Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Troubleshooting and Diagnostics practice sets

NSE7 Troubleshooting and Diagnostics • Complete Question Bank

NSE7 Troubleshooting and Diagnostics — All Questions With Answers

Complete NSE7 Troubleshooting and Diagnostics question bank — all 0 questions with answers and detailed explanations.

151
Questions
Free
No signup
Certifications/NSE7/Practice Test/Troubleshooting and Diagnostics/All Questions
Question 1mediummultiple choice
Review the full subnetting walkthrough →

A FortiGate administrator notices that traffic from a specific subnet is being dropped unexpectedly. The security policy allows the traffic, and there are no firewall policies blocking it. What is the most efficient first step to identify the cause of the drops?

Question 2hardmulti select
Review the full OSPF breakdown →

An organization uses FortiGate with OSPF and BGP. Recently, routes from BGP are not being preferred over OSPF routes, causing suboptimal routing. The administrator wants to ensure BGP routes are preferred. Which two actions can achieve this? (Choose two.)

Question 3easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate is experiencing high CPU usage. The administrator runs 'diagnose sys top' and sees that the process 'ipsengine' is using the most CPU. What is the most likely cause?

Question 4mediummulti select
Read the full VPN explanation →

An administrator is troubleshooting a VPN tunnel that is not coming up. The remote peer is a third-party device. Which THREE actions should be taken to diagnose the issue?

Question 5easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator sees the following kernel log: 'kernel: [pid 1234] received packet with unknown or unsupported protocol 0x0800 on interface port1, drop'. What does this log indicate?

Question 6hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

Based on the debug flow output, what is the reason the packet is dropped?

Exhibit

Refer to the exhibit.

```
diagnose debug flow filter saddr 10.0.1.100
diagnose debug flow filter daddr 10.0.2.200
diagnose debug flow trace start 100
diagnose debug enable

# Output:
id=20085 trace_id=1 func=print_pkt_detail line=5757 msg="vd-root:0 received a packet from port1. src=10.0.1.100 dst=10.0.2.200 sport=12345 dport=80 proto=6"
id=20085 trace_id=1 func=resolve_ip_tuple line=3485 msg="tuple: 10.0.1.100->10.0.2.200, vd=0"
id=20085 trace_id=1 func=fw_pre_route_handler line=162 msg="no matching policy"
id=20085 trace_id=1 func=run_fw_handler line=59 msg="packet dropped"
```
Question 7easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator applies the above policy but users from 10.0.1.0/24 cannot access web servers at 10.0.2.0/24. However, they can ping the servers. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
config firewall policy
    edit 1
        set name "Allow Web"
        set srcintf "port1"
        set dstintf "port2"
        set srcaddr "10.0.1.0/24"
        set dstaddr "10.0.2.0/24"
        set action accept
        set schedule "always"
        set service "HTTP"
        set logtraffic all
    next
end
```
Question 8mediummulti select
Review the full routing breakdown →

A FortiGate is experiencing high latency on traffic passing through it. The administrator suspects that asymmetric routing is occurring. Which TWO symptoms are indicative of asymmetric routing?

Question 9hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate cluster (A-P) has a session that is not synchronizing to the secondary unit. The administrator runs 'diagnose sys ha session-sync status' and sees that the session count is different between primary and secondary. Which is the most likely cause?

Question 10mediummultiple choice
Review the full subnetting walkthrough →

A customer reports intermittent connectivity issues between two internal subnets separated by a FortiGate firewall. The traffic is allowed by the policy, but users experience timeouts during peak hours. Which troubleshooting step should you take first?

Question 11hardmultiple choice
Read the full VPN explanation →

An administrator is troubleshooting a scenario where IPSec VPN tunnels between two FortiGates are flapping. The logs show Phase 1 is up but Phase 2 fails with 'no proposal chosen'. The remote FortiGate has multiple Phase 2 selectors configured. What is the most likely cause?

Question 12easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate is set up in a high availability (HA) cluster. The administrator notices that the primary unit is not synchronizing configuration changes to the secondary unit. The HA status shows 'synchronization failed'. What is the most likely cause?

Question 13mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

Which TWO actions are appropriate when troubleshooting a slow network connection through a FortiGate?

Question 14hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

Based on the exhibit, what can be concluded about the session?

Exhibit

Refer to the exhibit.

FGT # diagnose sys session list

session info: proto=6 proto_state=01 duration=826 expire=3579 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper= 
reply-shaper= 
per_ip_shaper= 
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty npu bcm npu_flag=01
statistic(bytes/packets/err): org=1234/10/0 reply=5678/20/0
orgs:10.1.1.10/1234->20.2.2.20/80 vlan=10
reply:20.2.2.20/80->10.1.1.10/1234 vlan=10

FGT #
Question 15hardmultiple choice
Open the full BGP breakdown →

A company runs a FortiGate 600E in NAT/Route mode. They have a site-to-site VPN to a partner using route-based VPN with BGP. Recently, they added a new subnet 192.168.50.0/24 behind the FortiGate. The BGP session is up, and the route is being advertised to the partner. However, traffic from the partner to the new subnet fails. The FortiGate's routing table shows the route to 192.168.50.0/24 is present via the VPN interface. Firewall policies allow the traffic. A packet capture on the FortiGate's internal interface shows the partner's traffic arriving but no SYN-ACK being sent back. The FortiGate's session table shows sessions in 'SYN_RECV' state for the new subnet. What is the most likely cause?

Question 16mediummulti select
Open the full VLAN trunking answer →

An administrator is troubleshooting a scenario where traffic from VLAN 100 to a server at 10.1.2.100 is being blocked. The FortiGate has an active security policy allowing the traffic and the routing table shows a correct route. Which TWO diagnostic commands should the administrator run to identify the cause of the blockage?

Question 17hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate is blocking HTTP traffic from 10.0.1.5 to 10.0.2.100, despite an explicit allow policy. The exhibit shows the configuration and debug flow output. What is the most likely cause?

Exhibit

Refer to the exhibit.

config firewall policy
    edit 1
        set name "Allow-Web"
        set srcintf "port1"
        set dstintf "port2"
        set srcaddr "10.0.1.0/24"
        set dstaddr "10.0.2.100"
        set action accept
        set schedule "always"
        set service "HTTP"
        set logtraffic all
    next
end

diag debug flow show function-name show-verbose

--- flow debug output ---
proton_state=0, reason=session-denied
id=20085 trace_id=155 func=print_pkt_detail line=4945 msg="vd-root:0 received a packet from port1: 10.0.1.5:45231 -> 10.0.2.100:80, proto 6."
id=20085 trace_id=155 func=resolve_ip_tuple line=4125 msg="Find an existing session, id 00001234, original direction"
id=20085 trace_id=155 func=__ip_session_match_tuple line=2818 msg="Session state: not ready"
id=20085 trace_id=155 func=__ip_session_find_by_session_id line=2773 msg="session session_deny because state proto is not ready"
Question 18hardmultiple choice
Read the full VPN explanation →

A FortiGate is deployed as the edge firewall for a medium-sized enterprise. The network has three internal zones: Trust (10.10.0.0/16), DMZ (172.16.0.0/24), and Guest (192.168.0.0/24). The FortiGate has an IPSec VPN to a branch office (10.20.0.0/16). Users in the Trust zone report intermittent connectivity to a web server in the DMZ (172.16.0.10, TCP port 443). The FortiGate logs show occasional 'session denied' messages for traffic from Trust to DMZ with reason 'denied by forward policy check'. The security policy has an explicit allow rule for Trust to DMZ HTTPS. The administrator has verified routing is correct and there are no address overlaps. When the issue occurs, the administrator runs 'diag debug flow' and sees that the packet matches the correct policy but still gets denied. The debug output also shows 'forward policy check: denied'. What is the most likely cause and recommended action?

Question 19mediumdrag order
Read the full Troubleshooting and Diagnostics explanation →

Drag and drop the steps to perform a firmware upgrade on a FortiGate device into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediummatching
Read the full Troubleshooting and Diagnostics explanation →

Match each high availability (HA) mode to its characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

One unit handles traffic; standby takes over on failure

Both units handle traffic simultaneously

FortiGate Clustering Protocol

Synchronizes sessions between HA members

Link used for HA communication and synchronization

Question 21easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A network administrator runs 'diagnose sys top' and sees that the 'ipsengine' process is consistently using 99% CPU. What is the BEST immediate action to reduce CPU load?

Question 22mediummultiple choice
Read the full VPN explanation →

When troubleshooting an IPsec VPN phase 1 failure, you run 'diagnose vpn ike config' and see that the remote gateway IP address is incorrect. Which command is used to correct the peer IP configuration?

Question 23hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

In an HA cluster, after a failover, some established sessions are not being synchronized to the new primary unit. Which setting must be enabled to ensure session synchronization?

Question 24mediummultiple choice
Study the full SD-WAN breakdown →

You are troubleshooting an SD-WAN rule where traffic is not matching the expected SLA. The FortiGate shows 'SLA mismatch' in logs. What is the MOST likely cause?

Question 25easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

You receive an alert that FortiAnalyzer log disk usage is at 95%. Which action should you take to immediately free up space without losing important logs?

Question 26mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate admin runs 'diagnose debug application authd -1' but sees no output for LDAP authentication attempts. What is the MOST likely reason?

Question 27hardmultiple choice
Open the full BGP breakdown →

You are troubleshooting a BGP neighbor flapping. The neighbor state shows 'Active'. Which command will help you see the reason for the state change?

Question 28mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

You run 'diagnose sys session filter dport 443' and see sessions with a duration of 7200 seconds and expire time of 3600 seconds. What does this indicate?

Question 29easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator wants to monitor CPU usage of specific processes on a FortiGate. Which command should be used?

Question 30mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

When testing HA failover, you manually switch the primary unit to standby. The secondary unit becomes primary but does not take over the IP address of the virtual cluster. What is the MOST likely cause?

Question 31hardmultiple choice
Read the full VPN explanation →

You are troubleshooting a VPN phase 2 negotiation failure. The logs show 'no proposal chosen'. What is the MOST likely cause?

Question 32mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator wants to troubleshoot why specific traffic is not matching a configured firewall policy. Which debug command should be used?

Question 33mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

A network administrator is troubleshooting a split-brain scenario in an HA cluster. Which TWO conditions can cause split-brain? (Choose two.)

Question 34hardmulti select
Open the full BGP breakdown →

You are troubleshooting BGP route advertisement issues. Which THREE debug commands would be useful to identify why a route is not being advertised to a neighbor? (Choose three.)

Question 35mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

An administrator notices that some traffic through the FortiGate is not being inspected by the application control profile. Which TWO reasons could explain this? (Choose two.)

Question 36mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A network administrator runs the command 'diagnose debug application ssl -1' and sees the following output: 'ssl_generate_proxy_cert: cannot find CA certificate for issuer CN=www.example.com'. What is the MOST likely cause?

Question 37hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator is troubleshooting an HA cluster (active-passive) where both units show 'primary' in 'get system ha status'. The cluster is not synchronizing configurations. What is the MOST likely cause?

Question 38easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator wants to monitor real-time CPU usage per process on a FortiGate. Which command should be used?

Question 39mediummultiple choice
Open the full BGP breakdown →

A BGP session between FortiGate and a neighbor is in 'Active' state. The administrator has verified IP connectivity and that the neighbor IP is reachable. What is the MOST likely cause?

Question 40hardmultiple choice
Study the full SD-WAN breakdown →

An SD-WAN rule has two members: port1 (SLA target latency < 10ms) and port2 (SLA target latency < 20ms). The administrator runs 'diagnose sys sdwan sla-check' and sees that both members meet SLA. However, all traffic is going through port2. What is the MOST likely reason?

Question 41mediummultiple choice
Read the full VPN explanation →

A user reports that they cannot connect to a remote office via IPsec VPN. Phase 1 is up, but Phase 2 fails to establish. The administrator runs 'diagnose vpn ike log' and sees 'no matching phase2 proposal'. What should be checked?

Question 42mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator uses FortiAnalyzer for log analysis and wants to identify all sessions that were blocked by a specific firewall policy ID 10. Which log filter should be applied?

Question 43hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator configures a session helper for FTP but notices that active FTP data connections are not being allowed through the firewall. The FTP control session establishes fine. What is the MOST likely cause?

Question 44easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator wants to see the current number of active sessions. Which command provides this information?

Question 45mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An HA cluster (active-passive) is configured. The administrator wants to perform a failover test without causing service disruption. Which command should be used?

Question 46mediummultiple choice
Open the full BGP breakdown →

An administrator configures BGP route advertisement but the routes are not being sent to the neighbor. The BGP session is established. What is the MOST likely cause?

Question 47easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator needs to identify which process is consuming the most memory. Which command should be used?

Question 48mediummulti select
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish Phase 1. The debug output shows 'no acceptable proposal'. Which TWO configuration parameters should be checked to resolve this issue?

Question 49hardmulti select
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator is investigating a slow network issue. The 'diagnose sys session stat' shows a high number of sessions. Which THREE commands can help identify the source of the high session count?

Question 50easymulti select
Read the full Troubleshooting and Diagnostics explanation →

An administrator needs to troubleshoot an HA synchronization issue. Which TWO commands provide information about the HA synchronization status?

Question 51mediummultiple choice
Read the full VPN explanation →

A FortiGate admin runs 'diagnose debug application sslvpn -1' and sees repeated messages: 'SSL VPN tunnel establishment failed: no response from client.' The remote user reports that the FortiClient VPN connects but no traffic passes. What is the MOST likely cause?

Question 52hardmultiple choice
Open the full BGP breakdown →

You are troubleshooting a BGP session between FortiGate and an ISP router. The FortiGate shows BGP state 'Active' and the debug output shows 'No route to peer'. The ISP router's loopback IP is 203.0.113.1, and the next-hop interface is port1 (10.0.0.1/30). The FortiGate has a static route to 203.0.113.1 via port1. What is the MOST likely cause?

Question 53easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator needs to monitor the FortiGate's CPU usage in real-time from the CLI. Which command should be used?

Question 54mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

After upgrading FortiGate firmware, an admin notices that several sessions using SIP are failing. The SIP ALG was enabled before the upgrade. What is the MOST likely cause?

Question 55hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An HA cluster of two FortiGates is experiencing split-brain. After investigation, you find that the heartbeat link is down on the primary unit. Which action will resolve the split-brain condition?

Question 56easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator wants to see the current sessions for a specific source IP address 192.168.1.10. Which CLI command should be used?

Question 57mediummultiple choice
Read the full VPN explanation →

A FortiGate VPN tunnel shows 'phase1 negotiation failed' in the logs. The remote gateway is a third-party device. The debug command 'diagnose vpn ike config' shows mismatched proposals. Which setting is MOST likely incorrect on the FortiGate?

Question 58easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

Which command displays the current session count on a FortiGate?

Question 59hardmultiple choice
Study the full SD-WAN breakdown →

An SD-WAN rule uses a performance SLA to steer traffic to the best-quality link. Traffic is consistently using the backup link even though the primary link meets SLA thresholds. The admin runs 'diagnose sys sdwan sla-check' and sees the primary link SLA status is 'pass'. What is the MOST likely cause?

Question 60mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate admin notices that sessions to a particular server are not being logged in FortiAnalyzer. The firewall policy has logging enabled. What is the MOST likely reason?

Question 61mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

During a failover test in an HA cluster, the primary FortiGate fails over to the secondary. After failover, some existing TCP sessions are dropped. What is the MOST likely reason?

Question 62mediummultiple choice
Open the full BGP breakdown →

A BGP route from an ISP is not appearing in the FortiGate's routing table. The BGP session is established and 'show ip bgp' shows the route as valid but not best. Which command should the admin use to investigate why the route is not selected as best?

Question 63mediummulti select
Read the full VPN explanation →

An admin is troubleshooting an IPsec VPN tunnel that is failing phase 2. The IKE debug shows 'no matching proposal'. Which TWO settings should the admin verify on both sides? (Choose two.)

Question 64hardmulti select
Read the full Troubleshooting and Diagnostics explanation →

An admin needs to verify that a new firewall policy is performing SSL inspection. Which THREE CLI commands or steps should the admin use to confirm? (Choose three.)

Question 65easymulti select
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate is experiencing high CPU usage due to a large number of sessions. Which TWO actions can the admin take to mitigate the issue? (Choose two.)

Question 66mediummultiple choice
Read the full NAT/PAT explanation →

An administrator runs 'diagnose debug application ssl-helper -1' and sees that sessions to certain HTTPS sites are being terminated by the FortiGate. What is the MOST likely cause?

Question 67hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator configures an HA cluster with two FortiGates using an FGCP active-passive configuration. After a failover, the new primary FortiGate shows all sessions are lost. The administrator has 'sync session' enabled in the HA configuration. What is the MOST likely reason sessions were not synchronized?

Question 68mediummultiple choice
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The administrator runs 'diagnose vpn ike log' and sees the message 'no matching proposal found'. What is the MOST likely cause?

Question 69easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator wants to quickly identify which process is consuming the most CPU on the device. Which CLI command should be used?

Question 70mediummultiple choice
Study the full SD-WAN breakdown →

An administrator notices that SD-WAN rule-based traffic is not failing over as expected when the primary link goes down. The SLA targets are configured correctly, and the interface health check is showing 'dead' for the primary link. What is the MOST likely reason for the failover not occurring?

Question 71mediummultiple choice
Open the full BGP breakdown →

A FortiGate is configured with multiple BGP peers. One of the peers is not receiving the expected routes. The administrator runs 'get router info bgp neighbors <IP>' and sees that the 'State/PfxRcd' field is 'Active'. What does this indicate?

Question 72hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator is investigating a security incident and needs to view raw logs from a FortiAnalyzer for a specific time range. The administrator wants to ensure the logs are not aggregated or summarized. Which type of log view should be used?

Question 73easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator wants to monitor the session count on a FortiGate in real time. Which CLI command provides this information?

Question 74mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator observes that traffic from an internal user to the internet is being blocked. The firewall policy allows the traffic, and the user can ping external hosts. The administrator runs 'diagnose debug flow' for the user's IP and sees 'session denied by forward policy check'. What is the MOST likely cause?

Question 75hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate in an HA cluster shows the message 'split-brain detected' in the event log. The administrator checks the HA status and sees both units are in 'standalone' mode. What is the MOST likely cause of this split-brain scenario?

Question 76easymultiple choice
Study the full SD-WAN breakdown →

An administrator needs to check the health of an SD-WAN link by viewing the last SLA probe results. Which command should be used?

Question 77mediummultiple choice
Read the full VPN explanation →

A FortiGate administrator is troubleshooting a VPN tunnel that connects to a remote site. The tunnel is up, but traffic is not passing. The administrator checks the Phase 2 settings and sees that the local and remote subnets are correctly defined. What is the next step to diagnose the issue?

Question 78mediummulti select
Open the full BGP breakdown →

An administrator is troubleshooting a BGP session that is not establishing between two FortiGates. The administrator has verified that the neighbor IP is reachable. Which TWO commands should be used to further diagnose the issue? (Choose two.)

Question 79hardmulti select
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator is investigating a slow network performance issue. The administrator suspects that session table limits are being reached. Which TWO metrics should be monitored to confirm this? (Choose two.)

Question 80mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

An administrator is configuring a FortiGate to inspect SMTP traffic for spam and viruses. The traffic must be decrypted to inspect the content. Which THREE elements are required for this configuration? (Choose three.)

Question 81mediummultiple choice
Open the full BGP breakdown →

A FortiGate administrator notices that after upgrading the firmware, some BGP sessions to a service provider are flapping. The administrator runs 'diagnose ip router bgp all' and sees that the BGP neighbor state is Active. What is the MOST likely cause of this issue?

Question 82mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A network admin runs 'diagnose sys top' on a FortiGate and sees that the process 'httpsd' is consistently using 95% CPU. Which of the following actions is MOST appropriate to troubleshoot this issue?

Question 83hardmultiple choice
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The Phase 1 status shows 'init' and the debug output indicates 'no suitable proposal found'. The remote peer is a third-party VPN device. Which of the following is the MOST likely cause?

Question 84easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator wants to verify whether a specific session is being offloaded to the NP6 processor. Which CLI command should the administrator use?

Question 85mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

During a failover test in an active-passive HA cluster, the administrator notices that the secondary unit does not take over the primary role after a link failure on the primary. The 'get system ha status' shows both units in 'standalone' mode. What is the MOST likely cause?

Question 86hardmultiple choice
Study the full SD-WAN breakdown →

An administrator configures SD-WAN with multiple members. The SD-WAN rule uses the 'latency' strategy. The administrator notices that traffic is not switching to the best-performing member even when latency exceeds the threshold. What could be the issue?

Question 87mediummultiple choice
Read the full VPN explanation →

A FortiGate administrator is troubleshooting a VPN tunnel that is up but no traffic passes through. The Phase 2 selectors match. The administrator runs 'diagnose vpn tunnel list' and sees that the tunnel has '0 bytes' in both directions. What is the MOST likely cause?

Question 88easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

Which FortiGate command is used to view the current CPU usage of individual processes in real time?

Question 89mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator runs 'diagnose debug application ipsmonitor -1' and sees repeated messages: 'IPS engine restarting'. What is the MOST likely cause of this behavior?

Question 90hardmultiple choice
Review the full routing breakdown →

Two FortiGate units in an HA cluster are experiencing synchronization issues. The administrator runs 'diagnose sys ha checksum cluster' and sees different checksum values for the 'system' and 'router' objects. What is the FIRST step to resolve the mismatch?

Question 91easymultiple choice
Open the full BGP breakdown →

Which of the following is a valid command to check the status of all BGP neighbors on a FortiGate?

Question 92mediummultiple choice
Review the full subnetting walkthrough →

An administrator observes that traffic from a specific subnet is being dropped by the FortiGate. The session table shows the sessions with 'proto_state=01' and 'expire=0'. What does this indicate?

Question 93hardmulti select
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN Phase 2 negotiation failure. The debug shows 'no matching phase 2 proposal' from the remote peer. Which TWO of the following are likely causes? (Choose two.)

Question 94mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator is investigating a security incident and needs to identify which user initiated a specific outbound connection to a malicious IP address. The company uses FSSO for authentication. Which THREE pieces of information from FortiAnalyzer logs would be MOST useful? (Choose three.)

Question 95mediummulti select
Study the full SD-WAN breakdown →

An administrator notices that an application-based SD-WAN rule is not steering traffic as expected. The SLA targets are configured correctly. Which TWO debug commands should the administrator use to diagnose the issue? (Choose two.)

Question 96easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator is troubleshooting an HA cluster where both units show as primary after a link failure. What is the most likely cause of this split-brain scenario?

Question 97mediummultiple choice
Read the full VPN explanation →

A FortiGate administrator runs 'diagnose debug application sslvpn -1' and sees repeated messages: 'SSL VPN tunnel error: no response from client'. What is the most likely cause?

Question 98hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

You execute 'diagnose sys session filter dport 443' and see output: 'proto=6 proto_state=01 duration=3600 expire=3599'. What does 'proto_state=01' indicate about this session?

Question 99mediummultiple choice
Study the full SD-WAN breakdown →

An administrator is configuring SD-WAN with multiple members. When a rule matches, traffic is not being load-balanced as expected. Which command should the admin use to verify the SD-WAN rule selection for a specific flow?

Question 100easymultiple choice
Open the full BGP breakdown →

A BGP peering between two FortiGates is not establishing. The admin runs 'get router info bgp summary' and sees the neighbor state as 'Idle'. What is the most common cause of a BGP session stuck in Idle?

Question 101mediummultiple choice
Read the full VPN explanation →

When troubleshooting an IPsec VPN phase 1 negotiation failure, which debug command should the administrator run to see detailed IKE negotiation messages?

Question 102hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator is investigating a security incident and needs to determine which firewall policy allowed a specific malicious traffic flow. The traffic is no longer active. Which FortiAnalyzer log type should the admin query?

Question 103mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator notices high CPU usage on a FortiGate. To identify which process is consuming the most CPU, which command should be used?

Question 104easymultiple choice
Open the full BGP breakdown →

An administrator needs to verify if a FortiGate is receiving BGP routes from a peer. Which command should the admin run to see the BGP routing table?

Question 105mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

When troubleshooting a FortiGate that is not synchronizing configuration to its HA peer, which command should be used to check the HA synchronization status?

Question 106hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator configures an ALG for SIP traffic but notices that some SIP calls are failing. The admin suspects the ALG is modifying SIP headers incorrectly. Which debug command can help verify the ALG's actions on SIP packets?

Question 107easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator wants to see the current number of active sessions on a FortiGate. Which command should the admin use?

Question 108mediummulti select
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN where phase 1 is up but phase 2 fails. Which two debug commands would be MOST helpful in diagnosing the phase 2 issue? (Choose TWO.)

Question 109hardmulti select
Open the full BGP breakdown →

During a BGP troubleshooting session, an administrator sees that the BGP neighbor state is 'Active'. Which three conditions could cause this state? (Choose THREE.)

Question 110mediummulti select
Study the full SD-WAN breakdown →

An administrator is configuring SD-WAN and wants to ensure that voice traffic uses the lowest latency link. Which two configurations are required to achieve this? (Choose TWO.)

Question 111mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate admin notices that HTTPS traffic to a web server is not being scanned by the antivirus profile applied to the firewall policy. The admin confirms the policy is correct and antivirus is enabled. What is the MOST likely reason the traffic is not being scanned?

Question 112mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator runs 'diagnose sys session filter dport 443' and sees output indicating sessions with state 'proto=6 proto_state=01 duration=3600 expire=3598'. What does this output indicate about the session?

Question 113easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An HA cluster of two FortiGates is experiencing split-brain. Which command should the administrator use to check the current HA status and identify which unit is the primary?

Question 114hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator is testing failover in an HA cluster. They unplug the primary FortiGate's port1 (the heartbeat interface) but the secondary does not take over. The heartbeat is configured on port1. What is the MOST likely cause?

Question 115mediummultiple choice
Study the full SD-WAN breakdown →

An SD-WAN rule is configured to steer traffic based on SLA metrics. The administrator notices that traffic is not using the expected member interface even though the SLA is meeting thresholds. What should the administrator check FIRST?

Question 116mediummultiple choice
Read the full VPN explanation →

A site-to-site IPsec VPN tunnel is failing. The administrator runs 'diagnose vpn ike config' and sees that phase 1 parameters are correct. However, phase 2 negotiation fails with 'no proposal chosen'. What is the MOST likely cause?

Question 117hardmultiple choice
Open the full BGP breakdown →

A BGP peering between two FortiGates is not establishing. The administrator runs 'get router info bgp neighbor' and sees that the neighbor state is 'Idle' and the BGP configuration appears correct. What should the administrator check next?

Question 118easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate administrator wants to check if the device is experiencing high CPU usage due to a specific process. Which command should they use to display real-time process CPU usage?

Question 119hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator configures a session helper for FTP on FortiGate. After enabling the helper, FTP clients can establish control connections but data transfers fail. What is the most likely cause?

Question 120mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator is troubleshooting a split-brain situation in an HA cluster. They run 'get system ha status' and see that both FortiGates report themselves as primary. Which command should they run to force the secondary unit to take over as primary?

Question 121mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate is configured to send logs to FortiAnalyzer. The administrator notices that logs are not appearing on FortiAnalyzer. Running 'diagnose log device show' shows 'connected=no'. What is the most likely cause?

Question 122easymultiple choice
Open the full BGP breakdown →

An administrator wants to verify that a BGP route is being advertised to a neighbor. Which command displays the routes that FortiGate is advertising to a specific BGP neighbor?

Question 123mediummulti select
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN tunnel that establishes phase 1 but fails phase 2. Which TWO commands are MOST useful to diagnose the phase 2 failure? (Choose two.)

Question 124hardmulti select
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate HA cluster is experiencing persistent split-brain even after both units are rebooted. Which THREE actions should the administrator take to resolve this issue? (Choose three.)

Question 125mediummulti select
Study the full SD-WAN breakdown →

An administrator is configuring SD-WAN and wants to ensure that traffic matching a specific SLA rule uses the best-performing member. Which TWO commands can be used to verify the SLA performance and route selection? (Choose two.)

Question 126mediummultiple choice
Read the full VPN explanation →

A network administrator is troubleshooting an IPsec VPN tunnel that fails to establish. The remote gateway logs show a proposal mismatch. On FortiGate, the administrator runs 'diagnose vpn ike config' and sees 'proposal: aes128-sha1, aes256-sha256'. The remote side expects 'aes256-sha1'. What is the most likely cause?

Question 127easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator observes that after a failover in an HA cluster, some established sessions are dropped. The cluster is configured with session pickup enabled. What is the most likely reason for the dropped sessions?

Question 128hardmultiple choice
Read the full VPN explanation →

An administrator runs 'diagnose debug application sslvpn -1' and sees repeated 'SSL_ERROR_SSL: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate'. The SSL-VPN is configured to require client certificates. What is the cause?

Question 129mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with SD-WAN and multiple members. The administrator notices that traffic to a critical application is consistently routed over a low-quality link, even though a better link is available. The SD-WAN rule uses the 'Best Quality' strategy with a performance SLA. What is the most likely reason?

Question 130easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator runs 'diagnose sys top' and sees process 'httpsd' consuming 95% CPU. What is the best immediate action to alleviate the issue?

Question 131mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

Two FortiGates in an HA cluster are experiencing a split-brain scenario where both units become primary. The administrator checks the HA configuration and sees that the heartbeat interfaces are configured correctly but the link status is 'down' on both units. What could cause this?

Question 132hardmultiple choice
Open the full BGP breakdown →

An administrator is troubleshooting BGP and runs 'get router info bgp neighbors 10.0.0.1' and sees 'BGP state = Active'. The neighbor IP is reachable via ping. What is the most likely cause?

Question 133easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator needs to monitor FortiGate session count and CPU usage over time using FortiAnalyzer. Which log type should be configured for this?

Question 134mediummultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator configured a firewall policy to inspect SMTP traffic using an antivirus profile. However, email attachments are not being scanned. The FortiGate is operating in proxy-based inspection mode. What is the most likely cause?

Question 135mediummultiple choice
Open the full BGP breakdown →

A FortiGate is receiving BGP routes from a neighbor but not advertising them to other peers. The administrator runs 'get router info bgp network' and sees the routes are in the BGP table but not advertised. What is the most likely cause?

Question 136hardmultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator runs 'diagnose debug application fnbam -1' and sees messages like 'LB_SELECT: selected server 10.0.0.2:80' but the client connection fails. The FortiGate is configured with server load balancing. What could be the issue?

Question 137easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

An administrator wants to view the current number of active sessions on a FortiGate. Which CLI command should be used?

Question 138hardmulti select
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN tunnel that fails to establish. Phase 1 seems to complete, but Phase 2 fails with 'no proposal chosen'. The administrator checks the Phase 2 configuration and sees the following settings: 'Local address: 10.0.0.0/24, Remote address: 192.168.0.0/24, Proposal: aes256-sha1, Enable Perfect Forward Secrecy (PFS): Disabled'. Which TWO changes would most likely resolve the issue? (Choose two.)

Question 139mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate is experiencing high memory usage due to a large number of UDP sessions. The administrator wants to reduce memory consumption without dropping legitimate traffic. Which THREE actions could help? (Choose three.)

Question 140mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

An administrator is investigating a security incident using FortiAnalyzer logs. The admin needs to identify all connections from a specific internal IP (10.0.0.100) to external servers on TCP port 443 during the last hour. Which TWO log fields should be used to filter the logs? (Choose two.)

Question 141easymultiple choice
Read the full Troubleshooting and Diagnostics explanation →

A network administrator runs 'get system ha status' on a FortiGate HA cluster and sees that only one unit shows as primary. The secondary unit shows as 'standalone' with no HA peer detected. What is the MOST likely cause of this issue?

Question 142hardmultiple choice
Study the full SD-WAN breakdown →

An administrator is troubleshooting an SD-WAN scenario where traffic from a branch office to a critical SaaS application is experiencing high latency. The SD-WAN rule uses the best quality SLA strategy. The administrator runs 'diagnose sys sdwan neighbor' and sees that both WAN links have SLA compliance above 90%. However, traffic still uses the slower link. The administrator then runs 'diagnose sys sdwan health-check list' and notices that the health-check server IP is different from the SaaS application's server IP. What is the MOST likely reason the traffic is not using the best-performing link?

Question 143mediummulti select
Open the full BGP breakdown →

A FortiGate administrator is troubleshooting a BGP session that fails to establish with a neighbor at 10.0.1.1. Running 'diagnose ip router bgp all' shows the neighbor state as 'Idle'. Which TWO commands should the administrator run NEXT to diagnose the issue?

Question 144hardmulti select
Read the full VPN explanation →

An administrator is troubleshooting a VPN tunnel between two FortiGates. The phase 1 fails to come up. The administrator runs 'diagnose vpn ike log' and sees the error 'no proposal chosen'. Which THREE configuration mismatches could cause this error?

Question 145mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

A network admin is investigating a high CPU usage issue on a FortiGate firewall. The admin runs 'diagnose sys top' and sees that the 'ipsengine' process is consuming 70% CPU. Which THREE actions should the admin take to reduce CPU load?

Question 146easymulti select
Read the full Troubleshooting and Diagnostics explanation →

An administrator is investigating a security incident using FortiAnalyzer logs. The admin wants to identify all traffic that matched a specific firewall policy. Which TWO log fields should the admin use to filter the logs?

Question 147mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

A FortiGate in an HA cluster is experiencing intermittent session synchronization failures. The administrator runs 'diagnose sys ha dump sync-status' and sees that sessions are not being synchronized properly. Which TWO potential causes should the administrator investigate?

Question 148mediummulti select
Read the full Troubleshooting and Diagnostics explanation →

An administrator is troubleshooting a scenario where VoIP traffic is not being properly handled by the FortiGate. The SIP ALG is enabled. Which THREE commands should the administrator run to diagnose the SIP traffic flow?

Question 149hardmulti select
Read the full Troubleshooting and Diagnostics explanation →

An administrator notices that after upgrading FortiOS, some traffic that was previously inspected by the antivirus profile is now bypassing scanning. The administrator suspects the session helper configuration may be interfering. Which TWO session helper protocols are known to potentially affect traffic inspection if improperly configured?

Question 150mediummulti select
Read the full VPN explanation →

An administrator is troubleshooting an IPsec VPN tunnel that establishes phase 1 but fails to establish phase 2. The phase 2 configuration shows 'set proposal aes128-sha256' on both sides. Which TWO configuration items should the administrator verify?

Question 151easymulti select
Read the full network assurance explanation →

A FortiGate administrator wants to monitor performance thresholds to be alerted when the firewall is under heavy load. Which THREE metrics can be monitored using the built-in performance monitoring features (e.g., 'diagnose sys top' or SNMP)?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

NSE7 Practice Test 1 — 10 Questions→NSE7 Practice Test 2 — 10 Questions→NSE7 Practice Test 3 — 10 Questions→NSE7 Practice Test 4 — 10 Questions→NSE7 Practice Test 5 — 10 Questions→NSE7 Practice Exam 1 — 20 Questions→NSE7 Practice Exam 2 — 20 Questions→NSE7 Practice Exam 3 — 20 Questions→NSE7 Practice Exam 4 — 20 Questions→Free NSE7 Practice Test 1 — 30 Questions→Free NSE7 Practice Test 2 — 30 Questions→Free NSE7 Practice Test 3 — 30 Questions→NSE7 Practice Questions 1 — 50 Questions→NSE7 Practice Questions 2 — 50 Questions→NSE7 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Advanced Networking and SD-WANAdvanced VPN and Zero TrustEnterprise Firewall and VDOMsAdvanced Threat ProtectionTroubleshooting and Diagnostics

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Troubleshooting and Diagnostics setsAll Troubleshooting and Diagnostics questionsNSE7 Practice Hub