In which two ways does fortiManager function when it is deployed as a local FDS? (Choose two)
Answer(s): A,B
When deployed as a local FortiGuard Distribution Server (FDS), FortiManager functions in several capacities. It can act as an update server, a rating server, or both, providing firmware updates and FortiGuard database updates. Additionally, it plays a crucial role in VM license validation services,ensuring that the connected FortiGate devices are operating with valid licenses. However, it does not support rating requests from non-FortiGate devices nor cache firmware updates for unmanaged devices.Fortinet FortiOS Handbook: FortiManager as a Local FDS Configuration
Refer to the exhibit.which contains a partial configuration of the global system. What can you conclude from this output?
Answer(s): A
The configuration output shows various global settings for a FortiGate device. The terms NP (Network Processor) and CP (Content Processor) relate to FortiGate's hardware acceleration features. However, the provided configuration output does not directly mention the status (enabled or disabled) of NPs and CPs. Typically, the command to disable or enable hardware acceleration features would specifically mention NP or CP in the command syntax. Therefore, based on the output provided, we cannot conclusively determine the status of NPs and CPs, hence option D is the closest answer since the output does not confirm that they are enabled.
FortiOS Handbook - CLI Reference for FortiOS 5.2
Refer to the exhibit, which shows a routing table.What two options can you configure in OSPF to block the advertisement of the 10.1.10.0 prefix? (Choose two.)
Answer(s): B,C
To block the advertisement of the 10.1.10.0 prefix in OSPF, you can configure a distribute-list-out or a route-map out. A distribute-list-out is used to filter outgoing routing updates from being advertised to OSPF neighbors1. A route-map out can also be used for filtering and is applied to outbound routing updates2. Reference := Technical Tip: Inbound route filtering in OSPF usi ... - Fortinet Community, OSPF | FortiGate / FortiOS 7.2.2 - Fortinet Documentation
Exhibit.Refer to the exhibit, which shows a partial touting tableWhat two concisions can you draw from the corresponding FortiGate configuration? (Choose two.)
Answer(s): B,D
Option B is correct because the routing table shows that the tunnel interfaces have a netmask of 255.255.255.255, which indicates that net-device is enabled in the phase 1 configuration. This option allows the FortiGate to use the tunnel interface as a next-hop for routing, without adding a route to the phase 2 destination1.Option D is correct because the routing table does not show any routes to the phase 2 destination networks, which indicates that add-route is disabled in the phase 1 configuration. This option controls whether the FortiGate adds a static route to the phase 2 destination network using the tunnel interface as the gateway2.Option A is incorrect because IPSec tunnel aggregation is a feature that allows multiple phase 2 selectors to share a single phase 1 tunnel, reducing the number of tunnels and improving performance3. This feature is not related to the routing table or the phase 1 configuration.Option C is incorrect because OSPF is a dynamic routing protocol that can run over IPSec tunnels, but it requires additional configuration on the FortiGate and the peer device4. This option is not related to the routing table or the phase 1 configuration.
=1: Technical Tip: `set net-device' new route-based IPsec logic22: Adding a static route53: IPSec VPN concepts64: Dynamic routing over IPsec VPN7
Which ADVPN configuration must be configured using a script on fortiManager, when using VPN Manager to manage fortiGate VPN tunnels?
To enable AD-VPN, you need to edit an SD-WAN overlay template and enable the Auto-Discovery VPN toggle. This will automatically add the required settings to the IPsec template and the BGPtemplate. You cannot enable AD-VPN directly in the IPsec phase 1 settings using VPN Manager. Reference := ADVPN | FortiManager 7.2.0 - Fortinet Documentation
Share your comments for Fortinet NSE7_EFW-7.2 exam with other users:
new to this site but i feel it is good
the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
good questions
Delayed the exam until December 29th.
A and D are True
good one with explanation
This is one of the most useful study guides I have ever used.