Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Fortinet
  3. NSE7_EFW-7.0

Fortinet NSE7_EFW-7.0 Exam (page: 2)
Fortinet NSE 7 - Enterprise Firewall 7.0
Updated on: 28-Jul-2025

Viewing Page 2 of 34
NSE7_EFW-7.0 PDF 163 Questions

Refer to the exhibit, which shows a partial web filter profile configuration.



Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage?

  1. FortiGate will block the connection, based on the FortiGuard category based filter configuration.
  2. FortiGate will block the connection as an invalid URL.
  3. FortiGate will exempt the connection, based on the Web Content Filter configuration.
  4. FortiGate will allow the connection, based on the URL Filter configuration.

Answer(s): A

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 351 url filter -> FortiGuard Web Filter -> Web Content Filter -> Advanced Filter Options Allow -> Block



Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command.



Based on the output, which two statements are correct? (Choose two.)

  1. The npu_flag for this tunnel is 03.
  2. Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.
  3. Anti-replay is enabled.
  4. The npu_flag for this tunnel is 02.

Answer(s): A,C



Refer to the exhibit, which shows a session table entry.



Which statement about FortiGate behavior relating to this session is true?

  1. FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.
  2. FortiGate forwarded this session without any inspection.
  3. FortiGate is performing security profile inspection using the CPU. Most Voted
  4. FortiGate applied only IPS inspection to this session.

Answer(s): C

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 91, 92 First digit of "proto_state" value at 1 and considering all counters are at 0 for HW acceleration means CPU usage



Refer to the exhibit, which shows partial outputs from two routing debug commands.



Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

  1. Set the priority of the static default route using port1 to 10. Most Voted
  2. Set the priority of the static default route using port2 to 1.
  3. Set preserve-session-route to enable.
  4. Set snat-route-change to enable.

Answer(s): A

Explanation:

ECMP pre-requisite is "routes must have the same destination and costs. In the case of static routes, costs include distance and priority". In this case traffic is routed through port 1 because of the lower priority. If we raise priority on port 1 to the value of 10 the traffic should be routed through both ports 1 and 2.
https://docs.fortinet.com/document/fortigate/7.0.1/administration-guide/25967/equal-cost-multi- path



Refer to the exhibit, which shows a partial routing table.



Assuming all the appropriate firewall policies are configured, what two changes would an administrator need to make if they wanted to send traffic from a client directly connected to port3, to a server directly connected to port4? (Choose two.)

  1. Configure route leaking between VRF 12 and VRF 21.
  2. Disable auto-asic-offload as this is not supported between VRF instances.
  3. Configure RIPv2 to exchange route information between the VRF instances.
  4. Configure route leaking between port3 and port4.
  5. Enable SNAT on the relevant firewall policies to prevent RPF check drops.

Answer(s): A,E

Explanation:

Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 148, 159



Viewing Page 2 of 34



Share your comments for Fortinet NSE7_EFW-7.0 exam with other users:

gr 7/2/2023 7:03:00 AM

ques 4 answer should be c ie automatically recover from failure
Anonymous


RS 7/27/2023 7:17:00 AM

very very useful page
INDIA


Blessious Phiri 8/12/2023 11:47:00 AM

the exams are giving me an eye opener
Anonymous


AD 10/22/2023 9:08:00 AM

3rd so far, need to cover more
Anonymous


Matt 11/18/2023 2:32:00 AM

aligns with the pecd notes
Anonymous


Sri 10/15/2023 4:38:00 PM

question 4: b securityadmin is the correct answer. https://docs.snowflake.com/en/user-guide/security-access-control-overview#access-control-framework
GERMANY


H.T.M. D 6/25/2023 2:55:00 PM

kindly please share dumps
Anonymous


Satish 11/6/2023 4:27:00 AM

it is very useful, thank you
Anonymous


Chinna 7/30/2023 8:37:00 AM

need safe rte dumps
FRANCE


1234 6/30/2023 3:40:00 AM

can you upload the cis - cpg dumps
Anonymous


Did 1/12/2024 3:01:00 AM

q6 = 1. download odt application 2. create a configuration file (xml) 3. setup.exe /download to download the installation files 4. setup.exe /configure to deploy the application
FRANCE


John 10/12/2023 12:30:00 PM

great material
Anonymous


Dinesh 8/1/2023 2:26:00 PM

could you please upload sap c_arsor_2302 questions? it will be very much helpful.
Anonymous


LBert 6/19/2023 10:23:00 AM

vraag 20c: rsa veilig voor symmtrische cryptografie? antwoord c is toch fout. rsa is voor asymmetrische cryptogafie??
NETHERLANDS


g 12/22/2023 1:51:00 PM

so far good
UNITED STATES


Milos 8/4/2023 9:33:00 AM

question 31 has obviously wrong answers. tls and ssl are used to encrypt data at transit, not at rest.
Serbia And Montenegro


Diksha 9/25/2023 2:32:00 AM

pls provide dump for 1z0-1080-23 planning exams
Anonymous


H 7/17/2023 4:28:00 AM

could you please upload the exam?
Anonymous


Anonymous 9/14/2023 4:47:00 AM

please upload this
UNITED STATES


Naveena 1/13/2024 9:55:00 AM

good material
Anonymous


WildWilly 1/19/2024 10:43:00 AM

lets see if this is good stuff...
Anonymous


Lavanya 11/2/2023 1:53:00 AM

useful information
UNITED STATES


Moussa 12/12/2023 5:52:00 AM

intéressant
BURKINA FASO


Madan 6/22/2023 9:22:00 AM

thank you for making the interactive questions
Anonymous


Vavz 11/2/2023 6:51:00 AM

questions are accurate
Anonymous


Su 11/23/2023 4:34:00 AM

i need questions/dumps for this exam.
Anonymous


LuvSN 7/16/2023 11:19:00 AM

i need this exam, when will it be uploaded
ROMANIA


Mihai 7/19/2023 12:03:00 PM

i need the dumps !
Anonymous


Wafa 11/13/2023 3:06:00 AM

very helpful
Anonymous


Alokit 7/3/2023 2:13:00 PM

good source
Anonymous


Show-Stopper 7/27/2022 11:19:00 PM

my 3rd test and passed on first try. hats off to this brain dumps site.
UNITED STATES


Michelle 6/23/2023 4:06:00 AM

please upload it
Anonymous


Lele 11/20/2023 11:55:00 AM

does anybody know if are these real exam questions?
EUROPEAN UNION


Girish Jain 10/9/2023 12:01:00 PM

are these questions similar to actual questions in the exam? because they seem to be too easy
Anonymous