NSE4_FGT-7.0 Practice Questions
189 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 3 of 4.
- Question #101
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)
- Question #102
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
- Question #103
Which of the following services can be inspected by the DLP profile? (Choose three.)
- Question #104
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)
- Question #105
Which statements about DNS filter profiles are true? (Choose two.)
- Question #106
An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?
- Question #107
A team manager has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effectiv...
- Question #108
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)
- Question #109
Which statements about antivirus scanning mode are true? (Choose two.)
- Question #110
In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloade...
- Question #111
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
- Question #112
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
- Question #113
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
- Question #114
Which scanning technique on FortiGate can be enabled only on the CLI?
- Question #115
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
- Question #116
You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior wh...
- Question #117
Refer to the exhibit. In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the...
- Question #118
Refer to the exhibit to view the application control profile. Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is tru...
- Question #119
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
- Question #120
Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)
- Question #121
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filte...
- Question #122
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate...
- Question #123
Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?
- Question #124
Refer to the exhibit, which contains a session diagnostic output. Which statement is true about the session diagnostic output?
- Question #125
Refer to the exhibit. The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address. An explicit web proxy is...
- Question #126
What devices form the core of the security fabric?
- Question #127
Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
- Question #128
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
- Question #129
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
- Question #130
How does FortiGate act when using SSL VPN in web mode?
- Question #131
Refer to the exhibit. The exhibit contains a network diagram, firewall policies, and a firewall address object configuration. An administrator created a Deny policy with default se...
- Question #132
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
- Question #133
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)
- Question #134
Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)
- Question #135
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other sec...
- Question #136
Which two types of traffic are managed only by the management VDOM? (Choose two.)
- Question #137
An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention syste...
- Question #138
Which two statements are correct about SLA targets? (Choose two.)
- Question #139
Which two statements are true about collector agent standard access mode? (Choose two.)
- Question #140
Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)
- Question #141
Which three methods are used by the collector agent for AD polling? (Choose three.)
- Question #142
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
- Question #143
Consider the topology: Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server. An administrator is investigating a problem where an application establishes...
- Question #144
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
- Question #145
What is the primary FortiGate election process when the HA override setting is disabled?
- Question #146
Which three statements are true regarding session-based authentication? (Choose three.)
- Question #147
Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to v...
- Question #148
An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?
- Question #149
Refer to the exhibit. The exhibit contains a network diagram, central SNAT policy, and IP pool configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (p...
- Question #150
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achie...