NSE4_FGT-7.0 Practice Questions
189 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 1 of 4.
- Question #1
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
- Question #2
An administrator has configured the following settings: What are the two results of this configuration? (Choose two.)
- Question #3
Refer to the exhibit. Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
- Question #4
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
- Question #5
View the exhibit. Which the FortiGate handle web proxy traffic true? (Choose two.)
- Question #6
Which two inspection modes can you use to configure a firewall policy on a profile-based next- generation firewall (NGFW)? (Choose two.)
- Question #7
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
- Question #8
If the Servicesfield is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
- Question #9
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
- Question #10
(Addicting Games). Based on this configuration, which statement is true?
- Question #11
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
- Question #12
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)
- Question #13
Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outc...
- Question #14
Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on th...
- Question #15
An administrator is configuring an Ipsec between site A and site B. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick...
- Question #16
Which of the following statements about central NAT are true? (Choose two.)
- Question #17
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
- Question #18
How do you format the FortiGate flash disk?
- Question #19
Refer to the exhibit. The exhibits show a network diagram and the explicit web proxy configuration. In the commanddiagnose sniffer packet, what filter can you use to capture the tr...
- Question #20
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
- Question #21
Examine this PAC file configuration. Which of the following statements are true? (Choose two.)
- Question #22
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
- Question #23
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
- Question #24
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
- Question #25
Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor...
- Question #26
Refer to the exhibit. The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. T...
- Question #27
Which two statements ate true about the Security Fabric rating? (Choose two.)
- Question #28
Examine the network diagram shown in the exhibit, then answer the following question: Which one of the following routes is the best candidate route for FGT1 to route traffic from t...
- Question #29
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
- Question #30
Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)
- Question #31
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
- Question #32
Refer to the exhibit. The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the Fort...
- Question #33
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
- Question #34
Refer to the exhibit. Which contains a PerformanceSLA configuration. An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is Fo...
- Question #35
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. - All traffic must be routed through the primary...
- Question #36
Which statement regarding the firewall policy authentication timeout is true?
- Question #37
Examine this FortiGate configuration: Examine the output of the following debug command: Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new se...
- Question #38
View the exhibit. Which of the following statements are correct? (Choose two.)
- Question #39
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
- Question #40
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
- Question #41
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
- Question #42
Refer to the exhibit. Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
- Question #43
Refer to the exhibit. The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check. Which interface wil...
- Question #44
Refer to the exhibits. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?
- Question #45
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
- Question #46
Which two statements about antivirus scanning mode are true? (Choose two.)
- Question #47
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
- Question #48
Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)
- Question #49
An administrator is running the following sniffer command: diagnose sniffer packet any "host 192.168.2.12" 5 Which three pieces of information will be included in the sniffer outpu...
- Question #50
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)