detects only two-way failures.

 B. The two routers must be connected to the same subnet.
 C. It allows failure detection in less than one second.
 D. It is supported for neighbors over multiple hops.

ANS：CD

17 of 28
 Fortinet - NSE7_EFW-7.2

Question #: 39
Topic #: 1
[All NSE7_EFW-7.0 Questions]
An administrator has created a VPN community within VPN Manager on FortiManager. They also added
gateways to the VPN community and are now trying to create firewall policies to permit traffic over the tunnel;
however, the VPN interfaces are not listed as available options.
What step must the administrator take to resolve this issue?

 A. Install the VPN community and gateway configuration to the FortiGate devices, in order for the
interfaces to be displayed within Policy & Objects on FortiManager
 B. Set up all of the phase 1 settings in the VPN community that they neglected to set up initially. The
interfaces will be automatically generated after the administrator configures all of the required settings.
 C. Refresh the device status from the Device Manager so that FortiGate will populate the IPsec
interfaces.
 D. Create interface mappings for the IPsec VPN interfaces, before they can be used in a policy.

ANS：A

Question #: 40
Topic #: 1
[All NSE7_NST-7.2 Questions]

18 of 28
 Fortinet - NSE7_EFW-7.2

Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the
output, which two statements are correct? (Choose two.)

 A. Anti-replay is enabled.
 B. The npu_flag for this tunnel is 03.
 C. The npu_flag for this tunnel is 02.
 D. Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.

ANS：AB

Question #: 11
Topic #: 1
[All NSE7_EFW-7.0 Questions]

19 of 28
 Fortinet - NSE7_EFW-7.2

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet,
using ECMP?

 A. Set the priority of the static default route using port1 to 10.
 B. Set the priority of the static default route using port2 to 1.
 C. Set preserve-session-route to enable.
 D. Set snat-route-change to enable.

ANS：A

Question #: 35
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Refer to the exhibit, which shows an error in system fortiguard configuration.

What is the reason you cannot set the protocol to udp in config system fortiguard?

 A. udp is not a protocol option.

 B. fortiguard-anycast is set to enable.
 C. You do not have the corresponding write access.
 D. FortiManager provides FortiGuard.

ANS：B

Actual exam question from Fortinet's NSE7_EFW-6.2

Question #: 39
Topic #: 1
20 of 28
 Fortinet - NSE7_EFW-7.2

[All NSE7_EFW-6.2 Questions]

Refer to the exhibit, which contains a partial web filter profile configuration.
Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File
Sharing and Storage?

 A. FortiGate will exempt the connection based on the Web Content Filter configuration.
 B. FortiGate will block the connection as an invalid URL.
 C. FortiGate will block the connection based on the URL Filter configuration.
 D. FortiGate will allow the connection based on the FortiGuard category based filter configuration.

ANS：A

Actual exam question from Fortinet's NSE7_EFW-7.0

Question #: 6
Topic #: 1
[All NSE7_EFW-7.0 Questions]
What are two functions of automation stitches? (Choose two.)

 A. Automation stitches can be configured on any FortiGate device in a Security Fabric environment.
 B. An automation stitch configured to execute actions sequentially can take parameters from previous
actions as input for the current action.
 C. Automation stitches can be created to run diagnostic commands and attach the results to an email
message when CPU or memory usage exceeds specified thresholds.
 D. An automation stitch configured to execute actions in parallel can be set to insert a specific delay
between actions.
21 of 28
 Fortinet - NSE7_EFW-7.2

ANS:BC

Refer to the exhibit, which shows config system central-management information.

Which

A. Add server. fortiguard. net to the server list.

B. Configure securewf.fortiguard. net on the default servers.

C. Set update-server-location to automatic.

D. Configure server-type with the rating option. setting must you configure for the web filtering feature to
function?

ANS：D

Actual exam question from Fortinet's NSE7_EFW-7.2

Question #: 16
Topic #: 1
[All NSE7_EFW-7.2 Questions]

22 of 28
 Fortinet - NSE7_EFW-7.2

Refer to the exhibit, which shows a network diagram.

Which protocol should you use to configure the FortiGate cluster?

 A. FGCP in active-passive mode

 B. FGCP in active-active mode
 C. FGSP
 D. VRRP

ANS：C

Actual exam question from Fortinet's NSE7_EFW-7.2

Question #: 33
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Which two statements about ADVPN are true? (Choose two.)

 A. The hub adds routes based on IKE negotiations.

 B. You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.
 C. All FortiGate devices must be in the same autonomous system (AS).
 D. You must disable add-route in the hub.

ANS：BD

23 of 28
 Fortinet - NSE7_EFW-7.2

Refer to the exhibit, which shows the output of a BGP summary.

What two conclusions can you draw from this BGP summary? (Choose two.)

 A. The BGP session with peer 10.127.0.75 is established.

 B. External BGP (EBGP) exchanges routing information.

 C. The router 100.64.3.1 has the parameter bfd set to enable.

 D. The neighbors displayed are linked to a local router with the neighbor-range set to a value of 4.

ANS：AB

Question #: 32
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Refer to the exhibit, which provides information on BGP neighbors.

What can you conclude from this command output?

 A. You must change the AS number to match the remote peer.

 B. BGP is attempting to establish a TCP connection with the BGP peer.
 C. The bfd configuration is set to enable.
 D. The routers are in the same area ID of 0.0.0.0.

ANS：B

24 of 28
 Fortinet - NSE7_EFW-7.2

Actual exam question for Fortinet's NSE7_EFW-7.2 exam

Question #: 19
Topic #: 1
Refer to the exhibit, which shows a network diagram.

Which IPsec phase 2 configuration should you impalement so that only one remote site is connected at any
time?

A. Set route-overlap to allow.

B. Set single-source to enable
C. Set route-overlap to either use-new or use-old
D. Set net-device to enable

ANS：B

Question #: 18
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Refer to the exhibit which shows an ADVPN network.

Which VPN phase 1 parameters must you configure on the hub for the ADVPN feature to function?
(Choose two.)

 A. set auto-discovery-sender enable

 B. set auto-discovery-receiver enable
 C. set add-route enable
 D. set auto-discovery-forwarder enable

ANS：AD

25 of 28
 Fortinet - NSE7_EFW-7.2

Actual exam question from Fortinet's NSE7_EFW-7.2

Question #: 29
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Refer to the exhibit, which contains a partial OSPF configuration.

What can you conclude from this output?

 A. Neighbors maintain communication with the restarting router.

 B. The restarting router sends gratuitous ARP for 30 seconds.
 C. FortiGate restarts if the topology changes.
 D. The router sends grace LSAs before it restarts.

ANS：D

Question #11Topic 1
Refer to the exhibit, which shows a custom signature.

Which two modifications must you apply to the configuration of this custom signature so that you can
save it on FortiGate? (Choose two.)

 A. Ensure that the header syntax is F-SBID.

 B. Add severity.
 C. Add attack_id.
 D. Start options with --.

ANS：AD

26 of 28
 Fortinet - NSE7_EFW-7.2

Question #: 6
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Which two statements about the neighbor-group command are true? (Choose two.)

 A. It applies common settings in an OSPF area

 B. You can apply it in Internal BGP (IBGP) and External BGP (EBGP)
 C. You can configure it on the GUI
 D. It is combined with the neighbor-range parameter

ANS：BC

Question #: 7
Topic #: 1
[All NSE7_EFW-7.2 Questions]
Refer to the exhibit, which contains information about an IPsec VPN tunnel.

What two conclusions can you draw from the command output? (Choose two.)

 A. Dead peer detection is set to enable

 B. The IKE version is 2
 C. Both IPsec SAs are loaded on the kernel
 D. Forward error correction in phase 2 is set to enable

ANS：BC

27 of 28