Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Fortinet
  3. NSE7_EFW-7.2

Fortinet NSE7_EFW-7.2 Exam (page: 1)
Fortinet NSE 7 - Enterprise Firewall 7.2
Updated on: 25-Jan-2026

Viewing Page 1 of 17
NSE7_EFW-7.2 PDF 88 Questions

Which two statements about metadata variables are true? (Choose two.)

  1. You create them on FortiGate
  2. They apply only to non-firewall objects.
  3. The metadata format is $<metadata_variabie_name>.
  4. They can be used as variables in scripts

Answer(s): C,D

Explanation:

Metadata variables in FortiGate are created to store metadata associated with different FortiGate features. These variables can be used in various configurations and scripts to dynamically replace the variable with its actual value during processing. A: You create metadata variables on FortiGate. They are used to store metadata for FortiGate features and can be called upon in different configurations.
D: They can be used as variables in scripts. Metadata variables are utilized within the scripts to dynamically insert values as per the context when the script runs.

Fortinet FortiOS Handbook: CLI Reference



Refer to the exhibit, which contains a partial BGP combination.



You want to configure a loopback as the OGP source.

Which two parameters must you set in the BGP configuration? (Choose two)

  1. ebgp-enforce-multihop
  2. recursive-next-hop
  3. ibgp-enfoce-multihop
  4. update-source

Answer(s): A,D

Explanation:

To configure a loopback as the BGP source, you need to set the "ebgp-enforce-multihop" and "update-source" parameters in the BGP configuration. The "ebgp-enforce-multihop" allows EBGP connections to neighbor routers that are not directly connected, while "update-source" specifies the IP address that should be used for the BGP session1. Reference := BGP on loopback, Loopback interface, Technical Tip: Configuring EBGP Multihop Load-Balancing, Technical Tip: BGP routes are not installed in routing table with loopback as update source



Exhibit.



Refer to the exhibit, which shows a partial web filter profile conjuration

What can you cone udo from this configuration about access to www.facebook, com, which is categorized as Social Networking?

  1. The access is blocked based on the Content Filter configuration
  2. The access is allowed based on the FortiGuard Category Based Filter configuration
  3. The access is blocked based on the URL Filter configuration
  4. The access is hocked if the local or the public FortiGuard server does not reply

Answer(s): C

Explanation:

The access to www.facebook.com is blocked based on the URL Filter configuration. In the exhibit, it shows that the URL "www.facebook.com" is specifically set to "Block" under the URL Filter section1. Reference := Fortigate: How to configure Web Filter function on Fortigate, Web filter | FortiGate / FortiOS 7.0.2 | Fortinet Document Library, FortiGate HTTPS web URL filtering ... - Fortinet ... - Fortinet Community



An administrator has configured two fortiGate devices for an HA cluster.
While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

  1. Verify that the speed and duplex settings match between me FortiGate interfaces and the connected switch ports
  2. Configure set link -failed signal enable under-config system ha on both Cluster members
  3. Configure remote Iink monitoring to detect an issue in the forwarding path
  4. Configure set send-garp-on-failover enables under config system ha on both cluster members

Answer(s): D

Explanation:

Virtual MAC Address and Failover

- The new primary broadcasts Gratuitous ARP packets to notify the network that each virtual MAC is now reachable through a different switch port.

- Some high-end switches might not clear their MAC table correctly after a failover - Solution: Force former primary to shut down all its interfaces for one second when the failover happens (excluding heartbeat and reserved management interfaces):

#Config system ha set link-failed-signal enable end

- This simulates a link failure that clears the related entries from MAC table of the switches.



Exhibit.



Refer to the exhibit, which shows information about an OSPF interlace

What two conclusions can you draw from this command output? (Choose two.)

  1. The port3 network has more man one OSPF router
  2. The OSPF routers are in the area ID of 0.0.0.1.
  3. The interfaces of the OSPF routers match the MTU value that is configured as 1500.
  4. NGFW-1 is the designated router

Answer(s): A,C

Explanation:

From the OSPF interface command output, we can conclude that the port3 network has more than one OSPF router because the Neighbor Count is 2, indicating the presence of another OSPF router besides NGFW-1. Additionally, we can deduce that the interfaces of the OSPF routers match the MTU value configured as 1500, which is necessary for OSPF neighbors to form adjacencies. The MTU mismatch would prevent OSPF from forming a neighbor relationship.


Reference:

Fortinet FortiOS Handbook: OSPF Configuration



Viewing Page 1 of 17



Share your comments for Fortinet NSE7_EFW-7.2 exam with other users:

Whizzle 7/24/2023 6:19:00 AM

q26 should be b
Anonymous


sarra 1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
UNITED KINGDOM


DBS 5/14/2023 12:56:00 PM

need to attend this
UNITED STATES


Da_costa 8/1/2023 5:28:00 PM

these are free brain dumps i understand, how can one get free pdf
Anonymous


vikas 10/28/2023 6:57:00 AM

provide access
EUROPEAN UNION


Abdullah 9/29/2023 2:06:00 AM

good morning
Anonymous


Raj 6/26/2023 3:12:00 PM

please upload the ncp-mci 6.5 dumps, really need to practice this one. thanks guys
Anonymous


Miguel 10/5/2023 12:21:00 PM

question 16: https://help.salesforce.com/s/articleview?id=sf.care_console_overview.htm&type=5
SPAIN


Hiren Ladva 7/8/2023 10:34:00 PM

yes i m prepared exam
Anonymous


oliverjames 10/24/2023 5:37:00 AM

my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!
GERMANY


Bhuddhiman 7/20/2023 11:52:00 AM

great course
UNITED STATES


Anuj 1/14/2024 4:07:00 PM

very good question
Anonymous


Saravana Kumar TS 12/8/2023 9:49:00 AM

question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.
INDIA


Lue 3/30/2023 11:43:00 PM

highly recommend just passed my exam.
CANADA


DC 1/7/2024 10:17:00 AM

great practice! thanks
UNITED STATES


Anonymus 11/9/2023 5:41:00 AM

anyone who wrote this exam recently?
SOUTH AFRICA


Khalid Javid 11/17/2023 3:46:00 PM

kindly share the dump
Anonymous


Na 8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.
Anonymous


shime 10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1
ETHIOPIA


Vnu 6/3/2023 2:39:00 AM

very helpful!
Anonymous


Steve 8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod
CANADA


RITEISH 12/24/2023 4:33:00 AM

thanks for the exact solution
Anonymous


SB 10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam
INDIA


Mike Derfalem 7/16/2023 7:59:00 PM

i need it right now if it was possible please
Anonymous


Isak 7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.
Anonymous


Maria 6/23/2023 11:40:00 AM

correct answer is d for student.java program
IRELAND


Nagendra Pedipina 7/12/2023 9:10:00 AM

q:37 c is correct
INDIA


John 9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
GERMANY


SAM 12/4/2023 12:56:00 AM

explained answers
INDIA


Andy 12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks
SINGAPORE


siva 5/17/2023 12:32:00 AM

very helpfull
Anonymous


mouna 9/27/2023 8:53:00 AM

good questions
Anonymous


Bhavya 9/12/2023 7:18:00 AM

help to practice csa exam
Anonymous


Malik 9/28/2023 1:09:00 PM

nice tip and well documented
Anonymous