Free NSE7_EFW-7.2 Exam Braindumps

Which two statements about IKE vision 2 are true? (Choose two.)

1. A. Phase 1 includes main mode
2. B. It supports the extensible authentication protocol (EAP)
3. C. It supports the XAuth protocol.
4. D. It exchanges a minimum of four messages to establish a secure tunnel

Correct Answer: BD
IKE version 2 supports the extensible authentication protocol (EAP), which allows for more flexible and secure authentication methods1. IKE version 2 also exchanges a minimum of four messages toestablish a secure tunnel, which is more efficient than IKE version 12. References: = IKE settings | FortiClient 7.2.2 - Fortinet
Documentation, Technical Tip: How to configure IKE version 1 or 2 … - Fortinet Community

Refer to the exhibit, which contains a partial BGP combination.

You want to configure a loopback as the OGP source.
Which two parameters must you set in the BGP configuration? (Choose two)

1. A. ebgp-enforce-multihop
2. B. recursive-next-hop
3. C. ibgp-enfoce-multihop
4. D. update-source

Correct Answer: AD
To configure a loopback as the BGP source, you need to set the “ebgp- enforce-multihop” and “update-source” parameters in the BGP configuration. The “ebgp- enforce-multihop” allows EBGP connections to neighbor routers that are not directly connected, while “update-source” specifies the IP address that should be used for the BGP
session1. References := BGP on loopback, Loopback interface, Technical Tip: Configuring EBGP Multihop Load-Balancing, Technical Tip: BGP routes are not installed in routing
table with loopback as update source

Refer to the exhibit, which shows a custom signature.

Which two modifications must you apply to the configuration of this custom signature so that you can save it on FortiGate? (Choose two.)

1. A. Add severity.
2. B. Add attack_id.
3. C. Ensure that the header syntax is F-SBID.
4. D. Start options with --.

Correct Answer: AB
For a custom signature to be valid and savable on a FortiGate device, it must include certain mandatory fields. Severity is used to specify the level of threat that the signature represents, and attack_id is a unique identifier for the signature. Without these, the signature would not be complete and could not be correctly utilized by the FortiGate's Intrusion Prevention System (IPS).

Refer to the exhibit, which shows a routing table.

What two options can you configure in OSPF to block the advertisement of the 10.1.10.0 prefix? (Choose two.)

1. A. Remove the 16.1.10.C prefix from the OSPF network
2. B. Configure a distribute-list-out
3. C. Configure a route-map out
4. D. Disable Redistribute Connected

Correct Answer: BC
To block the advertisement of the 10.1.10.0 prefix in OSPF, you can configure a distribute-list-out or a route-map out. A distribute-list-out is used to filter outgoing routing updates from being advertised to OSPF neighbors1. A route-map out can also be used for filtering and is applied to outbound routing
updates2. References := Technical Tip: Inbound route filtering in OSPF usi … - Fortinet Community, OSPF | FortiGate / FortiOS 7.2.2 - Fortinet Documentation

Refer to the exhibit, which contains a partial OSPF configuration.

What can you conclude from this output?

1. A. Neighbors maintain communication with the restarting router.
2. B. The router sends grace LSAs before it restarts.
3. C. FortiGate restarts if the topology changes.
4. D. The restarting router sends gratuitous ARP for 30 seconds.

Correct Answer: B
From the partial OSPF (Open Shortest Path First) configuration output:
* B. The router sends grace LSAs before it restarts: This is implied by the command 'set restart-mode graceful-restart'. When OSPF is configured with graceful restart, the router sends grace LSAs (Link State Advertisements) to inform its neighbors that it is restarting, allowing for a seamless transition without recalculating routes.
Fortinet documentation on OSPF configuration clearly states that enabling graceful restart mode allows the router to maintain its adjacencies and routes during a brief restart period.