NSE4_FGT-7.0 Practice Questions
189 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 2 of 4.
- Question #51
Refer to the exhibit. Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
- Question #52
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
- Question #53
Which statement about the IP authentication header (AH) used by IPsec is true?
- Question #54
To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?
- Question #55
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protoc...
- Question #56
An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?
- Question #57
NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?
- Question #58
Which statement about the policy ID number of a firewall policy is true?
- Question #59
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
- Question #60
Refer to the exhibit showing a debug flow output. Which two statements about the debug flow output are correct? (Choose two.)
- Question #61
Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
- Question #62
An administrator Is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A. the local qui...
- Question #63
Which two statements are true about the FGCP protocol? (Choose two.)
- Question #64
Refer to the web filter raw logs. Based on the raw logs shown in the exhibit, which statement is correct?
- Question #65
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
- Question #66
Which of statement is true about SSL VPN web mode?
- Question #67
Refer to the exhibit. Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?
- Question #68
Refer to the exhibit. The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
- Question #69
Examine the exhibit, which contains a virtual IP and firewall policy configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP...
- Question #70
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phas...
- Question #71
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy- based inspection mode? (Choose two.)
- Question #72
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
- Question #73
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
- Question #74
Which two protocol options are available on the CLI but not on the GUI when configuring an SD- WAN Performance SLA? (Choose two.)
- Question #75
Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook. Users are given access to the Facebook web...
- Question #76
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
- Question #77
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
- Question #78
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface. Which statements about the VLAN sub interfaces can h...
- Question #79
Examine the two static routes shown in the exhibit, then answer the following question. Which of the following is the expected FortiGate behavior regarding these two routes to the...
- Question #80
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- Question #81
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic, in addition, the remote peer does not support a dynamic DNS updat...
- Question #82
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below. An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to deter...
- Question #83
Examine the following web filtering log. Which statement about the log message is true?
- Question #84
Refer to the exhibit. Which contains a session diagnostic output. Which statement is true about the session diagnostic output?
- Question #85
Refer to the exhibit. According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?
- Question #86
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolid...
- Question #87
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
- Question #88
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
- Question #89
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
- Question #90
Refer to the exhibit. Which contains a network diagram and routing table output. The Student is unable to access Webserver. What is the cause of the problem and what is the solutio...
- Question #91
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below. When detecting attacks, which anomaly, signature, or filter will FortiGate...
- Question #92
Examine this output from a debug flow: Why did the FortiGate drop the packet?
- Question #93
An administrator has configured the following settings: What does the configuration do? (Choose two.)
- Question #94
What information is flushed when the chunk-size value is changed in the config dlp settings?
- Question #95
Which is the correct description of a hash result as it relates to digital certificates?
- Question #96
Examine the network diagram shown in the exhibit, and then answer the following question: A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ens...
- Question #97
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)
- Question #98
Examine this FortiGate configuration: Examine the output of the following debug command: Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new se...
- Question #99
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
- Question #100
The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?