Back to Fortinet NSE 7 Advanced Security NSE7 questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise Fortinet NSE 7 Advanced Security NSE7 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
NSE7
exam code
Fortinet
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related NSE7 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummulti select
Read the full VPN explanation →

An administrator is troubleshooting a VPN tunnel that is not coming up. The remote peer is a third-party device. Which THREE actions should be taken to diagnose the issue?

Question 2hardmulti select
Read the full VPN explanation →

Which TWO configurations are required to enable SSL VPN authentication using a RADIUS server on a FortiGate?

Question 3mediummulti select
Full question →

An HA cluster is configured with two FortiGates in active-passive mode. The administrator wants to ensure that the secondary unit automatically takes over if the primary unit fails. Which TWO settings must be configured?

Question 4hardmulti select
Open the full BGP breakdown →

Which TWO statements are true regarding BGP path selection in a FortiGate SD-WAN environment?

Question 5mediummulti select
Full question →

Which TWO actions are appropriate when troubleshooting a slow network connection through a FortiGate?

Question 6mediummulti select
Full question →

Which TWO statements about the Security Fabric and FortiManager are correct? (Choose two.)

Question 7mediummulti select
Full question →

Which TWO statements about Security Fabric deployment are correct? (Choose two.)

Question 8mediummulti select
Full question →

An administrator is troubleshooting an HA cluster issue. The cluster consists of two FortiGate units in active-passive mode. The passive unit is showing a 'heartbeat lost' error in the logs. Which TWO configuration checks should the administrator perform to resolve this issue?

Question 9hardmulti select
Full question →

A FortiGate with multiple VDOMs is experiencing high CPU usage. The administrator suspects that one VDOM is consuming excessive resources. Which THREE methods can be used to limit resource usage per VDOM?

Question 10mediummulti select
Full question →

Which TWO of the following are required components for a Fortinet ZTNA solution? (Select two.)

Question 11hardmulti select
Full question →

Which THREE of the following are valid methods to deliver ZTNA tags to FortiClient? (Select three.)

Question 12easymulti select
Full question →

A FortiGate administrator is planning to use policy packages in FortiManager to manage firewall policies for multiple devices. Which TWO statements about policy packages are true?

Question 13easymulti select
Full question →

A FortiGate administrator wants to use FortiAnalyzer to view traffic logs from multiple VDOMs. Which TWO steps must the administrator perform on FortiAnalyzer?

Question 14hardmulti select
Full question →

A company has a FortiGate with multiple VDOMs. The security team wants to use FortiManager to manage policies centrally. Which three steps are necessary to set up VDOM management via FortiManager? (Choose three.)

Question 15mediummulti select
Full question →

A FortiGate administrator is planning a multi-VDOM deployment for a service provider. Which TWO statements are true about VDOM limitations and best practices?

Question 16hardmulti select
Full question →

A FortiManager administrator wants to use automation stitches to respond to a specific security event on managed FortiGates. Which THREE components are required to build an automation stitch? (Select THREE.)

Question 17mediummulti select
Full question →

A FortiGate administrator is setting up automation stitches in FortiManager to remediate threats. The stitch should run a CLI script on a managed FortiGate when a specific event is logged. Which THREE components must be configured in the automation stitch?

Question 18hardmulti select
Full question →

A FortiGate administrator wants to generate customized reports in FortiAnalyzer for different departments. The administrator needs to ensure that each department can only see its own logs. Which TWO configurations are necessary?

Question 19mediummulti select
Full question →

An enterprise FortiGate has multiple VDOMs. The security policy requires that all traffic between VDOMs must be inspected by a next-generation firewall profile. Which three steps are necessary to achieve this? (Choose three.)

Question 20hardmulti select
Full question →

A FortiGate administrator uses FortiManager automation stitches to respond to a security incident. Which THREE components must be defined in an automation stitch? (Choose THREE.)

These NSE7 practice questions are part of Courseiva's free Fortinet certification practice question bank. Courseiva provides original exam-style NSE7 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.