Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsNSE7DomainsTroubleshooting and Diagnostics
NSE7Free — No Signup

Troubleshooting and Diagnostics

Practice NSE7 Troubleshooting and Diagnostics questions with full explanations on every answer.

151questions

Start practicing

Troubleshooting and Diagnostics — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

NSE7 Domains

Advanced Networking and SD-WANAdvanced VPN and Zero TrustEnterprise Firewall and VDOMsAdvanced Threat ProtectionTroubleshooting and Diagnostics

Practice Troubleshooting and Diagnostics questions

10Q20Q30Q50Q

All NSE7 Troubleshooting and Diagnostics questions (151)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A FortiGate administrator notices that traffic from a specific subnet is being dropped unexpectedly. The security policy allows the traffic, and there are no firewall policies blocking it. What is the most efficient first step to identify the cause of the drops?

2

An organization uses FortiGate with OSPF and BGP. Recently, routes from BGP are not being preferred over OSPF routes, causing suboptimal routing. The administrator wants to ensure BGP routes are preferred. Which two actions can achieve this? (Choose two.)

3

A FortiGate is experiencing high CPU usage. The administrator runs 'diagnose sys top' and sees that the process 'ipsengine' is using the most CPU. What is the most likely cause?

4

An administrator is troubleshooting a VPN tunnel that is not coming up. The remote peer is a third-party device. Which THREE actions should be taken to diagnose the issue?

5

A FortiGate administrator sees the following kernel log: 'kernel: [pid 1234] received packet with unknown or unsupported protocol 0x0800 on interface port1, drop'. What does this log indicate?

6

Based on the debug flow output, what is the reason the packet is dropped?

7

An administrator applies the above policy but users from 10.0.1.0/24 cannot access web servers at 10.0.2.0/24. However, they can ping the servers. What is the most likely cause?

8

A FortiGate is experiencing high latency on traffic passing through it. The administrator suspects that asymmetric routing is occurring. Which TWO symptoms are indicative of asymmetric routing?

9

A FortiGate cluster (A-P) has a session that is not synchronizing to the secondary unit. The administrator runs 'diagnose sys ha session-sync status' and sees that the session count is different between primary and secondary. Which is the most likely cause?

10

A customer reports intermittent connectivity issues between two internal subnets separated by a FortiGate firewall. The traffic is allowed by the policy, but users experience timeouts during peak hours. Which troubleshooting step should you take first?

11

An administrator is troubleshooting a scenario where IPSec VPN tunnels between two FortiGates are flapping. The logs show Phase 1 is up but Phase 2 fails with 'no proposal chosen'. The remote FortiGate has multiple Phase 2 selectors configured. What is the most likely cause?

12

A FortiGate is set up in a high availability (HA) cluster. The administrator notices that the primary unit is not synchronizing configuration changes to the secondary unit. The HA status shows 'synchronization failed'. What is the most likely cause?

13

Which TWO actions are appropriate when troubleshooting a slow network connection through a FortiGate?

14

Based on the exhibit, what can be concluded about the session?

15

A company runs a FortiGate 600E in NAT/Route mode. They have a site-to-site VPN to a partner using route-based VPN with BGP. Recently, they added a new subnet 192.168.50.0/24 behind the FortiGate. The BGP session is up, and the route is being advertised to the partner. However, traffic from the partner to the new subnet fails. The FortiGate's routing table shows the route to 192.168.50.0/24 is present via the VPN interface. Firewall policies allow the traffic. A packet capture on the FortiGate's internal interface shows the partner's traffic arriving but no SYN-ACK being sent back. The FortiGate's session table shows sessions in 'SYN_RECV' state for the new subnet. What is the most likely cause?

16

An administrator is troubleshooting a scenario where traffic from VLAN 100 to a server at 10.1.2.100 is being blocked. The FortiGate has an active security policy allowing the traffic and the routing table shows a correct route. Which TWO diagnostic commands should the administrator run to identify the cause of the blockage?

17

A FortiGate is blocking HTTP traffic from 10.0.1.5 to 10.0.2.100, despite an explicit allow policy. The exhibit shows the configuration and debug flow output. What is the most likely cause?

18

A FortiGate is deployed as the edge firewall for a medium-sized enterprise. The network has three internal zones: Trust (10.10.0.0/16), DMZ (172.16.0.0/24), and Guest (192.168.0.0/24). The FortiGate has an IPSec VPN to a branch office (10.20.0.0/16). Users in the Trust zone report intermittent connectivity to a web server in the DMZ (172.16.0.10, TCP port 443). The FortiGate logs show occasional 'session denied' messages for traffic from Trust to DMZ with reason 'denied by forward policy check'. The security policy has an explicit allow rule for Trust to DMZ HTTPS. The administrator has verified routing is correct and there are no address overlaps. When the issue occurs, the administrator runs 'diag debug flow' and sees that the packet matches the correct policy but still gets denied. The debug output also shows 'forward policy check: denied'. What is the most likely cause and recommended action?

19

Drag and drop the steps to perform a firmware upgrade on a FortiGate device into the correct order.

20

Match each high availability (HA) mode to its characteristic.

21

A network administrator runs 'diagnose sys top' and sees that the 'ipsengine' process is consistently using 99% CPU. What is the BEST immediate action to reduce CPU load?

22

When troubleshooting an IPsec VPN phase 1 failure, you run 'diagnose vpn ike config' and see that the remote gateway IP address is incorrect. Which command is used to correct the peer IP configuration?

23

In an HA cluster, after a failover, some established sessions are not being synchronized to the new primary unit. Which setting must be enabled to ensure session synchronization?

24

You are troubleshooting an SD-WAN rule where traffic is not matching the expected SLA. The FortiGate shows 'SLA mismatch' in logs. What is the MOST likely cause?

25

You receive an alert that FortiAnalyzer log disk usage is at 95%. Which action should you take to immediately free up space without losing important logs?

26

A FortiGate admin runs 'diagnose debug application authd -1' but sees no output for LDAP authentication attempts. What is the MOST likely reason?

27

You are troubleshooting a BGP neighbor flapping. The neighbor state shows 'Active'. Which command will help you see the reason for the state change?

28

You run 'diagnose sys session filter dport 443' and see sessions with a duration of 7200 seconds and expire time of 3600 seconds. What does this indicate?

29

An administrator wants to monitor CPU usage of specific processes on a FortiGate. Which command should be used?

30

When testing HA failover, you manually switch the primary unit to standby. The secondary unit becomes primary but does not take over the IP address of the virtual cluster. What is the MOST likely cause?

31

You are troubleshooting a VPN phase 2 negotiation failure. The logs show 'no proposal chosen'. What is the MOST likely cause?

32

An administrator wants to troubleshoot why specific traffic is not matching a configured firewall policy. Which debug command should be used?

33

A network administrator is troubleshooting a split-brain scenario in an HA cluster. Which TWO conditions can cause split-brain? (Choose two.)

34

You are troubleshooting BGP route advertisement issues. Which THREE debug commands would be useful to identify why a route is not being advertised to a neighbor? (Choose three.)

35

An administrator notices that some traffic through the FortiGate is not being inspected by the application control profile. Which TWO reasons could explain this? (Choose two.)

36

A network administrator runs the command 'diagnose debug application ssl -1' and sees the following output: 'ssl_generate_proxy_cert: cannot find CA certificate for issuer CN=www.example.com'. What is the MOST likely cause?

37

An administrator is troubleshooting an HA cluster (active-passive) where both units show 'primary' in 'get system ha status'. The cluster is not synchronizing configurations. What is the MOST likely cause?

38

An administrator wants to monitor real-time CPU usage per process on a FortiGate. Which command should be used?

39

A BGP session between FortiGate and a neighbor is in 'Active' state. The administrator has verified IP connectivity and that the neighbor IP is reachable. What is the MOST likely cause?

40

An SD-WAN rule has two members: port1 (SLA target latency < 10ms) and port2 (SLA target latency < 20ms). The administrator runs 'diagnose sys sdwan sla-check' and sees that both members meet SLA. However, all traffic is going through port2. What is the MOST likely reason?

41

A user reports that they cannot connect to a remote office via IPsec VPN. Phase 1 is up, but Phase 2 fails to establish. The administrator runs 'diagnose vpn ike log' and sees 'no matching phase2 proposal'. What should be checked?

42

A FortiGate administrator uses FortiAnalyzer for log analysis and wants to identify all sessions that were blocked by a specific firewall policy ID 10. Which log filter should be applied?

43

An administrator configures a session helper for FTP but notices that active FTP data connections are not being allowed through the firewall. The FTP control session establishes fine. What is the MOST likely cause?

44

A FortiGate administrator wants to see the current number of active sessions. Which command provides this information?

45

An HA cluster (active-passive) is configured. The administrator wants to perform a failover test without causing service disruption. Which command should be used?

46

An administrator configures BGP route advertisement but the routes are not being sent to the neighbor. The BGP session is established. What is the MOST likely cause?

47

A FortiGate administrator needs to identify which process is consuming the most memory. Which command should be used?

48

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish Phase 1. The debug output shows 'no acceptable proposal'. Which TWO configuration parameters should be checked to resolve this issue?

49

A FortiGate administrator is investigating a slow network issue. The 'diagnose sys session stat' shows a high number of sessions. Which THREE commands can help identify the source of the high session count?

50

An administrator needs to troubleshoot an HA synchronization issue. Which TWO commands provide information about the HA synchronization status?

51

A FortiGate admin runs 'diagnose debug application sslvpn -1' and sees repeated messages: 'SSL VPN tunnel establishment failed: no response from client.' The remote user reports that the FortiClient VPN connects but no traffic passes. What is the MOST likely cause?

52

You are troubleshooting a BGP session between FortiGate and an ISP router. The FortiGate shows BGP state 'Active' and the debug output shows 'No route to peer'. The ISP router's loopback IP is 203.0.113.1, and the next-hop interface is port1 (10.0.0.1/30). The FortiGate has a static route to 203.0.113.1 via port1. What is the MOST likely cause?

53

An administrator needs to monitor the FortiGate's CPU usage in real-time from the CLI. Which command should be used?

54

After upgrading FortiGate firmware, an admin notices that several sessions using SIP are failing. The SIP ALG was enabled before the upgrade. What is the MOST likely cause?

55

An HA cluster of two FortiGates is experiencing split-brain. After investigation, you find that the heartbeat link is down on the primary unit. Which action will resolve the split-brain condition?

56

An administrator wants to see the current sessions for a specific source IP address 192.168.1.10. Which CLI command should be used?

57

A FortiGate VPN tunnel shows 'phase1 negotiation failed' in the logs. The remote gateway is a third-party device. The debug command 'diagnose vpn ike config' shows mismatched proposals. Which setting is MOST likely incorrect on the FortiGate?

58

Which command displays the current session count on a FortiGate?

59

An SD-WAN rule uses a performance SLA to steer traffic to the best-quality link. Traffic is consistently using the backup link even though the primary link meets SLA thresholds. The admin runs 'diagnose sys sdwan sla-check' and sees the primary link SLA status is 'pass'. What is the MOST likely cause?

60

A FortiGate admin notices that sessions to a particular server are not being logged in FortiAnalyzer. The firewall policy has logging enabled. What is the MOST likely reason?

61

During a failover test in an HA cluster, the primary FortiGate fails over to the secondary. After failover, some existing TCP sessions are dropped. What is the MOST likely reason?

62

A BGP route from an ISP is not appearing in the FortiGate's routing table. The BGP session is established and 'show ip bgp' shows the route as valid but not best. Which command should the admin use to investigate why the route is not selected as best?

63

An admin is troubleshooting an IPsec VPN tunnel that is failing phase 2. The IKE debug shows 'no matching proposal'. Which TWO settings should the admin verify on both sides? (Choose two.)

64

An admin needs to verify that a new firewall policy is performing SSL inspection. Which THREE CLI commands or steps should the admin use to confirm? (Choose three.)

65

A FortiGate is experiencing high CPU usage due to a large number of sessions. Which TWO actions can the admin take to mitigate the issue? (Choose two.)

66

An administrator runs 'diagnose debug application ssl-helper -1' and sees that sessions to certain HTTPS sites are being terminated by the FortiGate. What is the MOST likely cause?

67

An administrator configures an HA cluster with two FortiGates using an FGCP active-passive configuration. After a failover, the new primary FortiGate shows all sessions are lost. The administrator has 'sync session' enabled in the HA configuration. What is the MOST likely reason sessions were not synchronized?

68

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The administrator runs 'diagnose vpn ike log' and sees the message 'no matching proposal found'. What is the MOST likely cause?

69

A FortiGate administrator wants to quickly identify which process is consuming the most CPU on the device. Which CLI command should be used?

70

An administrator notices that SD-WAN rule-based traffic is not failing over as expected when the primary link goes down. The SLA targets are configured correctly, and the interface health check is showing 'dead' for the primary link. What is the MOST likely reason for the failover not occurring?

71

A FortiGate is configured with multiple BGP peers. One of the peers is not receiving the expected routes. The administrator runs 'get router info bgp neighbors <IP>' and sees that the 'State/PfxRcd' field is 'Active'. What does this indicate?

72

An administrator is investigating a security incident and needs to view raw logs from a FortiAnalyzer for a specific time range. The administrator wants to ensure the logs are not aggregated or summarized. Which type of log view should be used?

73

An administrator wants to monitor the session count on a FortiGate in real time. Which CLI command provides this information?

74

A FortiGate administrator observes that traffic from an internal user to the internet is being blocked. The firewall policy allows the traffic, and the user can ping external hosts. The administrator runs 'diagnose debug flow' for the user's IP and sees 'session denied by forward policy check'. What is the MOST likely cause?

75

A FortiGate in an HA cluster shows the message 'split-brain detected' in the event log. The administrator checks the HA status and sees both units are in 'standalone' mode. What is the MOST likely cause of this split-brain scenario?

76

An administrator needs to check the health of an SD-WAN link by viewing the last SLA probe results. Which command should be used?

77

A FortiGate administrator is troubleshooting a VPN tunnel that connects to a remote site. The tunnel is up, but traffic is not passing. The administrator checks the Phase 2 settings and sees that the local and remote subnets are correctly defined. What is the next step to diagnose the issue?

78

An administrator is troubleshooting a BGP session that is not establishing between two FortiGates. The administrator has verified that the neighbor IP is reachable. Which TWO commands should be used to further diagnose the issue? (Choose two.)

79

A FortiGate administrator is investigating a slow network performance issue. The administrator suspects that session table limits are being reached. Which TWO metrics should be monitored to confirm this? (Choose two.)

80

An administrator is configuring a FortiGate to inspect SMTP traffic for spam and viruses. The traffic must be decrypted to inspect the content. Which THREE elements are required for this configuration? (Choose three.)

81

A FortiGate administrator notices that after upgrading the firmware, some BGP sessions to a service provider are flapping. The administrator runs 'diagnose ip router bgp all' and sees that the BGP neighbor state is Active. What is the MOST likely cause of this issue?

82

A network admin runs 'diagnose sys top' on a FortiGate and sees that the process 'httpsd' is consistently using 95% CPU. Which of the following actions is MOST appropriate to troubleshoot this issue?

83

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The Phase 1 status shows 'init' and the debug output indicates 'no suitable proposal found'. The remote peer is a third-party VPN device. Which of the following is the MOST likely cause?

84

A FortiGate administrator wants to verify whether a specific session is being offloaded to the NP6 processor. Which CLI command should the administrator use?

85

During a failover test in an active-passive HA cluster, the administrator notices that the secondary unit does not take over the primary role after a link failure on the primary. The 'get system ha status' shows both units in 'standalone' mode. What is the MOST likely cause?

86

An administrator configures SD-WAN with multiple members. The SD-WAN rule uses the 'latency' strategy. The administrator notices that traffic is not switching to the best-performing member even when latency exceeds the threshold. What could be the issue?

87

A FortiGate administrator is troubleshooting a VPN tunnel that is up but no traffic passes through. The Phase 2 selectors match. The administrator runs 'diagnose vpn tunnel list' and sees that the tunnel has '0 bytes' in both directions. What is the MOST likely cause?

88

Which FortiGate command is used to view the current CPU usage of individual processes in real time?

89

An administrator runs 'diagnose debug application ipsmonitor -1' and sees repeated messages: 'IPS engine restarting'. What is the MOST likely cause of this behavior?

90

Two FortiGate units in an HA cluster are experiencing synchronization issues. The administrator runs 'diagnose sys ha checksum cluster' and sees different checksum values for the 'system' and 'router' objects. What is the FIRST step to resolve the mismatch?

91

Which of the following is a valid command to check the status of all BGP neighbors on a FortiGate?

92

An administrator observes that traffic from a specific subnet is being dropped by the FortiGate. The session table shows the sessions with 'proto_state=01' and 'expire=0'. What does this indicate?

93

An administrator is troubleshooting an IPsec VPN Phase 2 negotiation failure. The debug shows 'no matching phase 2 proposal' from the remote peer. Which TWO of the following are likely causes? (Choose two.)

94

A FortiGate administrator is investigating a security incident and needs to identify which user initiated a specific outbound connection to a malicious IP address. The company uses FSSO for authentication. Which THREE pieces of information from FortiAnalyzer logs would be MOST useful? (Choose three.)

95

An administrator notices that an application-based SD-WAN rule is not steering traffic as expected. The SLA targets are configured correctly. Which TWO debug commands should the administrator use to diagnose the issue? (Choose two.)

96

An administrator is troubleshooting an HA cluster where both units show as primary after a link failure. What is the most likely cause of this split-brain scenario?

97

A FortiGate administrator runs 'diagnose debug application sslvpn -1' and sees repeated messages: 'SSL VPN tunnel error: no response from client'. What is the most likely cause?

98

You execute 'diagnose sys session filter dport 443' and see output: 'proto=6 proto_state=01 duration=3600 expire=3599'. What does 'proto_state=01' indicate about this session?

99

An administrator is configuring SD-WAN with multiple members. When a rule matches, traffic is not being load-balanced as expected. Which command should the admin use to verify the SD-WAN rule selection for a specific flow?

100

A BGP peering between two FortiGates is not establishing. The admin runs 'get router info bgp summary' and sees the neighbor state as 'Idle'. What is the most common cause of a BGP session stuck in Idle?

101

When troubleshooting an IPsec VPN phase 1 negotiation failure, which debug command should the administrator run to see detailed IKE negotiation messages?

102

An administrator is investigating a security incident and needs to determine which firewall policy allowed a specific malicious traffic flow. The traffic is no longer active. Which FortiAnalyzer log type should the admin query?

103

An administrator notices high CPU usage on a FortiGate. To identify which process is consuming the most CPU, which command should be used?

104

An administrator needs to verify if a FortiGate is receiving BGP routes from a peer. Which command should the admin run to see the BGP routing table?

105

When troubleshooting a FortiGate that is not synchronizing configuration to its HA peer, which command should be used to check the HA synchronization status?

106

An administrator configures an ALG for SIP traffic but notices that some SIP calls are failing. The admin suspects the ALG is modifying SIP headers incorrectly. Which debug command can help verify the ALG's actions on SIP packets?

107

An administrator wants to see the current number of active sessions on a FortiGate. Which command should the admin use?

108

An administrator is troubleshooting an IPsec VPN where phase 1 is up but phase 2 fails. Which two debug commands would be MOST helpful in diagnosing the phase 2 issue? (Choose TWO.)

109

During a BGP troubleshooting session, an administrator sees that the BGP neighbor state is 'Active'. Which three conditions could cause this state? (Choose THREE.)

110

An administrator is configuring SD-WAN and wants to ensure that voice traffic uses the lowest latency link. Which two configurations are required to achieve this? (Choose TWO.)

111

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

112

An administrator runs 'diagnose sys session filter dport 443' and sees output indicating sessions with state 'proto=6 proto_state=01 duration=3600 expire=3598'. What does this output indicate about the session?

113

An HA cluster of two FortiGates is experiencing split-brain. Which command should the administrator use to check the current HA status and identify which unit is the primary?

114

An administrator is testing failover in an HA cluster. They unplug the primary FortiGate's port1 (the heartbeat interface) but the secondary does not take over. The heartbeat is configured on port1. What is the MOST likely cause?

115

An SD-WAN rule is configured to steer traffic based on SLA metrics. The administrator notices that traffic is not using the expected member interface even though the SLA is meeting thresholds. What should the administrator check FIRST?

116

A site-to-site IPsec VPN tunnel is failing. The administrator runs 'diagnose vpn ike config' and sees that phase 1 parameters are correct. However, phase 2 negotiation fails with 'no proposal chosen'. What is the MOST likely cause?

117

A BGP peering between two FortiGates is not establishing. The administrator runs 'get router info bgp neighbor' and sees that the neighbor state is 'Idle' and the BGP configuration appears correct. What should the administrator check next?

118

A FortiGate administrator wants to check if the device is experiencing high CPU usage due to a specific process. Which command should they use to display real-time process CPU usage?

119

An administrator configures a session helper for FTP on FortiGate. After enabling the helper, FTP clients can establish control connections but data transfers fail. What is the most likely cause?

120

An administrator is troubleshooting a split-brain situation in an HA cluster. They run 'get system ha status' and see that both FortiGates report themselves as primary. Which command should they run to force the secondary unit to take over as primary?

121

A FortiGate is configured to send logs to FortiAnalyzer. The administrator notices that logs are not appearing on FortiAnalyzer. Running 'diagnose log device show' shows 'connected=no'. What is the most likely cause?

122

An administrator wants to verify that a BGP route is being advertised to a neighbor. Which command displays the routes that FortiGate is advertising to a specific BGP neighbor?

123

An administrator is troubleshooting an IPsec VPN tunnel that establishes phase 1 but fails phase 2. Which TWO commands are MOST useful to diagnose the phase 2 failure? (Choose two.)

124

A FortiGate HA cluster is experiencing persistent split-brain even after both units are rebooted. Which THREE actions should the administrator take to resolve this issue? (Choose three.)

125

An administrator is configuring SD-WAN and wants to ensure that traffic matching a specific SLA rule uses the best-performing member. Which TWO commands can be used to verify the SLA performance and route selection? (Choose two.)

126

A network administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The remote gateway logs show a proposal mismatch. On FortiGate, the administrator runs 'diagnose vpn ike config' and sees 'proposal: aes128-sha1, aes256-sha256'. The remote side expects 'aes256-sha1'. What is the most likely cause?

127

An administrator observes that after a failover in an HA cluster, some established sessions are dropped. The cluster is configured with session pickup enabled. What is the most likely reason for the dropped sessions?

128

An administrator runs 'diagnose debug application sslvpn -1' and sees repeated 'SSL_ERROR_SSL: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate'. The SSL-VPN is configured to require client certificates. What is the cause?

129

A FortiGate is configured with SD-WAN and multiple members. The administrator notices that traffic to a critical application is consistently routed over a low-quality link, even though a better link is available. The SD-WAN rule uses the 'Best Quality' strategy with a performance SLA. What is the most likely reason?

130

An administrator runs 'diagnose sys top' and sees process 'httpsd' consuming 95% CPU. What is the best immediate action to alleviate the issue?

131

Two FortiGates in an HA cluster are experiencing a split-brain scenario where both units become primary. The administrator checks the HA configuration and sees that the heartbeat interfaces are configured correctly but the link status is 'down' on both units. What could cause this?

132

An administrator is troubleshooting BGP and runs 'get router info bgp neighbors 10.0.0.1' and sees 'BGP state = Active'. The neighbor IP is reachable via ping. What is the most likely cause?

133

An administrator needs to monitor FortiGate session count and CPU usage over time using FortiAnalyzer. Which log type should be configured for this?

134

An administrator configured a firewall policy to inspect SMTP traffic using an antivirus profile. However, email attachments are not being scanned. The FortiGate is operating in proxy-based inspection mode. What is the most likely cause?

135

A FortiGate is receiving BGP routes from a neighbor but not advertising them to other peers. The administrator runs 'get router info bgp network' and sees the routes are in the BGP table but not advertised. What is the most likely cause?

136

An administrator runs 'diagnose debug application fnbam -1' and sees messages like 'LB_SELECT: selected server 10.0.0.2:80' but the client connection fails. The FortiGate is configured with server load balancing. What could be the issue?

137

An administrator wants to view the current number of active sessions on a FortiGate. Which CLI command should be used?

138

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. Phase 1 seems to complete, but Phase 2 fails with 'no proposal chosen'. The administrator checks the Phase 2 configuration and sees the following settings: 'Local address: 10.0.0.0/24, Remote address: 192.168.0.0/24, Proposal: aes256-sha1, Enable Perfect Forward Secrecy (PFS): Disabled'. Which TWO changes would most likely resolve the issue? (Choose two.)

139

A FortiGate is experiencing high memory usage due to a large number of UDP sessions. The administrator wants to reduce memory consumption without dropping legitimate traffic. Which THREE actions could help? (Choose three.)

140

An administrator is investigating a security incident using FortiAnalyzer logs. The admin needs to identify all connections from a specific internal IP (10.0.0.100) to external servers on TCP port 443 during the last hour. Which TWO log fields should be used to filter the logs? (Choose two.)

141

A network administrator runs 'get system ha status' on a FortiGate HA cluster and sees that only one unit shows as primary. The secondary unit shows as 'standalone' with no HA peer detected. What is the MOST likely cause of this issue?

142

An administrator is troubleshooting an SD-WAN scenario where traffic from a branch office to a critical SaaS application is experiencing high latency. The SD-WAN rule uses the best quality SLA strategy. The administrator runs 'diagnose sys sdwan neighbor' and sees that both WAN links have SLA compliance above 90%. However, traffic still uses the slower link. The administrator then runs 'diagnose sys sdwan health-check list' and notices that the health-check server IP is different from the SaaS application's server IP. What is the MOST likely reason the traffic is not using the best-performing link?

143

A FortiGate administrator is troubleshooting a BGP session that fails to establish with a neighbor at 10.0.1.1. Running 'diagnose ip router bgp all' shows the neighbor state as 'Idle'. Which TWO commands should the administrator run NEXT to diagnose the issue?

144

An administrator is troubleshooting a VPN tunnel between two FortiGates. The phase 1 fails to come up. The administrator runs 'diagnose vpn ike log' and sees the error 'no proposal chosen'. Which THREE configuration mismatches could cause this error?

145

A network admin is investigating a high CPU usage issue on a FortiGate firewall. The admin runs 'diagnose sys top' and sees that the 'ipsengine' process is consuming 70% CPU. Which THREE actions should the admin take to reduce CPU load?

146

An administrator is investigating a security incident using FortiAnalyzer logs. The admin wants to identify all traffic that matched a specific firewall policy. Which TWO log fields should the admin use to filter the logs?

147

A FortiGate in an HA cluster is experiencing intermittent session synchronization failures. The administrator runs 'diagnose sys ha dump sync-status' and sees that sessions are not being synchronized properly. Which TWO potential causes should the administrator investigate?

148

An administrator is troubleshooting a scenario where VoIP traffic is not being properly handled by the FortiGate. The SIP ALG is enabled. Which THREE commands should the administrator run to diagnose the SIP traffic flow?

149

An administrator notices that after upgrading FortiOS, some traffic that was previously inspected by the antivirus profile is now bypassing scanning. The administrator suspects the session helper configuration may be interfering. Which TWO session helper protocols are known to potentially affect traffic inspection if improperly configured?

150

An administrator is troubleshooting an IPsec VPN tunnel that establishes phase 1 but fails to establish phase 2. The phase 2 configuration shows 'set proposal aes128-sha256' on both sides. Which TWO configuration items should the administrator verify?

151

A FortiGate administrator wants to monitor performance thresholds to be alerted when the firewall is under heavy load. Which THREE metrics can be monitored using the built-in performance monitoring features (e.g., 'diagnose sys top' or SNMP)?

Practice all 151 Troubleshooting and Diagnostics questions

Other NSE7 exam domains

Advanced Networking and SD-WANAdvanced VPN and Zero TrustEnterprise Firewall and VDOMsAdvanced Threat Protection

Frequently asked questions

What does the Troubleshooting and Diagnostics domain cover on the NSE7 exam?

The Troubleshooting and Diagnostics domain covers the key concepts tested in this area of the NSE7 exam blueprint published by Fortinet. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all NSE7 domains — no account required.

How many Troubleshooting and Diagnostics questions are in the NSE7 question bank?

The Courseiva NSE7 question bank contains 151 questions in the Troubleshooting and Diagnostics domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Troubleshooting and Diagnostics for NSE7?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Troubleshooting and Diagnostics questions for NSE7?

Yes — the session launcher on this page draws questions exclusively from the Troubleshooting and Diagnostics domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your NSE7 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide