NSE4_FGT-7.0 Exam Questions
188 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 2 of 4.
- Question #51Network Configuration
Refer to the exhibit. Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
VLANsnative VLANbroadcast domainVDOMs - Question #52Routing
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
RPF checkstrict RPFreverse path forwardingsecurity features - Question #53VPN
Which statement about the IP authentication header (AH) used by IPsec is true?
IPsecAuthentication Header (AH)data integrityencryption - Question #54System Configuration
To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?
Security FabricFortiGateFortiAnalyzerdevice authorization - Question #55Security Profiles
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protoc...
FortiGuardweb filteringCLI commandsprotocol configuration - Question #56VPN
An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?
IPsec VPNroute-based VPNvirtual IPsec interfaceVPN configuration - Question #57Security Profiles
NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?
NGFW modepolicy-based inspectionsecurity profilesAntivirus - Question #58Firewall Policies
Which statement about the policy ID number of a firewall policy is true?
firewall policypolicy IDCLI configuration - Question #59Troubleshooting and Monitoring
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
interface configurationIP address assignmentvirtual wire pairtransparent mode - Question #60Troubleshooting and Monitoring
Refer to the exhibit showing a debug flow output. Which two statements about the debug flow output are correct? (Choose two.)
debug flowtroubleshootingICMP trafficsession creation - Question #61Firewall Policies
Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
Web proxyAuthentication schemesFirewall policies - Question #62VPN
An administrator Is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A. the local qui...
IPsec VPNQuick mode selectorsVPN configuration - Question #63High Availability
Which two statements are true about the FGCP protocol? (Choose two.)
FGCPHigh AvailabilityHeartbeat links - Question #64Troubleshooting and Monitoring
Refer to the web filter raw logs. Based on the raw logs shown in the exhibit, which statement is correct?
Web filter logsSecurity profilesLog analysis - Question #65System Configuration
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
TCP session managementStateful inspectionSession table - Question #66VPN
Which of statement is true about SSL VPN web mode?
SSL VPNWeb modeVPN features - Question #67System Configuration
Refer to the exhibit. Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?
Administrator profilesCLI commandsRole-based access control - Question #68Firewall Policies
Refer to the exhibit. The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
Firewall policiesProxy policiesTraffic flowTransparent proxy - Question #69Network Configuration
Examine the exhibit, which contains a virtual IP and firewall policy configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP...
NATVirtual IPFirewall policiesSource NAT - Question #70VPN
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phas...
IPsec VPNPhase 2 configurationVPN troubleshooting - Question #71Security Profiles
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy- based inspection mode? (Choose two.)
Web filterFortiGuard categoriesProxy-based inspection - Question #72Security Profiles
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
Antivirus profileFlow-based inspectionSecurity inspection modes - Question #73Troubleshooting and Monitoring
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
Log typesLocal traffic logsFortiGate logging - Question #74Network Configuration
Which two protocol options are available on the CLI but not on the GUI when configuring an SD- WAN Performance SLA? (Choose two.)
SD-WANPerformance SLACLI vs GUI - Question #75Security Profiles
Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook. Users are given access to the Facebook web...
SSL inspectionApplication controlSecurity policiesDeep content inspection - Question #76VPN
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
SSL VPN portalDefault settingsSplit tunneling - Question #77Security Profiles
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
SSL/TLSCertificate authorityCertificate trustPKI - Question #78Network Configuration
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface. Which statements about the VLAN sub interfaces can h...
VLANsSubinterfacesNetwork configuration - Question #79Routing
Examine the two static routes shown in the exhibit, then answer the following question. Which of the following is the expected FortiGate behavior regarding these two routes to the...
Static routingRouting tableAdministrative distance - Question #80System Configuration
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
FSSONetAPI pollingUser authentication - Question #81VPN
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic, in addition, the remote peer does not support a dynamic DNS updat...
IPsec VPNdynamic peerVPN gateway configuration - Question #82Security Profiles
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below. An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to deter...
IPS sensorHTTPS inspectionSSL inspectiontraffic logging - Question #83Troubleshooting and Monitoring
Examine the following web filtering log. Which statement about the log message is true?
web filteringlog analysissecurity policies - Question #84Troubleshooting and Monitoring
Refer to the exhibit. Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
session diagnosisTCP statestroubleshooting - Question #85Security Profiles
Refer to the exhibit. According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?
digital certificatescertificate fieldsSSL - Question #86Firewall Policies
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolid...
firewall policiesIPv4IPv6policy configuration - Question #87System Configuration
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
authenticationtimeout settingsuser management - Question #88Troubleshooting and Monitoring
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
CLI commandssession debuggingproxy sessions - Question #89Security Profiles
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
CA certificateSSL inspectionkeyUsage extension - Question #90Troubleshooting and Monitoring
Refer to the exhibit. Which contains a network diagram and routing table output. The Student is unable to access Webserver. What is the cause of the problem and what is the solutio...
routing tableRPF checknetwork troubleshootingstatic routes - Question #91Security Profiles
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below. When detecting attacks, which anomaly, signature, or filter will FortiGate...
IPS sensorDoS policysecurity policy orderattack detection - Question #92Troubleshooting and Monitoring
Examine this output from a debug flow: Why did the FortiGate drop the packet?
debug flowpacket dropfirewall policytroubleshooting - Question #93System Configuration
An administrator has configured the following settings: What does the configuration do? (Choose two.)
system configurationloggingtraffic managementdevice detection - Question #94Security Profiles
What information is flushed when the chunk-size value is changed in the config dlp settings?
DLPconfiguration settingsdocument fingerprinting - Question #95Security Profiles
Which is the correct description of a hash result as it relates to digital certificates?
digital certificateshashingcryptography - Question #96Routing
Examine the network diagram shown in the exhibit, and then answer the following question: A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ens...
ECMPstatic routingnetwork designload balancing - Question #97Troubleshooting and Monitoring
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)
log managementFortiAnalyzerFortiManagerlogging - Question #98Troubleshooting and Monitoring
Examine this FortiGate configuration: Examine the output of the following debug command: Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new se...
traffic inspectiondebug outputsession handlingsecurity policies - Question #99Routing
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
route lookuppacket flowsession handling - Question #100System Configuration
The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?
FSSOActive Directoryuser authenticationLDAP