View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials-Question 2 Discussion

You must update a firewall policy to block multiple websites within the subnet 172.165.58.0/24. What must you do to block these addresses efficiently? (Choose one answer)

  • A. Create a URL filter and apply the web filter profile to the firewall policy.
  • B. Create an IP address external connector and apply it to the destination field of the firewall policy.
  • C. Create an application sensor and apply the application control profile to the firewall policy.
  • D. Create an Internet Service Database (ISDB) group and apply it to the destination field of the firewall policy.
Correct Answer: B

Brave-Dump Clients Votes

B 57.14%
A 28.57%
D 14.29%

Comments



Brave-Dumps.com Admin 2025-09-16 16:51:10

Selected Answers: B


EFW 7.6 study guide page 258

Mike 2025-12-04 14:48:51

Selected Answers: A


EFW 7.6 study guide page 171/172
B is wrong because you would need a webserver hosting a textfile including all the websites you want to block.
Way too much work to just block a few websites

Podb 2025-12-15 17:01:14

Selected Answers: D


B - url base on domain or URL -- wrong answer
A - extermal conenctor for dynamic ex. IP -- wrong answer

D correct

Adam 2026-01-18 05:03:40

Selected Answers: B


If the question means blocking these websites within that public IP subnet based on requested Host/SNI/CN, then it should be A

If the question means blocking these websites within that public IP subnet based on destination public IP address in the packet regardless of Host/SNI/CN, then it should be B (even if it's not needed, and it can be done by simple address group object locally on FortiGate)

C is wrong as application control can't help with filtering domain or IP

D is wrong because we can't create ISDB group locally as ISDBs are created and maintained by FortiGuard

Jair Perez 2026-03-15 19:10:13

Selected Answers: B


The question asks for do it efficiently.
We don't know hoy many URL's exists on that subnet.
It's better and more scalable to create an external connector with an IP address threate feed.

zineeddine 2026-03-16 00:33:29

Selected Answers: B


B is correct

Anonymous User 2026-04-19 17:57:18

Selected Answers: A


I feel the answer is A as because we need to clock multiple websites with a subnet. Page 258 External Connector for External Feed. In this it will synch all the website and we will not have any controll.