NSE4_FGT-7.0 Exam Questions
188 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 1 of 4.
- Question #1Security Profiles
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
digital certificatescertificate validationSubject Key Identifier - Question #2Firewall Policies
An administrator has configured the following settings: What are the two results of this configuration? (Choose two.)
firewall loggingsession handlingFortiGate configuration - Question #3System Configuration
Refer to the exhibit. Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
Fortinet Security Fabrictopology viewsecurity recommendations - Question #4VPN
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
ADVPNIPsec VPNdynamic routingIKEv2 - Question #5Network Configuration
View the exhibit. Which the FortiGate handle web proxy traffic true? (Choose two.)
VLANsVDOMstraffic forwardingnetwork segmentation - Question #6Security Profiles
Which two inspection modes can you use to configure a firewall policy on a profile-based next- generation firewall (NGFW)? (Choose two.)
inspection modesNGFWproxy-basedflow-based - Question #7Firewall Policies
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
NGFW policyURL filteringapplication controlpolicy limitations - Question #8Network Configuration
If the Servicesfield is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
Virtual IP (VIP)Central NATServices field - Question #9VPN
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
SSL VPNweb modesource IPtraffic flow - Question #10Security Profiles
(Addicting Games). Based on this configuration, which statement is true?
application controlfilter overridespolicy enforcement - Question #11Firewall Policies
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
firewall policyinterface anypolicy view - Question #12System Configuration
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)
FSSOagentless pollingActive DirectoryLDAPSMB - Question #13Troubleshooting and Monitoring
Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outc...
IPSdiagnosticsCPU usagetroubleshooting - Question #14Troubleshooting and Monitoring
Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on th...
system performancememory usageconserve modeFortiGate behavior - Question #15VPN
An administrator is configuring an Ipsec between site A and site B. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick...
IPsec VPNquick mode selectorVPN configurationnetwork addressing - Question #16Network Configuration
Which of the following statements about central NAT are true? (Choose two.)
Central NATSNATDNATCLI configuration - Question #17Security Profiles
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
digital certificatesroot CAissuersubject - Question #18System Configuration
How do you format the FortiGate flash disk?
FortiGate administrationdisk formattingCLI commands - Question #19Troubleshooting and Monitoring
Refer to the exhibit. The exhibits show a network diagram and the explicit web proxy configuration. In the commanddiagnose sniffer packet, what filter can you use to capture the tr...
packet snifferexplicit web proxytraffic capturenetwork troubleshooting - Question #20VPN
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
IPsec VPNSecurity Association (SA)Phase 1 SAPhase 2 SA - Question #21System Configuration
Examine this PAC file configuration. Which of the following statements are true? (Choose two.)
PAC fileWeb proxyProxy bypass - Question #22Troubleshooting and Monitoring
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
Remote loggingFortiAnalyzerFortiCloudFortiSIEM - Question #23Troubleshooting and Monitoring
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
CLI commandsLayer 2 troubleshootingARP - Question #24VPN
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
IPsecNAT traversalESP encapsulation - Question #25Security Profiles
Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor...
IPS profileSignature settingsTraffic actionLogging - Question #26Network Configuration
Refer to the exhibit. The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. T...
VDOMsNAT modeTransparent modeInter-VDOM links - Question #27System Configuration
Which two statements ate true about the Security Fabric rating? (Choose two.)
Security FabricSecurity ratingFortiGate features - Question #28Routing
Examine the network diagram shown in the exhibit, then answer the following question: Which one of the following routes is the best candidate route for FGT1 to route traffic from t...
Routing tableStatic routesLongest prefix match - Question #29Security Profiles
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
WAFWeb application attacksSQL injectionData leak prevention - Question #30System Configuration
Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)
Security FabricRoot FortiGateCentralized management - Question #31Troubleshooting and Monitoring
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
Log managementCLI log backupGUI log download - Question #32System Configuration
Refer to the exhibit. The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the Fort...
Administrator profilesAccess controlGlobal settings - Question #33High Availability
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
HA clusterFirmware upgradeUninterruptible upgrade - Question #34Troubleshooting and Monitoring
Refer to the exhibit. Which contains a PerformanceSLA configuration. An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is Fo...
Performance SLASD-WANTroubleshootingProbe packets - Question #35VPN
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. - All traffic must be routed through the primary...
Redundant VPNIPsecDPDTunnel failover - Question #36Firewall Policies
Which statement regarding the firewall policy authentication timeout is true?
Firewall policyAuthentication timeoutIdle timeout - Question #37Troubleshooting and Monitoring
Examine this FortiGate configuration: Examine the output of the following debug command: Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new se...
CLI debugTraffic handlingSession inspectionPolicy troubleshooting - Question #38VPN
View the exhibit. Which of the following statements are correct? (Choose two.)
Redundant IPsecVPNStatic routesFailover routing - Question #39VPN
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
SSL VPNTwo-factor authenticationHost checkSecurity best practices - Question #40Routing
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
Route lookupRouting behaviorSession initiation - Question #41System Configuration
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
FortiGate collector agentuser authenticationevent filteringservice accounts - Question #42Firewall Policies
Refer to the exhibit. Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
NAT typessession tableone-to-one NATnetwork address translation - Question #43Network Configuration
Refer to the exhibit. The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check. Which interface wil...
SD-WANPerformance SLAhealth checkinterface selection - Question #44Troubleshooting and Monitoring
Refer to the exhibits. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?
SSL VPNVPN connection issuesclient configurationport mismatch - Question #45High Availability
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
High Availability (HA)virtual IPHA clustercluster members - Question #46Security Profiles
Which two statements about antivirus scanning mode are true? (Choose two.)
Antivirus scanningproxy-based inspectionflow-based inspectionsecurity profiles - Question #47System Configuration
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
VDOMsVirtual Domainssystem settingsoperating mode - Question #48Firewall Policies
Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)
NAToutgoing interface NATmany-to-one NATPAT - Question #49Troubleshooting and Monitoring
An administrator is running the following sniffer command: diagnose sniffer packet any "host 192.168.2.12" 5 Which three pieces of information will be included in the sniffer outpu...
packet snifferdiagnose commandstroubleshooting toolsCLI commands - Question #50Network Configuration
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)
SD-WANload balancinginterface weighttraffic distribution