Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Enterprise Firewall and VDOMs practice sets

NSE7 Enterprise Firewall and VDOMs • Complete Question Bank

NSE7 Enterprise Firewall and VDOMs — All Questions With Answers

Complete NSE7 Enterprise Firewall and VDOMs question bank — all 0 questions with answers and detailed explanations.

264
Questions
Free
No signup
Certifications/NSE7/Practice Test/Enterprise Firewall and VDOMs/All Questions
Question 1mediummulti select
Read the full NAT/PAT explanation →

A network engineer wants to deploy a FortiGate in transparent mode and have it managed by FortiManager. The FortiGate should not participate in routing, but must be able to send logs to FortiAnalyzer. Which two settings must be configured on the FortiGate to achieve this?

Question 2hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An organization is deploying multiple FortiGate devices across different geographic locations. The central IT team manages all devices from a single FortiManager. The remote FortiGates connect to FortiManager over a WAN link. Which feature should be enabled on FortiManager to ensure that configuration changes are applied consistently and without interruption to the remote FortiGates?

Question 3easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A company is implementing a Security Fabric with multiple FortiGate devices. They want to use FortiAnalyzer for centralized logging and FortiManager for centralized management. Which of the following is a prerequisite for adding a FortiGate to the Security Fabric?

Question 4mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network administrator is troubleshooting a FortiGate that is not appearing in the Security Fabric topology on FortiManager. The FortiGate is reachable from FortiManager via ping. What is the most likely cause?

Question 5hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An organization uses FortiManager to manage multiple FortiGate devices in a Security Fabric. The administrator wants to push a new firewall policy that includes an FQDN address object. Which statement is true regarding FQDN objects in FortiManager policies?

Question 6mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

Which TWO statements about the Security Fabric and FortiManager are correct? (Choose two.)

Question 7hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

Which THREE actions can an administrator perform using FortiManager in a Security Fabric environment? (Choose three.)

Question 8mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Refer to the exhibit. A FortiGate is configured with the above settings. The FortiManager at 192.168.1.100 cannot establish a management connection to the FortiGate. What is the most likely cause?

Exhibit

config system interface
edit "port1"
set vdom "root"
set ip 10.0.1.1 255.255.255.0
set allowaccess ping https ssh snmp
set type physical
set role wan
next
end
config system admin
edit "admin"
set trusthost1 192.168.1.0 255.255.255.0
next
end
Question 9hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Refer to the exhibit. A FortiGate is connected to the Security Fabric and registered with FortiManager. However, the administrator notices that the FortiGate is not receiving policy updates from FortiManager. What is the most likely cause?

Exhibit

FGT # get system fabric-status
Fabric Role: Member
Fabric Status: Connected
Fabric Group: MyGroup
Fabric Root: FGT-Root (serial: FG100D3TF16800001)
Last contact: 2024-01-15 10:30:00
FGT # diagnose test application fgfms 3
FGFMs status:
  Registered with FortiManager: Yes
  FortiManager IP: 192.168.1.100
  FortiManager status: Connected
  Last heartbeat: 2024-01-15 10:29:55
Question 10mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network engineer is troubleshooting a Security Fabric where a downstream FortiGate (model 60F) is not appearing in the Fabric topology of the root FortiGate (model 600E). Both devices are running FortiOS 7.4. The root FortiGate shows the downstream device as 'Unreachable' in the Security Fabric widget. The engineer has verified that the downstream FortiGate can ping the root FortiGate's management IP. What is the most likely cause of this issue?

Question 11hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A company is deploying a Security Fabric with multiple FortiGate devices managed by FortiManager. The administrator wants to apply a policy package to multiple FortiGate devices in the Fabric. However, after assigning the policy package to the devices in FortiManager and installing the configuration, the policies are not applied consistently across all devices. The administrator notices that some devices have local policies that override the policy package. What is the best practice to ensure that the policy package is enforced on all devices?

Question 12easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to monitor traffic flows across multiple FortiGate devices in a Security Fabric. The administrator wants to see a unified view of all traffic, including inter-device traffic, from a single pane. Which Fortinet tool provides this capability?

Question 13mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

Which TWO statements about Security Fabric deployment are correct? (Choose two.)

Question 14mediummultiple choice
Review the full subnetting walkthrough →

A company has deployed a Security Fabric with a root FortiGate 600E and two downstream FortiGate 200E devices. The network also includes a FortiAnalyzer and a FortiManager. The administrator notices that the Security Fabric topology in FortiGate is not showing the downstream devices. The root FortiGate can ping the management IPs of the downstream devices. Additionally, the administrator has configured the downstream devices with the correct root IP and authorization mode is set to 'none'. However, when running 'diagnose sys fabric list' on the root, it shows the downstream devices with status 'Pending'. The root FortiGate's firewall policy allows all traffic from the downstream subnets. What is the most likely cause of the issue?

Question 15mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network engineer is configuring an HA pair of FortiGate firewalls. They want to ensure that session failover occurs for UDP-based voice traffic with minimal interruption. Which HA configuration setting is most important for achieving this goal?

Question 16hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An organization has two FortiGate firewalls in an HA active-passive cluster. They notice that after a failover event, some users cannot access external resources. The administrator checks the HA configuration and finds that failover occurred correctly. What is the most likely cause of the connectivity issue?

Question 17easymultiple choice
Review the full routing breakdown →

A FortiGate administrator is designing a VDOM configuration for a multi-tenant environment. Each tenant requires its own routing table and firewall policies. Which VDOM type should be used for each tenant?

Question 18mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

During a failover test in an HA cluster, the administrator observes that the secondary unit becomes primary but does not have the latest configuration. What is the most likely cause?

Question 19hardmultiple choice
Read the full NAT/PAT explanation →

An administrator has configured two VDOMs on a FortiGate. One VDOM is in NAT mode and the other in transparent mode. The administrator wants traffic from the transparent mode VDOM to be routed through the NAT mode VDOM. What must be configured to allow inter-VDOM routing?

Question 20mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An HA cluster is configured with two FortiGates in active-passive mode. The administrator wants to ensure that the secondary unit automatically takes over if the primary unit fails. Which TWO settings must be configured?

Question 21hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate with multiple VDOMs is experiencing high CPU usage. The administrator suspects that one VDOM is consuming excessive resources. Which THREE methods can be used to limit resource usage per VDOM?

Question 22easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is reviewing the HA configuration shown in the exhibit. The primary unit has failed, and the secondary unit (with priority 100) has taken over. However, the administrator notices that the secondary unit has an IP address of 10.10.10.2 on port3, but cannot ping the management gateway 10.10.10.1. What is the most likely cause?

Exhibit

Refer to the exhibit.

config system ha
    set group-name "HA_Cluster"
    set mode a-p
    set hbdev "port1" 50 "port2" 50
    set session-pickup enable
    set session-pickup-connectionless enable
    set ha-mgmt-status enable
    set ha-mgmt-interface "port3"
    set ha-mgmt-interface-gateway 10.10.10.1
    set override enable
    set priority 200
end
Question 23mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures two VDOMs as shown in the exhibit. They create an inter-VDOM link between VDOM1 and VDOM2. They then add a firewall policy in VDOM1 allowing traffic from port1 to the inter-VDOM link, and a policy in VDOM2 allowing traffic from the inter-VDOM link to port2. However, traffic from 192.168.1.10 to 10.10.10.50 fails. What is the most likely cause?

Exhibit

Refer to the exhibit.

config vdom
    edit "VDOM1"
    config system interface
        edit "port1"
            set vdom "VDOM1"
            set ip 192.168.1.1 255.255.255.0
            set allowaccess ping https
        next
    end
    config router static
        edit 1
            set device "port1"
            set gateway 192.168.1.254
        next
    end
end

config vdom
    edit "VDOM2"
    config system interface
        edit "port2"
            set vdom "VDOM2"
            set ip 10.10.10.1 255.255.255.0
            set allowaccess ping
        next
    end
    config router static
        edit 1
            set device "port2"
            set gateway 10.10.10.254
        next
    end
end
Question 24mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures two FortiGate units in an active-passive HA cluster. During a failover test, the administrator notices that the secondary unit becomes primary but the session table is empty, causing all existing connections to drop. Which configuration change should be made to preserve session information during failover?

Question 25hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network engineer is designing a FortiGate HA cluster with two units operating in active-active mode. The cluster will be placed in a VDOM-enabled environment. The engineer wants to ensure that traffic from a specific VDOM is load-balanced across both units based on source IP address. Which setting must be configured on the cluster to achieve this?

Question 26easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is configuring a FortiGate HA cluster and wants to ensure that the cluster can tolerate a failure of one unit without administrative intervention. The cluster must also support upgrading firmware with minimal downtime. Which HA mode should the administrator select?

Question 27hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate HA cluster is configured with two units in active-passive mode. The administrator needs to perform a firmware upgrade on the cluster with minimal downtime. The current firmware version is 7.2.5 and the target is 7.2.7. The cluster uses FGCP with session synchronization enabled. Which procedure should the administrator follow?

Question 28mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator has configured a FortiGate HA cluster with two units. The cluster uses a virtual cluster for load balancing in active-active mode. The administrator notices that traffic from one VDOM is not being load-balanced and is only handled by one unit. What is the most likely cause?

Question 29mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is troubleshooting an HA cluster issue. The cluster consists of two FortiGate units in active-passive mode. The passive unit is showing a 'heartbeat lost' error in the logs. Which TWO configuration checks should the administrator perform to resolve this issue?

Question 30hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate HA cluster is configured in active-passive mode with VDOMs. The administrator wants to ensure that a specific VDOM (VDOM1) always runs on the primary unit unless that unit fails. Additionally, the administrator wants to minimize disruption during a failover. Which THREE configuration steps should be taken?

Question 31easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Refer to the exhibit. An administrator has configured an active-passive HA cluster. After reviewing the configuration and status, the administrator wants to ensure that the management interface (port2) is accessible on both units using the same IP address. What additional configuration is required?

Exhibit

config system ha
    set mode a-p
    set group-name "HA_Cluster"
    set password ENC abcd1234
    set hbdev "port1" 100
    set session-pickup enable
    set session-pickup-connectionless enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port2"
            set gateway 10.0.0.1
        next
    end
end

HA cluster status:

HA Health Status: OK
Model: FortiGate-100F
Mode: Active-Passive
Group: HA_Cluster
Debug: 0
npu-1: primary
npu-2: standby
Question 32mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A company has two FortiGate firewalls in an HA active-passive cluster. They want to separate network traffic for different departments using VDOMs. After configuring VDOMs on both units, the HA status shows 'synchronized' but traffic for one VDOM is not passing through the active unit. What is the most likely cause?

Question 33hardmultiple choice
Review the full routing breakdown →

A large enterprise operates two FortiGate 600E firewalls in an HA active-passive cluster. They have enabled VDOMs to isolate traffic for different business units: Finance, HR, and Engineering. Each VDOM has its own internet connection through separate ISPs. The cluster has been running smoothly for months. Recently, the IT team noticed that users in the Finance VDOM experience intermittent connectivity drops to their cloud-based ERP system. The drops last 30-60 seconds and occur several times a day. During these drops, ping to the ERP IP address fails. The HA cluster status shows 'synchronized' and no failover events are logged. The Finance VDOM uses a static default route pointing to the primary ISP gateway. The other VDOMs are unaffected. What is the most likely cause of the issue?

Question 34easymultiple choice
Review the full routing breakdown →

A network engineer is configuring a FortiGate HA cluster with two FortiGate 100F units in active-passive mode. The engineer wants to use VDOMs to separate guest and corporate traffic. After initial setup, the engineer configures two VDOMs: 'guest' and 'corp'. Both VDOMs have interfaces assigned. The HA status shows 'synchronized'. However, the engineer notices that traffic from the corporate network is not being forwarded correctly. Pings from the corporate LAN to the internet fail. The guest network works fine. The engineer checks the routing table on the active unit and sees that the default route is present in the 'corp' VDOM. What is the most likely cause of the issue?

Question 35mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is configuring a FortiGate HA cluster in active-passive mode. The company has two ISPs, and the primary FortiGate is connected to ISP1 and ISP2. The secondary FortiGate is connected only to ISP2. The administrator wants to ensure that failover occurs only if both ISP1 and ISP2 connections are lost on the primary device. Which configuration approach should be used?

Question 36hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate HA cluster is configured with VDOMs. Each VDOM is assigned to different physical interfaces. The cluster is in active-passive mode. Which TWO statements about VDOM synchronization in HA are correct?

Question 37hardmultiple choice
Read the full wireless explanation →

A company has deployed two FortiGate-600Es in an active-passive HA cluster. The cluster is configured with three VDOMs: VDOM-A (corporate LAN), VDOM-B (guest Wi-Fi), and VDOM-C (DMZ). Each VDOM has its own set of interfaces and policies. The cluster is also configured to use FGCP with session pickup enabled. Recently, the network team noticed that after a failover event, some user sessions in VDOM-B are not being picked up, causing disruption for guest users. The session pickup feature is enabled globally. The administrator checks the configuration and finds the following settings on the primary FortiGate:

- config system ha set session-pickup enable set session-pickup-connectionless enable end

- config vdom edit VDOM-A config system ha set session-pickup enable end next edit VDOM-B config system ha set session-pickup disable end next edit VDOM-C config system ha set session-pickup enable end next

Based on this configuration, what is the most likely reason that sessions in VDOM-B are not being picked up?

Question 38mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to configure a site-to-site IPsec VPN on a FortiGate firewall into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 39mediumdrag order
Read the full Enterprise Firewall and VDOMs explanation →

Drag and drop the steps to configure an HA cluster on FortiGate into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 40mediumdrag order
Read the full Enterprise Firewall and VDOMs explanation →

Drag and drop the steps to configure a FortiGate to send logs to a FortiAnalyzer into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 41mediumdrag order
Read the full DNS explanation →

Drag and drop the steps to configure a FortiGate as a DNS server (DNS proxy) into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 42mediummatching
Read the full Enterprise Firewall and VDOMs explanation →

Match each Fortinet security feature to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Detects and prevents network attacks

Identifies and controls application traffic

Blocks access to malicious or unwanted websites

Scans and removes malware from traffic

Prevents sensitive data from leaving the network

Question 43mediummatching
Read the full Enterprise Firewall and VDOMs explanation →

Match each Fortinet component to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Next-generation firewall

Centralized management platform

Logging and reporting server

Advanced threat detection and analysis

Web application firewall

Question 44mediummatching
Review the full routing breakdown →

Match each FortiGate routing concept to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manually configured route

Link-state dynamic routing protocol

Path-vector dynamic routing protocol

Routes traffic based on policy criteria

Load balancing across multiple paths

Question 45mediummatching
Read the full Enterprise Firewall and VDOMs explanation →

Match each FortiGate authentication method to its protocol.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lightweight Directory Access Protocol

Remote Authentication Dial-In User Service

Terminal Access Controller Access-Control System Plus

Fortinet Single Sign-On

Public Key Infrastructure

Question 46mediummultiple choice
Review the full subnetting walkthrough →

An administrator configures a VDOM on a FortiGate and assigns two interfaces (port1, port2) to it. The administrator wants to route traffic between two different subnets within the same VDOM. Which configuration is required?

Question 47hardmultiple choice
Open the full VLAN trunking answer →

A FortiGate in transparent mode with multiple VDOMs is deployed at a customer site. The customer reports that traffic between two VLANs on the same physical segment is not being forwarded. The administrator verifies that the firewall policies are configured correctly. What is the most likely cause?

Question 48easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network administrator wants to delegate management of a specific VDOM to a junior administrator. The junior should be able to modify firewall policies and objects within that VDOM but not change system settings or other VDOMs. Which administrative access configuration meets this requirement?

Question 49hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs the command 'diagnose sys session filter dport 443' on a FortiGate and sees the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 50mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate is configured with multiple VDOMs. The administrator needs to allow traffic from a VDOM named 'CustomerA' to reach a server in VDOM 'SharedServices'. Both VDOMs are on the same FortiGate. Which configuration is necessary?

Question 51easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to ensure that all traffic from VDOM 'Guest' is logged to a FortiAnalyzer that is managed by FortiManager. What must be configured in FortiManager to achieve this?

Question 52mediummultiple choice
Review the full subnetting walkthrough →

A FortiGate administrator notices that traffic from a specific subnet is not being inspected by the Intrusion Prevention System (IPS) profile applied to the firewall policy. The policy is configured with the correct profile, and the IPS engine is enabled. What is the most likely cause?

Question 53mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is deploying a FortiGate in transparent mode to seamlessly integrate into an existing network. The administrator needs to manage the FortiGate remotely over the network. Which configuration is required?

Question 54easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to back up the configuration of a FortiGate managed by FortiManager before making major changes. Which feature in FortiManager should the administrator use?

Question 55mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In FortiManager, an administrator wants to apply a set of firewall policies to multiple FortiGates in different ADOMs. The policies must be centrally managed. What is the best approach?

Question 56hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures an automation stitch in FortiManager to execute a CLI script on a FortiGate when a specific event is triggered. The automation stitch is enabled but does not run when the event occurs. What is the most likely cause?

Question 57mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A security administrator wants to generate a weekly report in FortiAnalyzer that shows the top threats detected by the FortiGate. Which feature should the administrator use to create this report?

Question 58mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is configuring a new VDOM on a FortiGate and needs to ensure that certain system resources are isolated for that VDOM. Which TWO settings must be configured to achieve resource isolation?

Question 59hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is troubleshooting an issue where certain traffic is not being logged despite having a firewall policy with logging enabled. The administrator checks the policy and confirms logging is set to 'All Sessions'. Which THREE reasons could explain why the traffic is not being logged?

Question 60easymulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is planning to deploy VDOMs to separate customer traffic. The administrator wants to use FortiManager for centralized management. Which TWO prerequisites must be met before the VDOMs can be managed from FortiManager?

Question 61easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network administrator needs to create a separate firewall policy for the guest network while keeping management traffic in the main VDOM. Which VDOM type should be configured for the guest network?

Question 62mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs 'diagnose debug vd case <vdom_name>' and receives the error 'VDOM not found'. The VDOM exists and is configured. What is the most likely cause?

Question 63hardmultiple choice
Review the full routing breakdown →

In a multi-VDOM deployment, inter-VDOM routing is configured using VDOM links. After configuring the VDOM links and adding static routes, traffic between VDOMs is not working. The administrator verifies that the VDOM link interfaces are up and have correct IP addresses. What is the most likely missing configuration?

Question 64mediummultiple choice
Open the full VLAN trunking answer →

A FortiGate is operating in transparent mode and is deployed in an enterprise network. The administrator needs to apply a security policy to control traffic between two VLANs. What is a key consideration when configuring policies in transparent mode?

Question 65mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiManager administrator is configuring ADOMs to manage multiple FortiGates. The administrator wants to ensure that changes to the central management policy package are automatically pushed to managed devices. Which setting should be enabled?

Question 66hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator notices that the traffic log shows sessions being dropped due to 'policy deny' even though a permit policy exists. The administrator checks the policy list and sees the policy is in the correct order. What could be a reason for this?

Question 67easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of a management VDOM on a FortiGate?

Question 68mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configured a new policy package in FortiManager and assigned it to a FortiGate. After installing the policy package, the FortiGate shows the new policies, but traffic is not matching them. What could be the reason?

Question 69easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In FortiManager, what is the difference between a Global ADOM and a regular ADOM?

Question 70mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator wants to use FortiAnalyzer to generate a report on top talkers in the network. Which FortiView feature should be used?

Question 71hardmultiple choice
Review the full routing breakdown →

During a security audit, it is found that traffic between two VDOMs is allowed even though no inter-VDOM routing policy is configured. The VDOMs are connected via a VDOM link. What could explain this behavior?

Question 72mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures an automation stitch on FortiManager to trigger a script when a specific log message is received. After saving, the stitch does not execute. What is a likely cause?

Question 73mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to restrict inter-VDOM traffic between two VDOMs on a FortiGate. Which TWO configurations are required?

Question 74hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiManager administrator is planning to deploy a new policy package to a FortiGate that has multiple VDOMs. To ensure the policy package is applied correctly to the target VDOM, which THREE steps should the administrator take?

Question 75easymulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is troubleshooting why a FortiAnalyzer report is not showing expected data. Which TWO potential causes should the administrator investigate?

Question 76easymultiple choice
Review the full routing breakdown →

An administrator wants to create a separate virtual firewall instance on a FortiGate to isolate a DMZ environment. The DMZ must have its own routing table, firewall policies, and administrators. Which FortiGate feature should be used?

Question 77mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate is operating in transparent mode for a VDOM. Which statement about transparent mode is TRUE?

Question 78hardmultiple choice
Read the full NAT/PAT explanation →

An administrator runs 'diagnose sys session list' and sees sessions with 'proto=6 proto_state=02' and a long duration. The administrator is troubleshooting why sessions are not being terminated after a policy change that should block the traffic. What does 'proto_state=02' indicate?

Question 79mediummultiple choice
Review the full routing breakdown →

An administrator configures inter-VDOM routing between VDOM-A and VDOM-B using a VDOM link. After configuration, traffic from VDOM-A cannot reach VDOM-B. Which configuration step is MOST likely missing?

Question 80mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiManager administrator creates an ADOM for the root VDOM and regular VDOMs. The administrator wants to manage only the regular VDOMs from FortiManager. Which ADOM type should be used?

Question 81easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to use FortiManager to push a new firewall policy to a managed FortiGate. Before installing, the administrator wants to review what changes will be applied. Which FortiManager feature should be used?

Question 82hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures a firewall policy with an application control profile to block social media. The administrator observes that some social media traffic is still passing through. The traffic is HTTPS. What additional configuration is REQUIRED for application control to effectively block HTTPS-based social media?

Question 83mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate in HA active-passive mode has two VDOMs. VDOM-1 is configured for management (management VDOM). The administrator connects to the management VDOM IP to manage the device. What is a characteristic of the management VDOM?

Question 84mediummultiple choice
Read the full NAT/PAT explanation →

An administrator is configuring a firewall policy on a FortiGate in transparent mode. The policy should allow HTTP traffic from internal users to the internet. Which source and destination addresses should be used in the policy?

Question 85hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator configures a VDOM with a limit on the number of firewall policies. The VDOM has 200 policies, and the limit is set to 250. The administrator attempts to add a new policy but receives an error indicating the limit has been reached. What is the MOST likely reason?

Question 86easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to use FortiAnalyzer to generate weekly compliance reports for all managed FortiGates. Which FortiAnalyzer feature should be used?

Question 87mediummultiple choice
Review the full routing breakdown →

In a multi-VDOM deployment, an administrator needs to route traffic between VDOM-A and VDOM-B. The administrator creates a VDOM link between the two VDOMs. What additional configuration is required on each VDOM to enable inter-VDOM traffic?

Question 88mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is planning a FortiManager deployment to manage multiple FortiGates with multiple VDOMs. The administrator wants to use ADOMs to separate configurations. Which TWO statements about ADOMs are correct? (Choose two.)

Question 89hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate has two VDOMs: VDOM-A and VDOM-B. The administrator wants VDOM-A to have administrative access to VDOM-B for troubleshooting. The administrator configures a management VDOM. Which THREE steps are required to allow administrative access from VDOM-A to VDOM-B? (Choose three.)

Question 90mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is troubleshooting a FortiGate in transparent mode. The FortiGate is not forwarding traffic between two segments connected to port1 and port2. The administrator checks the interface configuration. Which TWO configurations are REQUIRED for a transparent mode VDOM to forward traffic? (Choose two.)

Question 91mediummultiple choice
Review the full routing breakdown →

A network admin configures inter-VDOM routing between two VDOMs on a FortiGate. The admin creates a firewall policy in VDOM A allowing traffic to VDOM B, but traffic is still not passing. What additional step is required?

Question 92easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Which FortiManager feature allows an administrator to view the exact CLI commands that will be pushed to a managed FortiGate before installation?

Question 93mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is configuring a FortiGate in transparent mode for an enterprise network. The existing gateway firewall must remain in place. How should the administrator configure the FortiGate's interfaces to ensure minimal disruption?

Question 94hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate has two VDOMs: Sales and Engineering. The admin wants to allow the Engineering VDOM to manage the Sales VDOM's administrator accounts. What configuration is required?

Question 95mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs 'diagnose sys session filter dport 443' and sees 'proto=6 proto_state=01 duration=3600 expire=3599'. What does this indicate?

Question 96easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the primary function of FortiAnalyzer's FortiView feature?

Question 97mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate admin configures a policy package with header and footer policies in FortiManager. What is the purpose of header policies?

Question 98hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An organization has multiple ADOMs in FortiManager. The admin wants to share a set of firewall objects across all ADOMs. What is the best approach?

Question 99mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An admin needs to configure a FortiGate to send logs to FortiAnalyzer for a specific VDOM only. How can this be achieved?

Question 100easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the maximum number of VDOMs supported on a FortiGate 600F (assuming license)?

Question 101mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate admin configures automation stitches in FortiManager to trigger a script when a specific incident occurs. The script runs but does not produce the expected result. Which FortiAnalyzer feature should the admin use to verify the automation stitch executed correctly?

Question 102hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures a multi-VDOM FortiGate in transparent mode. The admin notices that the management IP is reachable from both interfaces, but traffic passing through the device is not being inspected. What is the likely issue?

Question 103mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to configure a FortiGate to ensure that antivirus scanning is performed on SMTP traffic. Which two configuration items are required? (Choose two.)

Question 104hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A company has a FortiGate with multiple VDOMs. The security team wants to use FortiManager to manage policies centrally. Which three steps are necessary to set up VDOM management via FortiManager? (Choose three.)

Question 105easymulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to use FortiAnalyzer to generate reports for compliance. Which two data sources can be included in a FortiAnalyzer report? (Choose two.)

Question 106easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the primary purpose of an administrative VDOM on a FortiGate?

Question 107mediummultiple choice
Review the full routing breakdown →

A network administrator is configuring inter-VDOM routing between two VDOMs: VDOM-A and VDOM-B. The administrator creates a inter-VDOM link and adds routes pointing to the link. However, traffic from VDOM-A to VDOM-B fails. What is the most likely missing configuration?

Question 108mediummultiple choice
Review the full routing breakdown →

An administrator configures a FortiGate in transparent mode for a VDOM. After switching to transparent mode, the administrator notices that the default route disappears and traffic fails. What must be configured to restore routing?

Question 109hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 110mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiManager administrator wants to push policy package changes to a managed FortiGate, but wants to see what changes will be applied before committing. Which FortiManager feature should the administrator use?

Question 111mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to ensure that all firewall policies in a FortiGate VDOM have a common set of inspection profiles added at the end of the policy list. Which FortiManager feature best achieves this?

Question 112hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A multi-VDOM FortiGate is running low on memory. The administrator suspects that the management VDOM is consuming excessive resources. How can the administrator limit the memory usage of the management VDOM?

Question 113easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of a global ADOM in FortiManager?

Question 114mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to group firewall objects by department (e.g., Sales, Engineering) and easily filter them in FortiManager policy packages. Which feature should be used?

Question 115easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In FortiManager, what is an automation stitch?

Question 116hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate in NAT mode has a VDOM with interface port1 (10.0.1.0/24) and port2 (203.0.113.0/24). A policy allows traffic from port1 to port2 with source NAT using the IP of port2. A user at 10.0.1.10 initiates a connection to a web server at 198.51.100.1. What will be the source IP after NAT?

Question 117mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator sees the following error when trying to commit changes from FortiManager to a FortiGate: 'Policy check failed: Policy ID 5 uses a zone that does not exist on the device.' What is the most likely cause?

Question 118mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A network engineer needs to collect logs from multiple FortiGates and generate compliance reports. Which TWO FortiAnalyzer features should be used?

Question 119hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to ensure that traffic between two VDOMs on the same FortiGate is properly inspected. Which THREE configurations must be in place?

Question 120easymulti select
Read the full VPN explanation →

An administrator is troubleshooting a VPN tunnel that fails to establish. The administrator has verified that pre-shared keys match and phase 1 parameters are correct. Which TWO additional items should be checked?

Question 121easymultiple choice
Review the full routing breakdown →

A network administrator wants to logically separate two departments on a single FortiGate. Each department must have its own firewall policies, routing table, and administrators. Which feature should be used?

Question 122mediummultiple choice
Review the full routing breakdown →

An enterprise uses multiple VDOMs on a FortiGate. The administrator needs to route traffic between VDOM-A and VDOM-B using a firewall policy. What is the correct configuration step?

Question 123hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate has VDOMs enabled. An administrator runs 'get system status' and sees only one VDOM listed. However, the administrator configured two VDOMs earlier. What is the most likely cause?

Question 124mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is configuring a FortiGate in transparent mode for a data center segment. Which of the following is true about transparent mode operation in an enterprise environment?

Question 125mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator needs to manage multiple FortiGate devices centrally. They want to deploy policy packages from FortiManager to specific VDOMs on each device. Which FortiManager object must be configured first?

Question 126hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs 'diagnose debug application fnbam 3' and sees many entries with state 'sctp'. The FortiGate has flow-based inspection enabled. What is being indicated?

Question 127easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of a management VDOM in a multi-VDOM FortiGate?

Question 128mediummultiple choice
Review the full routing breakdown →

A FortiGate administrator configures inter-VDOM routing. Traffic from VDOM-A to VDOM-B is blocked. The administrator checks the policy in VDOM-A allowing traffic to the VDOM link interface. What else must be verified?

Question 129hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures VDOMs on a FortiGate and assigns port1 to VDOM-A and port2 to VDOM-B. The administrator then creates a firewall policy in VDOM-A to allow traffic from port1 to the VDOM link. Traffic from VDOM-A to VDOM-B is still failing. What is the most likely missing configuration?

Question 130mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiManager administrator wants to deploy a policy package that contains shared header and footer policies across multiple devices. How should these policies be configured in FortiManager?

Question 131easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the function of FortiAnalyzer in a Fortinet Security Fabric?

Question 132mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator creates a new VDOM and assigns interfaces. The VDOM is intended to operate in transparent mode. Which additional step is required?

Question 133mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is planning a multi-VDOM deployment for a service provider. Which TWO statements are true about VDOM limitations and best practices?

Question 134hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures FortiManager automation stitches to respond to high CPU usage on a FortiGate. The stitch should trigger a script to run diagnostics. Which THREE components are required in an automation stitch?

Question 135easymulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator wants to use FortiAnalyzer to view traffic logs from multiple VDOMs. Which TWO steps must the administrator perform on FortiAnalyzer?

Question 136mediummultiple choice
Review the full routing breakdown →

An administrator configures inter-VDOM routing between VDOMs A and B using a VDOM link. The administrator can ping from VDOM A to an interface in VDOM B, but traffic from VDOM B to VDOM A times out. What is the most likely cause?

Question 137easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Which FortiManager feature allows an administrator to roll back a policy package to a previous version?

Question 138hardmultiple choice
Review the full subnetting walkthrough →

You deploy a FortiGate in transparent mode for a retail branch. The upstream router's ARP table shows the FortiGate's management IP, but end users cannot reach the internet. The FortiGate's management IP is on the same subnet as the users. What should you verify first?

Question 139mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to use FortiManager to manage multiple FortiGates, each in a separate customer environment. The administrator needs to isolate configuration changes per customer and ensure each customer's admin can only see their own devices. What FortiManager feature should be used?

Question 140mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network admin runs 'diagnose sys session filter dport 443' and sees the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 141easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In a multi-VDOM deployment, an administrator needs to centralize logging for all VDOMs. Which FortiGate feature should be used to send logs to a central FortiAnalyzer?

Question 142mediummultiple choice
Read the full NAT/PAT explanation →

An administrator configures a VDOM link between VDOMs A and B. In VDOM A, the VDOM link interface is assigned IP 10.10.10.1/24, and in VDOM B, it is assigned 10.10.10.2/24. A firewall policy on VDOM A allows traffic from a subnet in VDOM A to a subnet in VDOM B. However, traffic fails. The admin checks the routing table in VDOM A and sees a route to the destination subnet via 10.10.10.2. What is the most likely cause?

Question 143mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate has two VDOMs: Root and CustomerA. The administrator wants to manage the CustomerA VDOM from FortiManager. What must be configured on FortiManager to allow management of the CustomerA VDOM?

Question 144easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Which FortiAnalyzer feature allows an administrator to create a sequence of automated response actions triggered by a specific log event?

Question 145hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate in an HA cluster with VDOMs enabled experiences a failover. After the failover, traffic that was passing before is now being dropped. The configuration is synchronized between the primary and secondary units. What is the most likely reason?

Question 146mediummultiple choice
Read the full NAT/PAT explanation →

An administrator wants to use FortiManager to deploy a common set of firewall rules to all VDOMs on a single FortiGate. The rules will be the same except for the source and destination addresses, which differ per VDOM. What FortiManager feature allows the administrator to reuse a policy package and customize per-VDOM objects?

Question 147easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In FortiAnalyzer, which tool provides real-time traffic monitoring and allows drilling down into details such as top talkers, applications, and threats?

Question 148mediummulti select
Review the full subnetting walkthrough →

An administrator is configuring a FortiGate in transparent mode for a retail store. The store has a flat network with a single subnet. Which TWO of the following statements about transparent mode are correct? (Select TWO.)

Question 149hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiManager administrator wants to use automation stitches to respond to a specific security event on managed FortiGates. Which THREE components are required to build an automation stitch? (Select THREE.)

Question 150mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is troubleshooting why a new firewall policy on a managed FortiGate is not taking effect. The policy was created in FortiManager and installed successfully. Which TWO steps should the administrator verify to identify the issue? (Select TWO.)

Question 151mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network admin is deploying a FortiGate in transparent mode to inspect traffic between two Layer 2 switches. Which of the following statements about transparent mode is correct?

Question 152hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An admin creates a VDOM named 'CustomerA' with inter-VDOM link to the management VDOM. The admin wants CustomerA administrators to manage only their own VDOM. Which configuration step is required?

Question 153easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of header and footer policies in a FortiManager policy package?

Question 154mediummultiple choice
Read the full NAT/PAT explanation →

A FortiGate with multiple VDOMs is experiencing inter-VDOM routing issues. The admin has created inter-VDOM links between VDOMs and configured firewall policies allowing traffic. However, traffic from VDOM_A to VDOM_B is not reaching the destination. What is the most likely cause?

Question 155hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An admin configures a FortiManager ADOM for a customer with multiple FortiGates. The admin wants to use meta fields to group firewalls by location. After defining a meta field 'Location' and assigning values to devices, where can the admin use the meta field for policy targeting?

Question 156mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate admin runs the following command: 'diagnose sys session filter dport 443' and sees output indicating sessions with state 'proto_state=01' and 'duration=3600, expire=3599'. What does this indicate about the session?

Question 157easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Which of the following is a required step when enabling VDOMs on a FortiGate for the first time?

Question 158mediummultiple choice
Open the full VLAN trunking answer →

A FortiGate administrator needs to inspect traffic between two VLANs in the same VDOM. The administrator has configured a firewall policy that applies an antivirus profile, but traffic is passing without inspection. What should the administrator check first?

Question 159hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In a FortiManager deployment with global ADOM enabled, an administrator creates a firewall policy in the global ADOM. What is the effect of this policy on the per-ADOM devices?

Question 160easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of FortiAnalyzer in a Fortinet security fabric?

Question 161mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator notices that after making changes to a policy package in FortiManager, the 'Install Preview' shows that the changes will modify policies on a FortiGate. However, the admin wants to verify what the exact changes will be before installing. What should the admin do?

Question 162hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate with VDOMs enabled has a management VDOM (mgmt-vdom) and a traffic VDOM (traffic-vdom). The admin wants to manage the FortiGate via HTTPS from a network in traffic-vdom. What configuration is needed?

Question 163mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to ensure that traffic between two VDOMs (VDOM_A and VDOM_B) is inspected by an IPS profile. Which TWO configuration elements are required? (Choose TWO.)

Question 164hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator uses FortiManager automation stitches to respond to a security incident. Which THREE components must be defined in an automation stitch? (Choose THREE.)

Question 165easymulti select
Read the full Enterprise Firewall and VDOMs explanation →

Which TWO statements about VDOM limits on FortiGate are correct? (Choose TWO.)

Question 166mediummultiple choice
Review the full routing breakdown →

An enterprise FortiGate has multiple VDOMs. The administrator wants to allow traffic from VDOM A to reach servers in VDOM B without traversing an external router. Which configuration is required?

Question 167easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network administrator is deploying a FortiGate in transparent mode to replace an existing layer 2 switch. Which statement about transparent mode is true?

Question 168hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An admin runs 'diagnose sys session filter dport 443' and sees the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 169mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiManager administrator wants to push a policy package that includes both global header/footer policies and VDOM-specific policies. Which statement about header/footer policies is correct?

Question 170hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate in a multi-VDOM environment has a management VDOM (mgmt-vdom) and a traffic VDOM (corp-vdom). The admin wants to access the FortiGate GUI using IP 10.0.1.1 assigned to port1 in mgmt-vdom. However, the GUI is unreachable. The admin can SSH into mgmt-vdom. What is the most likely cause?

Question 171easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Which FortiAnalyzer feature allows administrators to create automated response actions triggered by specific log events, such as blocking an IP address when an intrusion is detected?

Question 172mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator wants to use FortiManager to manage multiple FortiGates in different geographic regions. To isolate configuration changes, the administrator creates separate ADOMs for each region. Which type of ADOM should be used to allow some common objects (like address groups) to be shared across all regions?

Question 173hardmultiple choice
Open the full VLAN trunking answer →

An administrator deploys a FortiGate in transparent mode with two VDOMs: one for the internal network and one for DMZ. The admin notices that ARP requests from internal hosts are not reaching the DMZ servers even though they are on the same VLAN. What is the most likely cause?

Question 174easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

Which FortiManager feature allows administrators to view the exact configuration changes that would be applied to a managed FortiGate before committing them?

Question 175mediummultiple choice
Open the full BGP breakdown →

A FortiGate has two VDOMs: 'root' and 'customer'. The admin wants to route traffic from 'customer' to the internet via 'root', which has a BGP connection to an ISP. What is the required configuration?

Question 176mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is troubleshooting a scenario where FortiAnalyzer is not receiving logs from a FortiGate. The FortiGate shows 'log-fortianalyzer setting status: disconnected'. Which step should be taken first to resolve this?

Question 177hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate admin configures a firewall policy with an antivirus profile in flow-based inspection mode. The admin notices that some large files are being scanned but others are allowed without scanning. What is the most likely cause?

Question 178mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator wants to use FortiManager automation stitches to automatically block IP addresses that trigger multiple intrusion prevention events. Which two components are required to configure an automation stitch? (Choose two.)

Question 179mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An enterprise FortiGate has multiple VDOMs. The security policy requires that all traffic between VDOMs must be inspected by a next-generation firewall profile. Which three steps are necessary to achieve this? (Choose three.)

Question 180hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A network administrator is troubleshooting a scenario where FortiView in FortiAnalyzer shows no traffic data for a specific FortiGate, but logs are being received. Which two possible causes should the administrator investigate? (Choose two.)

Question 181easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to isolate customer traffic in a FortiGate deployed at a service provider. Each customer should have independent administrators and security policies. Which feature should be used?

Question 182mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate running FortiOS 7.4.1 has two VDOMs: CustomerA and CustomerB. The administrator wants CustomerA to access an HTTP server in CustomerB. Both VDOMs have appropriate policies. What additional configuration is required?

Question 183hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs 'diagnose sys session filter dport 443' and sees: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 184mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network admin needs to apply a common set of firewall rules at the beginning of every policy package for all VDOMs managed by FortiManager. The rules should be automatically inserted and not editable within each VDOM. What should be configured?

Question 185hardmultiple choice
Review the full routing breakdown →

A FortiGate in transparent mode is deployed between a router and a switch. The administrator needs to apply a deep inspection profile to HTTP traffic. What is the correct configuration for the interfaces?

Question 186mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures a new ADOM in FortiManager for a set of FortiGates. The administrator wants to assign meta fields to devices in this ADOM. Where should the meta fields be defined?

Question 187easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is troubleshooting why a new firewall policy is not being applied to traffic. The policy has been created and installed via FortiManager. What is the quickest way to verify the current state of the policy on the FortiGate?

Question 188mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An organization uses FortiManager to manage multiple FortiGates. A junior admin accidentally deleted a critical firewall policy on one device and the change was auto-installed. How can the senior admin revert the device to the previous configuration?

Question 189hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate VDOM is configured with a WAN interface (port1) and LAN interface (internal). The admin creates a policy allowing HTTP from internal to WAN with an antivirus profile applied. Users report that HTTP throughput is very slow. The admin checks the session table and sees many sessions with state 11 (TCP_CLOSE_WAIT). What is causing the performance issue?

Question 190easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to view real-time traffic logs and top applications for a specific VDOM on FortiAnalyzer. Which tool should be used?

Question 191mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A multi-tenant FortiGate uses VDOMs. The administrator notices that logins via SSH to the management VDOM succeed, but attempts to SSH to a traffic VDOM's management IP fail. The traffic VDOM has an administrative user configured. What is the most likely cause?

Question 192mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator uses FortiManager to deploy a new security policy to a remote FortiGate. The administrator selects 'Install Preview' and sees that the policy will be created. After confirming, the installation fails with 'Device not reachable'. What is the most likely reason?

Question 193mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate in HA mode has two VDOMs: VDOM1 and VDOM2. The administrator needs to ensure that if the active unit fails, the standby unit takes over with minimal disruption. Which TWO steps should be taken?

Question 194hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator uses FortiManager automation stitches to respond to an incident. The stitch includes a trigger, one or more actions, and conditions. Which THREE components are valid action types in an automation stitch?

Question 195easymulti select
Review the full routing breakdown →

A company is deploying FortiGate in transparent mode between an existing router and LAN switch. Which TWO statements about transparent mode are true?

Question 196easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network administrator is configuring VDOMs on a FortiGate and wants to separate management traffic from production data traffic. What is the best practice when using a management VDOM?

Question 197mediummultiple choice
Open the full VLAN trunking answer →

An administrator deploys a FortiGate in transparent mode within a Layer 2 network. They apply a firewall policy with an antivirus profile to inspect traffic between two VLANs. What is a key characteristic of transparent mode that affects policy application?

Question 198hardmultiple choice
Read the full NAT/PAT explanation →

A FortiGate running FortiOS 7.2 has multiple VDOMs. The administrator notices that inter-VDOM routing between two VDOMs is not working. Configuration shows a firewall policy allowing the traffic, and the route table shows routes to the destination VDOM. What additional configuration is required?

Question 199mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs 'diagnose sys session filter dport 443' and sees the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 200easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of a Global ADOM in FortiManager?

Question 201mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A company uses FortiManager to manage multiple FortiGate firewalls. After making changes to a policy package, the administrator runs an install preview and sees a warning: 'Policy ID 10 will be deleted on device XYZ'. What is the most likely reason for this warning?

Question 202hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures FortiAnalyzer to receive logs from multiple FortiGates. They want to create a report that shows only incidents involving 'critical' severity and specific attack types. Which FortiAnalyzer feature allows the administrator to define such a custom report?

Question 203easymultiple choice
Review the full routing breakdown →

In a multi-VDOM deployment, what is the purpose of inter-VDOM routing?

Question 204mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator wants to use FortiManager automation stitches to automatically block an IP address when a specific threat is detected. Which components must be configured within the automation stitch?

Question 205hardmultiple choice
Open the full VLAN trunking answer →

An administrator configures a FortiGate in transparent mode with two VDOMs. Each VDOM is assigned to a different VLAN. The administrator wants to apply a common security policy to traffic between the VLANs. What is the correct approach?

Question 206mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In FortiManager, what is the purpose of header and footer policies in a policy package?

Question 207easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network engineer is deploying FortiGate VDOMs and needs to limit the number of VDOMs per FortiGate to comply with licensing. Which command can be used to check the maximum VDOMs allowed?

Question 208mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator needs to configure a new FortiGate in FortiManager for centralized management. Which TWO steps are required to add the device to an ADOM?

Question 209hardmulti select
Read the full Ansible explanation →

An organization uses FortiAnalyzer for centralized logging. The security team wants to use playbooks to automate responses to detected incidents. Which THREE components are essential for a playbook to function?

Question 210mediummulti select
Read the full VPN explanation →

A FortiGate administrator is troubleshooting an issue where IPsec VPN traffic is not being forwarded correctly in a multi-VDOM environment. Which TWO factors should the administrator verify?

Question 211mediummultiple choice
Review the full routing breakdown →

An administrator configures inter-VDOM routing between VDOMs A and B. Both VDOMs are on the same FortiGate. The admin creates a policy allowing traffic from VDOM A to VDOM B. Traffic from VDOM A to VDOM B fails. What is the most likely cause?

Question 212easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate is operating in transparent mode. Which of the following statements is true about this mode?

Question 213hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures a FortiGate with a management VDOM. Which of the following is true about the management VDOM?

Question 214mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A network administrator is configuring FortiManager to manage multiple FortiGates with different VDOMs. The admin needs to ensure that each FortiGate's VDOMs can be independently managed. What is the correct configuration step?

Question 215mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator runs the following command and sees the output:

diagnose sys session filter dport 443 diagnose sys session list

Output shows sessions with proto=6 and expire time decreasing. What does this indicate?

Question 216hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is configuring FortiAnalyzer to receive logs from FortiGates in a multi-VDOM environment. The admin wants to ensure that logs from each VDOM are separated into their own datasets. What must be configured?

Question 217easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of a header policy in a FortiManager policy package?

Question 218mediummultiple choice
Review the full routing breakdown →

A FortiGate administrator needs to configure a policy that allows traffic from VDOM A to VDOM B using inter-VDOM routing. Which configuration is required?

Question 219mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures a FortiGate with VDOMs and notices that the 'config vdom' command lists multiple VDOMs, but only one VDOM is shown in the 'show full-configuration' output. What is the most likely reason?

Question 220hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

In FortiManager, what is the purpose of an automation stitch?

Question 221easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to limit the number of VDOMs that can be created on a FortiGate. What should the administrator configure?

Question 222hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator receives an error when trying to create a new VDOM: 'Maximum number of VDOMs reached.' However, the FortiGate model supports more VDOMs. What could be the issue?

Question 223mediummulti select
Review the full routing breakdown →

A FortiGate administrator is troubleshooting a scenario where traffic between two VDOMs is not working. The admin has configured inter-VDOM routing. Which TWO steps should the administrator verify? (Choose two.)

Question 224hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is configuring FortiManager to manage a multi-VDOM FortiGate. The administrator wants to ensure that policy changes are not accidentally applied without review. Which THREE measures should be taken? (Choose three.)

Question 225mediummulti select
Read the full NAT/PAT explanation →

A FortiGate administrator wants to use FortiAnalyzer to generate reports on traffic patterns for each VDOM separately. Which TWO configuration steps are required? (Choose two.)

Question 226easymultiple choice
Review the full routing breakdown →

An administrator wants to isolate tenant traffic in a single FortiGate by creating separate virtual firewalls with independent routing tables, administrators, and policies. Which feature should the administrator use?

Question 227mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An enterprise deploys a FortiGate in transparent mode to bridge two broadcast domains. The administrator needs to apply a web filter to HTTP traffic between these domains. Which configuration is required?

Question 228hardmultiple choice
Review the full subnetting walkthrough →

An administrator configures inter-VDOM routing between VDOM-A and VDOM-B using a VDOM link. The default route in VDOM-A points to a next-hop router, and VDOM-B has a static route to a subnet behind VDOM-A. Users in VDOM-B cannot reach that subnet. The administrator runs 'diagnose ip route list' in both VDOMs and sees the routes are present. What is the most likely cause?

Question 229easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of a management VDOM in a multi-VDOM FortiGate deployment?

Question 230mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate is managed by FortiManager. The administrator creates a new policy package for VDOM 'Sales' and installs it. Later, they find that the previous configuration has been overwritten. What should the administrator do to avoid this in the future?

Question 231mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator needs to generate a report showing top applications by bandwidth usage across all VDOMs for the last 30 days. Which FortiAnalyzer feature should be used?

Question 232hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator configures automation stitches on FortiManager to trigger a script when a specific event log is received. The script should block the source IP on the firewall. However, the script does not run when the event occurs. What is a likely cause?

Question 233easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the difference between a global ADOM and a regular ADOM in FortiManager?

Question 234mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator wants to add custom fields to device objects in FortiManager to track location and contact info. Which feature should be used?

Question 235mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate has multiple VDOMs. The administrator notices that traffic from VDOM-1 to VDOM-2 is allowed by inter-VDOM policies but is not being inspected by the security profiles. What is the most likely cause?

Question 236hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs 'diagnose sys session filter dport 443' and sees the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 237easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

What is the purpose of header and footer policies in a FortiManager policy package?

Question 238mediummulti select
Review the full routing breakdown →

An administrator needs to configure a FortiGate to allow inter-VDOM routing between VDOM-1 and VDOM-2. Which TWO actions are required? (Choose two.)

Question 239hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate is deployed in multi-VDOM mode. The administrator wants to use FortiAnalyzer to centralize logging from all VDOMs. Which THREE steps must be performed? (Choose three.)

Question 240mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is planning a multi-VDOM deployment with a management VDOM. Which TWO statements about management VDOMs are correct? (Choose two.)

Question 241mediummultiple choice
Review the full routing breakdown →

A FortiGate administrator is configuring inter-VDOM routing between two VDOMs: VDOM-A and VDOM-B. The administrator wants to allow traffic from VDOM-A to reach a server in VDOM-B while keeping the VDOMs logically separated. Which configuration step is REQUIRED?

Question 242mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An administrator runs the following command on a FortiGate: 'diagnose sys session filter dport 443' and sees output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 243easymultiple choice
Review the full subnetting walkthrough →

A network engineer is deploying a FortiGate in transparent mode at a branch office. The goal is to insert the firewall without changing the existing IP subnet scheme. Which statement about transparent mode is TRUE?

Question 244hardmultiple choice
Review the full routing breakdown →

A FortiGate administrator is troubleshooting a scenario where users in VDOM-1 cannot reach a server in VDOM-2. Inter-VDOM routing is configured using a VDOM link. The administrator checks the session table and sees that packets are arriving on the VDOM link interface but are not being forwarded. What is the MOST likely cause?

Question 245mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An organization wants to use FortiManager to manage multiple FortiGate devices. The administrator needs to ensure that each device group has separate policy and object configurations. Which FortiManager feature should be configured?

Question 246easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator notices that after installing a new policy package from FortiManager, the firewall policies on the managed FortiGate do not match what was configured in FortiManager. What feature should the administrator use to review the exact changes before committing?

Question 247hardmultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is configuring automation stitches in FortiManager to trigger a script when a specific log event occurs. The automation stitch includes a trigger, a set of conditions, and an action. The administrator wants the script to run only if the event is generated by devices in a specific ADOM. Which element should be configured in the trigger condition?

Question 248mediummultiple choice
Read the full NAT/PAT explanation →

A FortiGate in NAT mode has multiple VDOMs. The administrator wants to centralize logging from all VDOMs to a single FortiAnalyzer. What configuration is required on the FortiGate to ensure logs from all VDOMs are sent?

Question 249mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is deploying a multi-VDOM setup for a service provider. The provider wants each customer VDOM to have its own administrative access, yet the overall device management (including firmware upgrades) should be centralized from the management VDOM. Which TWO statements are true regarding administrative VDOMs?

Question 250hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator wants to generate customized reports in FortiAnalyzer for different departments. The administrator needs to ensure that each department can only see its own logs. Which TWO configurations are necessary?

Question 251mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is setting up automation stitches in FortiManager to remediate threats. The stitch should run a CLI script on a managed FortiGate when a specific event is logged. Which THREE components must be configured in the automation stitch?

Question 252easymulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is planning to use policy packages in FortiManager to manage firewall policies for multiple devices. Which TWO statements about policy packages are true?

Question 253mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is troubleshooting slow network performance. The administrator runs the command 'diagnose sys session filter dst 10.0.0.1' and sees many sessions in a 'proto_state=0a' state. What does this state indicate? (Select TWO.)

Question 254hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator wants to use FortiManager to push configuration changes to a managed FortiGate. To ensure changes are applied correctly, the administrator wants to review the exact CLI commands that will be sent. Which TWO tools can be used for this purpose?

Question 255mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator is configuring a multi-VDOM deployment. The administrator wants to use a single physical interface for multiple VDOMs. Which TWO methods allow this?

Question 256mediummultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

An enterprise FortiGate is configured with multiple VDOMs, including a management VDOM. The admin logs in to the management VDOM and wants to create a new VDOM and assign interfaces. However, the 'config vdom' command requires entering a VDOM name that is not 'root'. What is the correct next step?

Question 257hardmultiple choice
Review the full subnetting walkthrough →

A FortiGate in transparent mode is deployed in a data center. The admin notices that ARP requests from a downstream switch for the default gateway are not being answered. The FortiGate's management IP is configured on the same subnet as the switch. What is the most likely cause?

Question 258easymultiple choice
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator needs to delegate firewall policy management to different teams for different departments. Each team should have full control over their policies but should not see or modify policies of other departments. Which feature allows this separation?

Question 259mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

A company uses FortiManager to manage multiple FortiGates. The admin wants to use a global ADOM to manage certain policies across all devices while allowing local customization. Which two statements about global ADOM are true? (Choose two.)

Question 260hardmulti select
Review the full routing breakdown →

A FortiGate admin configures inter-VDOM routing between VDOM-A and VDOM-B using a VDOM link. The admin wants traffic from VDOM-A to reach a server in VDOM-B. Which three configuration steps are required? (Choose three.)

Question 261mediummulti select
Open the full VLAN trunking answer →

An administrator is troubleshooting a FortiGate in transparent mode where clients cannot reach the internet. The FortiGate has two interfaces in the same VLAN. Which two items must be checked? (Choose two.)

Question 262easymulti select
Read the full Enterprise Firewall and VDOMs explanation →

A FortiGate administrator needs to use FortiManager to deploy a new security policy to all firewalls in a specific ADOM. Which two steps are part of the installation process? (Choose two.)

Question 263mediummulti select
Read the full Enterprise Firewall and VDOMs explanation →

An administrator is using FortiAnalyzer to generate a compliance report. The report should include logs from multiple FortiGates in different ADOMs. Which three actions must the administrator take? (Choose three.)

Question 264hardmulti select
Read the full Enterprise Firewall and VDOMs explanation →

A security analyst notices that an automation stitch in FortiManager did not trigger when a specific event occurred on a managed FortiGate. Which three possible reasons could explain why the stitch did not fire? (Choose three.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

NSE7 Practice Test 1 — 10 Questions→NSE7 Practice Test 2 — 10 Questions→NSE7 Practice Test 3 — 10 Questions→NSE7 Practice Test 4 — 10 Questions→NSE7 Practice Test 5 — 10 Questions→NSE7 Practice Exam 1 — 20 Questions→NSE7 Practice Exam 2 — 20 Questions→NSE7 Practice Exam 3 — 20 Questions→NSE7 Practice Exam 4 — 20 Questions→Free NSE7 Practice Test 1 — 30 Questions→Free NSE7 Practice Test 2 — 30 Questions→Free NSE7 Practice Test 3 — 30 Questions→NSE7 Practice Questions 1 — 50 Questions→NSE7 Practice Questions 2 — 50 Questions→NSE7 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Advanced Networking and SD-WANAdvanced VPN and Zero TrustEnterprise Firewall and VDOMsAdvanced Threat ProtectionTroubleshooting and Diagnostics

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Enterprise Firewall and VDOMs setsAll Enterprise Firewall and VDOMs questionsNSE7 Practice Hub