Pre-Summer Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia
  1. Home
  2. Fortinet
  3. NSE4
  4. NSE4_FGT-7.0
  5. Fortinet NSE 4 - FortiOS 7.0 Questions and Answers

NSE4_FGT-7.0 Sample Questions Answers

Questions 4

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

* All traffic must be routed through the primary tunnel when both tunnels are up

* The secondary tunnel must be used only if the primary tunnel goes down

* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

Options:

A.

Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

B.

Enable Dead Peer Detection.

C.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

D.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Buy Now
Questions 5

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

Options:

A.

The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

B.

The client FortiGate requires a manually added route to remote subnets.

C.

The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

D.

Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

Buy Now
Questions 6

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

Options:

A.

The interface has been configured for one-arm sniffer.

B.

The interface is a member of a virtual wire pair.

C.

The operation mode is transparent.

D.

The interface is a member of a zone.

E.

Captive portal is enabled in the interface.

Buy Now
Questions 7

Which of statement is true about SSL VPN web mode?

Options:

A.

The tunnel is up while the client is connected.

B.

It supports a limited number of protocols.

C.

The external network application sends data through the VPN.

D.

It assigns a virtual IP address to the client.

Buy Now
Questions 8

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?

Options:

A.

192.168.3.0/24

B.

192.168.2.0/24

C.

192.168.1.0/24

D.

192.168.0.0/8

Buy Now
Questions 9

Examine this output from a debug flow:

Why did the FortiGate drop the packet?

Options:

A.

The next-hop IP address is unreachable.

B.

It failed the RPF check.

C.

It matched an explicitly configured firewall policy with the action DENY.

D.

It matched the default implicit firewall policy.

Buy Now
Questions 10

Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

Options:

A.

Traffic between port2 and port2-vlan1 is allowed by default.

B.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain.

C.

port1 is a native VLAN.

D.

port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

Buy Now
Questions 11

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

Options:

A.

The keyUsage extension must be set to keyCertSign.

B.

The common name on the subject field must use a wildcard name.

C.

The issuer must be a public CA.

D.

The CA extension must be set to TRUE.

Buy Now
Questions 12

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

Options:

A.

NGFW policy-based mode does not require the use of central source NAT policy

B.

NGFW policy-based mode can only be applied globally and not on individual VDOMs

C.

NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

D.

NGFW policy-based mode policies support only flow inspection

Buy Now
Questions 13

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Options:

A.

SSH

B.

HTTPS

C.

FTM

D.

FortiTelemetry

Buy Now
Questions 14

An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Options:

A.

The strict RPF check is run on the first sent and reply packet of any new session.

B.

Strict RPF checks the best route back to the source using the incoming interface.

C.

Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.

D.

Strict RPF allows packets back to sources with all active routes.

Buy Now
Questions 15

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

Options:

A.

A CRL

B.

A person

C.

A subordinate CA

D.

A root CA

Buy Now
Questions 16

Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.

How does FortiGate process the traffic sent to http://www.fortinet.com?

Options:

A.

Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.

B.

Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.

C.

Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.

D.

Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

Buy Now
Questions 17

View the exhibit:

Which the FortiGate handle web proxy traffic rue? (Choose two.)

Options:

A.

Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

B.

port-VLAN1 is the native VLAN for the port1 physical interface.

C.

C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.

D.

Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

Buy Now
Questions 18

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Options:

A.

Traffic to botnetservers

B.

Traffic to inappropriate web sites

C.

Server information disclosure attacks

D.

Credit card data leaks

E.

SQL injection attacks

Buy Now
Questions 19

Exhibit:

Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

Options:

A.

IP-based authentication is enabled

B.

Route-based authentication is enabled

C.

Session-based authentication is enabled.

D.

Policy-based authentication is enabled

Buy Now
Questions 20

Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

Options:

A.

By default, FortiGate uses WINS servers to resolve names.

B.

By default, the SSL VPN portal requires the installation of a client’s certificate.

C.

By default, split tunneling is enabled.

D.

By default, the admin GUI and SSL VPN portal use the same HTTPS port.

Buy Now
Questions 21

Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

Options:

A.

A local FortiManager is one of the servers FortiGate communicates with.

B.

One server was contacted to retrieve the contract information.

C.

There is at least one server that lost packets consecutively.

D.

FortiGate is using default FortiGuard communication settings.

Buy Now
Questions 22

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

Options:

A.

FortiCache

B.

FortiSIEM

C.

FortiAnalyzer

D.

FortiSandbox

E.

FortiCloud

Buy Now
Questions 23

Which two statements are true about the FGCP protocol? (Choose two.)

Options:

A.

Not used when FortiGate is in Transparent mode

B.

Elects the primary FortiGate device

C.

Runs only over the heartbeat links

D.

Is used to discover FortiGate devices in different HA groups

Buy Now
Questions 24

Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

Options:

A.

The IPS engine was inspecting high volume of traffic.

B.

The IPS engine was unable to prevent an intrusion attack.

C.

The IPS engine was blocking all traffic.

D.

The IPS engine will continue to run in a normal state.

Buy Now
Questions 25

Which two statements about antivirus scanning mode are true? (Choose two.)

Options:

A.

In proxy-based inspection mode, files bigger than the buffer size are scanned.

B.

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

C.

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.

D.

In flow-based inspection mode, files bigger than the buffer size are scanned.

Buy Now
Status:
Expired , and Replaced By
Exam Code: NSE4_FGT-7.0
Exam Name: Fortinet NSE 4 - FortiOS 7.0
Last Update: Apr 25, 2023
Questions: 173
$64.4  $183.99
$49.35  $140.99
$44.8  $127.99
buy now NSE4_FGT-7.0