Practice NSE7 Troubleshooting and Diagnostics questions with full explanations on every answer.
Start practicing
Troubleshooting and Diagnostics — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A FortiGate administrator notices that traffic from a specific subnet is being dropped unexpectedly. The security policy allows the traffic, and there are no firewall policies blocking it. What is the most efficient first step to identify the cause of the drops?
2An organization uses FortiGate with OSPF and BGP. Recently, routes from BGP are not being preferred over OSPF routes, causing suboptimal routing. The administrator wants to ensure BGP routes are preferred. Which two actions can achieve this? (Choose two.)
3A FortiGate is experiencing high CPU usage. The administrator runs 'diagnose sys top' and sees that the process 'ipsengine' is using the most CPU. What is the most likely cause?
4An administrator is troubleshooting a VPN tunnel that is not coming up. The remote peer is a third-party device. Which THREE actions should be taken to diagnose the issue?
5A FortiGate administrator sees the following kernel log: 'kernel: [pid 1234] received packet with unknown or unsupported protocol 0x0800 on interface port1, drop'. What does this log indicate?
6Based on the debug flow output, what is the reason the packet is dropped?
7An administrator applies the above policy but users from 10.0.1.0/24 cannot access web servers at 10.0.2.0/24. However, they can ping the servers. What is the most likely cause?
8A FortiGate is experiencing high latency on traffic passing through it. The administrator suspects that asymmetric routing is occurring. Which TWO symptoms are indicative of asymmetric routing?
9A FortiGate cluster (A-P) has a session that is not synchronizing to the secondary unit. The administrator runs 'diagnose sys ha session-sync status' and sees that the session count is different between primary and secondary. Which is the most likely cause?
10A customer reports intermittent connectivity issues between two internal subnets separated by a FortiGate firewall. The traffic is allowed by the policy, but users experience timeouts during peak hours. Which troubleshooting step should you take first?
11An administrator is troubleshooting a scenario where IPSec VPN tunnels between two FortiGates are flapping. The logs show Phase 1 is up but Phase 2 fails with 'no proposal chosen'. The remote FortiGate has multiple Phase 2 selectors configured. What is the most likely cause?
12A FortiGate is set up in a high availability (HA) cluster. The administrator notices that the primary unit is not synchronizing configuration changes to the secondary unit. The HA status shows 'synchronization failed'. What is the most likely cause?
13Which TWO actions are appropriate when troubleshooting a slow network connection through a FortiGate?
14Based on the exhibit, what can be concluded about the session?
15A company runs a FortiGate 600E in NAT/Route mode. They have a site-to-site VPN to a partner using route-based VPN with BGP. Recently, they added a new subnet 192.168.50.0/24 behind the FortiGate. The BGP session is up, and the route is being advertised to the partner. However, traffic from the partner to the new subnet fails. The FortiGate's routing table shows the route to 192.168.50.0/24 is present via the VPN interface. Firewall policies allow the traffic. A packet capture on the FortiGate's internal interface shows the partner's traffic arriving but no SYN-ACK being sent back. The FortiGate's session table shows sessions in 'SYN_RECV' state for the new subnet. What is the most likely cause?
16An administrator is troubleshooting a scenario where traffic from VLAN 100 to a server at 10.1.2.100 is being blocked. The FortiGate has an active security policy allowing the traffic and the routing table shows a correct route. Which TWO diagnostic commands should the administrator run to identify the cause of the blockage?
17A FortiGate is blocking HTTP traffic from 10.0.1.5 to 10.0.2.100, despite an explicit allow policy. The exhibit shows the configuration and debug flow output. What is the most likely cause?
18A FortiGate is deployed as the edge firewall for a medium-sized enterprise. The network has three internal zones: Trust (10.10.0.0/16), DMZ (172.16.0.0/24), and Guest (192.168.0.0/24). The FortiGate has an IPSec VPN to a branch office (10.20.0.0/16). Users in the Trust zone report intermittent connectivity to a web server in the DMZ (172.16.0.10, TCP port 443). The FortiGate logs show occasional 'session denied' messages for traffic from Trust to DMZ with reason 'denied by forward policy check'. The security policy has an explicit allow rule for Trust to DMZ HTTPS. The administrator has verified routing is correct and there are no address overlaps. When the issue occurs, the administrator runs 'diag debug flow' and sees that the packet matches the correct policy but still gets denied. The debug output also shows 'forward policy check: denied'. What is the most likely cause and recommended action?
19Drag and drop the steps to perform a firmware upgrade on a FortiGate device into the correct order.
20Match each high availability (HA) mode to its characteristic.
21A network administrator runs 'diagnose sys top' and sees that the 'ipsengine' process is consistently using 99% CPU. What is the BEST immediate action to reduce CPU load?
22When troubleshooting an IPsec VPN phase 1 failure, you run 'diagnose vpn ike config' and see that the remote gateway IP address is incorrect. Which command is used to correct the peer IP configuration?
23In an HA cluster, after a failover, some established sessions are not being synchronized to the new primary unit. Which setting must be enabled to ensure session synchronization?
24You are troubleshooting an SD-WAN rule where traffic is not matching the expected SLA. The FortiGate shows 'SLA mismatch' in logs. What is the MOST likely cause?
25You receive an alert that FortiAnalyzer log disk usage is at 95%. Which action should you take to immediately free up space without losing important logs?
26A FortiGate admin runs 'diagnose debug application authd -1' but sees no output for LDAP authentication attempts. What is the MOST likely reason?
27You are troubleshooting a BGP neighbor flapping. The neighbor state shows 'Active'. Which command will help you see the reason for the state change?
28You run 'diagnose sys session filter dport 443' and see sessions with a duration of 7200 seconds and expire time of 3600 seconds. What does this indicate?
29An administrator wants to monitor CPU usage of specific processes on a FortiGate. Which command should be used?
30When testing HA failover, you manually switch the primary unit to standby. The secondary unit becomes primary but does not take over the IP address of the virtual cluster. What is the MOST likely cause?
31You are troubleshooting a VPN phase 2 negotiation failure. The logs show 'no proposal chosen'. What is the MOST likely cause?
32An administrator wants to troubleshoot why specific traffic is not matching a configured firewall policy. Which debug command should be used?
33A network administrator is troubleshooting a split-brain scenario in an HA cluster. Which TWO conditions can cause split-brain? (Choose two.)
34You are troubleshooting BGP route advertisement issues. Which THREE debug commands would be useful to identify why a route is not being advertised to a neighbor? (Choose three.)
35An administrator notices that some traffic through the FortiGate is not being inspected by the application control profile. Which TWO reasons could explain this? (Choose two.)
36A network administrator runs the command 'diagnose debug application ssl -1' and sees the following output: 'ssl_generate_proxy_cert: cannot find CA certificate for issuer CN=www.example.com'. What is the MOST likely cause?
37An administrator is troubleshooting an HA cluster (active-passive) where both units show 'primary' in 'get system ha status'. The cluster is not synchronizing configurations. What is the MOST likely cause?
38An administrator wants to monitor real-time CPU usage per process on a FortiGate. Which command should be used?
39A BGP session between FortiGate and a neighbor is in 'Active' state. The administrator has verified IP connectivity and that the neighbor IP is reachable. What is the MOST likely cause?
40An SD-WAN rule has two members: port1 (SLA target latency < 10ms) and port2 (SLA target latency < 20ms). The administrator runs 'diagnose sys sdwan sla-check' and sees that both members meet SLA. However, all traffic is going through port2. What is the MOST likely reason?
41A user reports that they cannot connect to a remote office via IPsec VPN. Phase 1 is up, but Phase 2 fails to establish. The administrator runs 'diagnose vpn ike log' and sees 'no matching phase2 proposal'. What should be checked?
42A FortiGate administrator uses FortiAnalyzer for log analysis and wants to identify all sessions that were blocked by a specific firewall policy ID 10. Which log filter should be applied?
43An administrator configures a session helper for FTP but notices that active FTP data connections are not being allowed through the firewall. The FTP control session establishes fine. What is the MOST likely cause?
44A FortiGate administrator wants to see the current number of active sessions. Which command provides this information?
45An HA cluster (active-passive) is configured. The administrator wants to perform a failover test without causing service disruption. Which command should be used?
46An administrator configures BGP route advertisement but the routes are not being sent to the neighbor. The BGP session is established. What is the MOST likely cause?
47A FortiGate administrator needs to identify which process is consuming the most memory. Which command should be used?
48An administrator is troubleshooting an IPsec VPN tunnel that fails to establish Phase 1. The debug output shows 'no acceptable proposal'. Which TWO configuration parameters should be checked to resolve this issue?
49A FortiGate administrator is investigating a slow network issue. The 'diagnose sys session stat' shows a high number of sessions. Which THREE commands can help identify the source of the high session count?
50An administrator needs to troubleshoot an HA synchronization issue. Which TWO commands provide information about the HA synchronization status?
51A FortiGate admin runs 'diagnose debug application sslvpn -1' and sees repeated messages: 'SSL VPN tunnel establishment failed: no response from client.' The remote user reports that the FortiClient VPN connects but no traffic passes. What is the MOST likely cause?
52You are troubleshooting a BGP session between FortiGate and an ISP router. The FortiGate shows BGP state 'Active' and the debug output shows 'No route to peer'. The ISP router's loopback IP is 203.0.113.1, and the next-hop interface is port1 (10.0.0.1/30). The FortiGate has a static route to 203.0.113.1 via port1. What is the MOST likely cause?
53An administrator needs to monitor the FortiGate's CPU usage in real-time from the CLI. Which command should be used?
54After upgrading FortiGate firmware, an admin notices that several sessions using SIP are failing. The SIP ALG was enabled before the upgrade. What is the MOST likely cause?
55An HA cluster of two FortiGates is experiencing split-brain. After investigation, you find that the heartbeat link is down on the primary unit. Which action will resolve the split-brain condition?
56An administrator wants to see the current sessions for a specific source IP address 192.168.1.10. Which CLI command should be used?
57A FortiGate VPN tunnel shows 'phase1 negotiation failed' in the logs. The remote gateway is a third-party device. The debug command 'diagnose vpn ike config' shows mismatched proposals. Which setting is MOST likely incorrect on the FortiGate?
58Which command displays the current session count on a FortiGate?
59An SD-WAN rule uses a performance SLA to steer traffic to the best-quality link. Traffic is consistently using the backup link even though the primary link meets SLA thresholds. The admin runs 'diagnose sys sdwan sla-check' and sees the primary link SLA status is 'pass'. What is the MOST likely cause?
60A FortiGate admin notices that sessions to a particular server are not being logged in FortiAnalyzer. The firewall policy has logging enabled. What is the MOST likely reason?
61During a failover test in an HA cluster, the primary FortiGate fails over to the secondary. After failover, some existing TCP sessions are dropped. What is the MOST likely reason?
62A BGP route from an ISP is not appearing in the FortiGate's routing table. The BGP session is established and 'show ip bgp' shows the route as valid but not best. Which command should the admin use to investigate why the route is not selected as best?
63An admin is troubleshooting an IPsec VPN tunnel that is failing phase 2. The IKE debug shows 'no matching proposal'. Which TWO settings should the admin verify on both sides? (Choose two.)
64An admin needs to verify that a new firewall policy is performing SSL inspection. Which THREE CLI commands or steps should the admin use to confirm? (Choose three.)
65A FortiGate is experiencing high CPU usage due to a large number of sessions. Which TWO actions can the admin take to mitigate the issue? (Choose two.)
66An administrator runs 'diagnose debug application ssl-helper -1' and sees that sessions to certain HTTPS sites are being terminated by the FortiGate. What is the MOST likely cause?
67An administrator configures an HA cluster with two FortiGates using an FGCP active-passive configuration. After a failover, the new primary FortiGate shows all sessions are lost. The administrator has 'sync session' enabled in the HA configuration. What is the MOST likely reason sessions were not synchronized?
68An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The administrator runs 'diagnose vpn ike log' and sees the message 'no matching proposal found'. What is the MOST likely cause?
69A FortiGate administrator wants to quickly identify which process is consuming the most CPU on the device. Which CLI command should be used?
70An administrator notices that SD-WAN rule-based traffic is not failing over as expected when the primary link goes down. The SLA targets are configured correctly, and the interface health check is showing 'dead' for the primary link. What is the MOST likely reason for the failover not occurring?
71A FortiGate is configured with multiple BGP peers. One of the peers is not receiving the expected routes. The administrator runs 'get router info bgp neighbors <IP>' and sees that the 'State/PfxRcd' field is 'Active'. What does this indicate?
72An administrator is investigating a security incident and needs to view raw logs from a FortiAnalyzer for a specific time range. The administrator wants to ensure the logs are not aggregated or summarized. Which type of log view should be used?
73An administrator wants to monitor the session count on a FortiGate in real time. Which CLI command provides this information?
74A FortiGate administrator observes that traffic from an internal user to the internet is being blocked. The firewall policy allows the traffic, and the user can ping external hosts. The administrator runs 'diagnose debug flow' for the user's IP and sees 'session denied by forward policy check'. What is the MOST likely cause?
75A FortiGate in an HA cluster shows the message 'split-brain detected' in the event log. The administrator checks the HA status and sees both units are in 'standalone' mode. What is the MOST likely cause of this split-brain scenario?
76An administrator needs to check the health of an SD-WAN link by viewing the last SLA probe results. Which command should be used?
77A FortiGate administrator is troubleshooting a VPN tunnel that connects to a remote site. The tunnel is up, but traffic is not passing. The administrator checks the Phase 2 settings and sees that the local and remote subnets are correctly defined. What is the next step to diagnose the issue?
78An administrator is troubleshooting a BGP session that is not establishing between two FortiGates. The administrator has verified that the neighbor IP is reachable. Which TWO commands should be used to further diagnose the issue? (Choose two.)
79A FortiGate administrator is investigating a slow network performance issue. The administrator suspects that session table limits are being reached. Which TWO metrics should be monitored to confirm this? (Choose two.)
80An administrator is configuring a FortiGate to inspect SMTP traffic for spam and viruses. The traffic must be decrypted to inspect the content. Which THREE elements are required for this configuration? (Choose three.)
81A FortiGate administrator notices that after upgrading the firmware, some BGP sessions to a service provider are flapping. The administrator runs 'diagnose ip router bgp all' and sees that the BGP neighbor state is Active. What is the MOST likely cause of this issue?
82A network admin runs 'diagnose sys top' on a FortiGate and sees that the process 'httpsd' is consistently using 95% CPU. Which of the following actions is MOST appropriate to troubleshoot this issue?
83An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The Phase 1 status shows 'init' and the debug output indicates 'no suitable proposal found'. The remote peer is a third-party VPN device. Which of the following is the MOST likely cause?
84A FortiGate administrator wants to verify whether a specific session is being offloaded to the NP6 processor. Which CLI command should the administrator use?
85During a failover test in an active-passive HA cluster, the administrator notices that the secondary unit does not take over the primary role after a link failure on the primary. The 'get system ha status' shows both units in 'standalone' mode. What is the MOST likely cause?
86An administrator configures SD-WAN with multiple members. The SD-WAN rule uses the 'latency' strategy. The administrator notices that traffic is not switching to the best-performing member even when latency exceeds the threshold. What could be the issue?
87A FortiGate administrator is troubleshooting a VPN tunnel that is up but no traffic passes through. The Phase 2 selectors match. The administrator runs 'diagnose vpn tunnel list' and sees that the tunnel has '0 bytes' in both directions. What is the MOST likely cause?
88Which FortiGate command is used to view the current CPU usage of individual processes in real time?
89An administrator runs 'diagnose debug application ipsmonitor -1' and sees repeated messages: 'IPS engine restarting'. What is the MOST likely cause of this behavior?
90Two FortiGate units in an HA cluster are experiencing synchronization issues. The administrator runs 'diagnose sys ha checksum cluster' and sees different checksum values for the 'system' and 'router' objects. What is the FIRST step to resolve the mismatch?
91Which of the following is a valid command to check the status of all BGP neighbors on a FortiGate?
92An administrator observes that traffic from a specific subnet is being dropped by the FortiGate. The session table shows the sessions with 'proto_state=01' and 'expire=0'. What does this indicate?
93An administrator is troubleshooting an IPsec VPN Phase 2 negotiation failure. The debug shows 'no matching phase 2 proposal' from the remote peer. Which TWO of the following are likely causes? (Choose two.)
94A FortiGate administrator is investigating a security incident and needs to identify which user initiated a specific outbound connection to a malicious IP address. The company uses FSSO for authentication. Which THREE pieces of information from FortiAnalyzer logs would be MOST useful? (Choose three.)
95An administrator notices that an application-based SD-WAN rule is not steering traffic as expected. The SLA targets are configured correctly. Which TWO debug commands should the administrator use to diagnose the issue? (Choose two.)
96An administrator is troubleshooting an HA cluster where both units show as primary after a link failure. What is the most likely cause of this split-brain scenario?
97A FortiGate administrator runs 'diagnose debug application sslvpn -1' and sees repeated messages: 'SSL VPN tunnel error: no response from client'. What is the most likely cause?
98You execute 'diagnose sys session filter dport 443' and see output: 'proto=6 proto_state=01 duration=3600 expire=3599'. What does 'proto_state=01' indicate about this session?
99An administrator is configuring SD-WAN with multiple members. When a rule matches, traffic is not being load-balanced as expected. Which command should the admin use to verify the SD-WAN rule selection for a specific flow?
100A BGP peering between two FortiGates is not establishing. The admin runs 'get router info bgp summary' and sees the neighbor state as 'Idle'. What is the most common cause of a BGP session stuck in Idle?
101When troubleshooting an IPsec VPN phase 1 negotiation failure, which debug command should the administrator run to see detailed IKE negotiation messages?
102An administrator is investigating a security incident and needs to determine which firewall policy allowed a specific malicious traffic flow. The traffic is no longer active. Which FortiAnalyzer log type should the admin query?
103An administrator notices high CPU usage on a FortiGate. To identify which process is consuming the most CPU, which command should be used?
104An administrator needs to verify if a FortiGate is receiving BGP routes from a peer. Which command should the admin run to see the BGP routing table?
105When troubleshooting a FortiGate that is not synchronizing configuration to its HA peer, which command should be used to check the HA synchronization status?
106An administrator configures an ALG for SIP traffic but notices that some SIP calls are failing. The admin suspects the ALG is modifying SIP headers incorrectly. Which debug command can help verify the ALG's actions on SIP packets?
107An administrator wants to see the current number of active sessions on a FortiGate. Which command should the admin use?
108An administrator is troubleshooting an IPsec VPN where phase 1 is up but phase 2 fails. Which two debug commands would be MOST helpful in diagnosing the phase 2 issue? (Choose TWO.)
109During a BGP troubleshooting session, an administrator sees that the BGP neighbor state is 'Active'. Which three conditions could cause this state? (Choose THREE.)
110An administrator is configuring SD-WAN and wants to ensure that voice traffic uses the lowest latency link. Which two configurations are required to achieve this? (Choose TWO.)
111A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?
112An administrator runs 'diagnose sys session filter dport 443' and sees output indicating sessions with state 'proto=6 proto_state=01 duration=3600 expire=3598'. What does this output indicate about the session?
113An HA cluster of two FortiGates is experiencing split-brain. Which command should the administrator use to check the current HA status and identify which unit is the primary?
114An administrator is testing failover in an HA cluster. They unplug the primary FortiGate's port1 (the heartbeat interface) but the secondary does not take over. The heartbeat is configured on port1. What is the MOST likely cause?
115An SD-WAN rule is configured to steer traffic based on SLA metrics. The administrator notices that traffic is not using the expected member interface even though the SLA is meeting thresholds. What should the administrator check FIRST?
116A site-to-site IPsec VPN tunnel is failing. The administrator runs 'diagnose vpn ike config' and sees that phase 1 parameters are correct. However, phase 2 negotiation fails with 'no proposal chosen'. What is the MOST likely cause?
117A BGP peering between two FortiGates is not establishing. The administrator runs 'get router info bgp neighbor' and sees that the neighbor state is 'Idle' and the BGP configuration appears correct. What should the administrator check next?
118A FortiGate administrator wants to check if the device is experiencing high CPU usage due to a specific process. Which command should they use to display real-time process CPU usage?
119An administrator configures a session helper for FTP on FortiGate. After enabling the helper, FTP clients can establish control connections but data transfers fail. What is the most likely cause?
120An administrator is troubleshooting a split-brain situation in an HA cluster. They run 'get system ha status' and see that both FortiGates report themselves as primary. Which command should they run to force the secondary unit to take over as primary?
121A FortiGate is configured to send logs to FortiAnalyzer. The administrator notices that logs are not appearing on FortiAnalyzer. Running 'diagnose log device show' shows 'connected=no'. What is the most likely cause?
122An administrator wants to verify that a BGP route is being advertised to a neighbor. Which command displays the routes that FortiGate is advertising to a specific BGP neighbor?
123An administrator is troubleshooting an IPsec VPN tunnel that establishes phase 1 but fails phase 2. Which TWO commands are MOST useful to diagnose the phase 2 failure? (Choose two.)
124A FortiGate HA cluster is experiencing persistent split-brain even after both units are rebooted. Which THREE actions should the administrator take to resolve this issue? (Choose three.)
125An administrator is configuring SD-WAN and wants to ensure that traffic matching a specific SLA rule uses the best-performing member. Which TWO commands can be used to verify the SLA performance and route selection? (Choose two.)
126A network administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The remote gateway logs show a proposal mismatch. On FortiGate, the administrator runs 'diagnose vpn ike config' and sees 'proposal: aes128-sha1, aes256-sha256'. The remote side expects 'aes256-sha1'. What is the most likely cause?
127An administrator observes that after a failover in an HA cluster, some established sessions are dropped. The cluster is configured with session pickup enabled. What is the most likely reason for the dropped sessions?
128An administrator runs 'diagnose debug application sslvpn -1' and sees repeated 'SSL_ERROR_SSL: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate'. The SSL-VPN is configured to require client certificates. What is the cause?
129A FortiGate is configured with SD-WAN and multiple members. The administrator notices that traffic to a critical application is consistently routed over a low-quality link, even though a better link is available. The SD-WAN rule uses the 'Best Quality' strategy with a performance SLA. What is the most likely reason?
130An administrator runs 'diagnose sys top' and sees process 'httpsd' consuming 95% CPU. What is the best immediate action to alleviate the issue?
131Two FortiGates in an HA cluster are experiencing a split-brain scenario where both units become primary. The administrator checks the HA configuration and sees that the heartbeat interfaces are configured correctly but the link status is 'down' on both units. What could cause this?
132An administrator is troubleshooting BGP and runs 'get router info bgp neighbors 10.0.0.1' and sees 'BGP state = Active'. The neighbor IP is reachable via ping. What is the most likely cause?
133An administrator needs to monitor FortiGate session count and CPU usage over time using FortiAnalyzer. Which log type should be configured for this?
134An administrator configured a firewall policy to inspect SMTP traffic using an antivirus profile. However, email attachments are not being scanned. The FortiGate is operating in proxy-based inspection mode. What is the most likely cause?
135A FortiGate is receiving BGP routes from a neighbor but not advertising them to other peers. The administrator runs 'get router info bgp network' and sees the routes are in the BGP table but not advertised. What is the most likely cause?
136An administrator runs 'diagnose debug application fnbam -1' and sees messages like 'LB_SELECT: selected server 10.0.0.2:80' but the client connection fails. The FortiGate is configured with server load balancing. What could be the issue?
137An administrator wants to view the current number of active sessions on a FortiGate. Which CLI command should be used?
138An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. Phase 1 seems to complete, but Phase 2 fails with 'no proposal chosen'. The administrator checks the Phase 2 configuration and sees the following settings: 'Local address: 10.0.0.0/24, Remote address: 192.168.0.0/24, Proposal: aes256-sha1, Enable Perfect Forward Secrecy (PFS): Disabled'. Which TWO changes would most likely resolve the issue? (Choose two.)
139A FortiGate is experiencing high memory usage due to a large number of UDP sessions. The administrator wants to reduce memory consumption without dropping legitimate traffic. Which THREE actions could help? (Choose three.)
140An administrator is investigating a security incident using FortiAnalyzer logs. The admin needs to identify all connections from a specific internal IP (10.0.0.100) to external servers on TCP port 443 during the last hour. Which TWO log fields should be used to filter the logs? (Choose two.)
141A network administrator runs 'get system ha status' on a FortiGate HA cluster and sees that only one unit shows as primary. The secondary unit shows as 'standalone' with no HA peer detected. What is the MOST likely cause of this issue?
142An administrator is troubleshooting an SD-WAN scenario where traffic from a branch office to a critical SaaS application is experiencing high latency. The SD-WAN rule uses the best quality SLA strategy. The administrator runs 'diagnose sys sdwan neighbor' and sees that both WAN links have SLA compliance above 90%. However, traffic still uses the slower link. The administrator then runs 'diagnose sys sdwan health-check list' and notices that the health-check server IP is different from the SaaS application's server IP. What is the MOST likely reason the traffic is not using the best-performing link?
143A FortiGate administrator is troubleshooting a BGP session that fails to establish with a neighbor at 10.0.1.1. Running 'diagnose ip router bgp all' shows the neighbor state as 'Idle'. Which TWO commands should the administrator run NEXT to diagnose the issue?
144An administrator is troubleshooting a VPN tunnel between two FortiGates. The phase 1 fails to come up. The administrator runs 'diagnose vpn ike log' and sees the error 'no proposal chosen'. Which THREE configuration mismatches could cause this error?
145A network admin is investigating a high CPU usage issue on a FortiGate firewall. The admin runs 'diagnose sys top' and sees that the 'ipsengine' process is consuming 70% CPU. Which THREE actions should the admin take to reduce CPU load?
146An administrator is investigating a security incident using FortiAnalyzer logs. The admin wants to identify all traffic that matched a specific firewall policy. Which TWO log fields should the admin use to filter the logs?
147A FortiGate in an HA cluster is experiencing intermittent session synchronization failures. The administrator runs 'diagnose sys ha dump sync-status' and sees that sessions are not being synchronized properly. Which TWO potential causes should the administrator investigate?
148An administrator is troubleshooting a scenario where VoIP traffic is not being properly handled by the FortiGate. The SIP ALG is enabled. Which THREE commands should the administrator run to diagnose the SIP traffic flow?
149An administrator notices that after upgrading FortiOS, some traffic that was previously inspected by the antivirus profile is now bypassing scanning. The administrator suspects the session helper configuration may be interfering. Which TWO session helper protocols are known to potentially affect traffic inspection if improperly configured?
150An administrator is troubleshooting an IPsec VPN tunnel that establishes phase 1 but fails to establish phase 2. The phase 2 configuration shows 'set proposal aes128-sha256' on both sides. Which TWO configuration items should the administrator verify?
151A FortiGate administrator wants to monitor performance thresholds to be alerted when the firewall is under heavy load. Which THREE metrics can be monitored using the built-in performance monitoring features (e.g., 'diagnose sys top' or SNMP)?
The Troubleshooting and Diagnostics domain covers the key concepts tested in this area of the NSE7 exam blueprint published by Fortinet. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all NSE7 domains — no account required.
The Courseiva NSE7 question bank contains 151 questions in the Troubleshooting and Diagnostics domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Troubleshooting and Diagnostics domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included