100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
NSE 7 Enterprise firewall Questions and answers graded A+ $17.99   Add to cart

Exam (elaborations)

NSE 7 Enterprise firewall Questions and answers graded A+

 7 views  0 purchase
  • Course
  • Nse
  • Institution
  • Nse

NSE 7 Enterprise firewall Questions and answers graded A+ APT Advanced Persistent Threat What modern day tech and threats create the need for more protection (protecting the perimeter of a network is no longer enough) Zero day attacks APT Polymorphic malware Insider threats BYOD Clou...

[Show more]

Preview 4 out of 110  pages

  • September 16, 2024
  • 110
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • Nse
  • Nse
avatar-seller
Pogba119
NSE 7 Enterprise firewall Questions and
answers graded A+
APT - answer Advanced Persistent Threat

What modern day tech and threats create the need for more protection (protecting the
perimeter of a network is no longer enough) - answer Zero day attacks
APT
Polymorphic malware
Insider threats
BYOD
Cloud tech

What factors are contributing to a border less network - answer Mobile workforce
Partners accessing your network services
Public and private clouds
Internet of things
BYOD

Enterprise firewall solution (2) - answer Apply end to end security
Segment your network

End to end security with a consolidated operating system FortiOS

Core of the solution is security fabric which allows all devices to communicate in
network

And manage all deployments through fortimanager

Core of enterprise firewall solution - answer Core of the solution is security fabric
which allows all devices to communicate in network

Five firewall roles depending on where fortigate is deployed - answer DEFW
(distributed enterprise firewall)
CFW (Cloud firewall)
NGFW (next generation firewall)
DCFW (data center firewall)
ISFW (Internal segmentation firewall)

NGFWs - answer Next generation firewall

1g-40gb throughput

,Deployed for firewall, app control, IPS, AV, and VPN

Can be deployed at edge or in core

DCFW - answer data center firewall

Protect servers, low latency, inbound security focused

10g-1tb throughput

Firewall, application control, and IPS common

Places in data center and in enterprise DMZ

Deployed at distribution layer

ISFW - answer Internal segmentation firewall

Breach containment for attacks that come from inside

zero trust network

1g-100gbs throughput

Firewall, app control, web filtering, and IPS (sandbox inspection also)

Placed in access layer

These prevent propagation

DEFW - answer Distributed enterprise firewall

Extension of the enterprise network

VPN dependent (connects to Corp HQ using vpn)

1Gbps throughput

Security for smaller location and branch offices

All-in-one security (firewall, app control, vpn, ips, AV)

What five areas does the SF (security fabric) deliver solutions in - answer Zero trust
access
Security driven networking
Dynamic cloud security

,AI-driven security operations
Fabric management center

Describe fortinet send to end solution - answer NAC/Client/AUTH/EDR

AP/Switch/Extender

Fortigate

Fortigate VM/FortiCWP

WEB/mail/CASB/ADC

Analyzer/Sandbox/SIEM/SOAR

Manager/cloud

What devices comprise the core of the security fabric (MANDATORY) and what is
comprised in the recommended and extended portions - answer Two or more
fortigates + fortianalyzer in core


Recommended-
Fortimanager, fortiAP, switch, client, sandbox, and mail

Extended-
Other fortinet products and third party products using the API

What must be configured in the SF first - answer Root fortigate

What is end to end security - answer Security from endpoints to the cloud

Purpose of ISFW - answer To segment the network so that any breach coming from
inside can be contained in one segment of the network without reaching others

Problem with multiple vendor networks - answer No central visibility or central
management

What consolidated OS does the fortinet solution offer - answer FortiOS

Single pane of glass management through which solution - answer Fortimanager

Highest Throughout requirements of all firewall roles - answer DCFW

What kind of firewall role would a fgt deployed in a smaller branch office or remote site -
answer DEFW

, What protocol must be enabled bidirectionally on all fortigates in the security fabric -
answer Fortitelemetry

What port does fortitelemetry use - answer 8013

Fortitelemetry - answer Port 8013

Fortigate uses to communicate with other fortigate devices and distribute information
about the network topology and it also uses to integrate with forticlient

How does the root fortigate use fortitelemetry, where does it share what it learns, and
how does it share it - answer It uses the network topology information collected from
the other fortigates and forwards it to fortianalyzer used the fortianalyzer API

What does the root fortigate use to send topology info about the SF to fortianalzyer -
answer Fortianalyzer API

How does fortianalyzer generate topology vies and IoC - answer It combines info
received from the root fortigate

SF tree structure - answer Branch fortigate devices connect to upstream fortigate
devices

How does fortigate verify the fortianalyzer - answer Verifies serial number against it's
certificate and then the serial is stored in the fortigate config

Command to see upstream AND downstream fortigates if the fortigate is not the SF root
( will show serial number, IP, connecting interface and connection status) - answer
Diagnose sys csf upstream
Diagnose sys csf downstream

What is configuration sync for SF - answer FAZ And fmg config on the root fortigate
will be pushed down to the other fortigates

How to disable configuration sync for SF - answer Config system csf
Set configuration-sync local

Security fabric map - answer All fortigate devices in a SF maintain their own SF map
that include the MAC address and IP address of all connected fortigate devices and
their interface

How to see the security fabric map - answer Diagnose sys csf neighbor list

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Pogba119. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $17.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67474 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$17.99
  • (0)
  Add to cart