NSE4_FGT-7.0 Exam Questions
188 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 3 of 4.
- Question #101Firewall Policies
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)
Firewall policySource fieldUser groupFQDN address - Question #102Network Configuration
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
SD-WANNext-hop gatewayInterface configuration - Question #103Security Profiles
Which of the following services can be inspected by the DLP profile? (Choose three.)
DLP profileProtocol inspectionFTPIMAP - Question #104System Configuration
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)
FSSOWMI pollingUser authenticationCollector agent - Question #105Security Profiles
Which statements about DNS filter profiles are true? (Choose two.)
DNS filterSecurity profilesBotnet protectionBlocked request redirection - Question #106VPN
An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?
IPsec VPNXAuthDialup VPNUser authentication - Question #107Security Profiles
A team manager has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effectiv...
Web filterCategory overrideGranular access control - Question #108Troubleshooting and Monitoring
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)
FSSOTroubleshootingBest practicesFirewall ports - Question #109Security Profiles
Which statements about antivirus scanning mode are true? (Choose two.)
AntivirusScanning modesProxy-based inspectionFlow-based inspection - Question #110High Availability
In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloade...
High AvailabilityActive-Active HASession offloadingTraffic flow - Question #111Network Configuration
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
Transparent modeFortiGate operationBroadcast domainMAC address forwarding - Question #112Firewall Policies
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
NGFWInspection modePolicy-based firewallFlow-based inspection - Question #113VPN
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
IPsecAuthentication methodsXAuthPreshared key - Question #114Security Profiles
Which scanning technique on FortiGate can be enabled only on the CLI?
AntivirusHeuristics scanCLI configuration - Question #115Firewall Policies
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
NGFWSecurity policySSL inspectionAuthentication policy - Question #116Troubleshooting and Monitoring
You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior wh...
LoggingLocal diskLog managementDisk full behavior - Question #117Troubleshooting and Monitoring
Refer to the exhibit. In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the...
TroubleshootingPacket snifferDebug flowNetwork connectivity - Question #118Security Profiles
Refer to the exhibit to view the application control profile. Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is tru...
Application controlSecurity profilesBlocking applicationsTroubleshooting - Question #119VPN
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
IPsec VPNPhase 2Auto-negotiateSecurity Association - Question #120Security Profiles
Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)
IPS engineFlow-based inspectionWeb filterApplication control - Question #121Security Profiles
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filte...
web filteringHTTP inspectionFortiGuardsecurity profiles - Question #122Firewall Policies
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate...
firewall policiesloggingFortiAnalyzerFortiManager - Question #123Security Profiles
Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?
firewall policiesdeep inspectionantivirussecurity profiles - Question #124Troubleshooting and Monitoring
Refer to the exhibit, which contains a session diagnostic output. Which statement is true about the session diagnostic output?
session debuggingTCP statesnetwork sessionstroubleshooting - Question #125Firewall Policies
Refer to the exhibit. The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address. An explicit web proxy is...
explicit proxyauthenticationfirewall policiesuser management - Question #126System Configuration
What devices form the core of the security fabric?
FortiGateFortiAnalyzerSecurity Fabric - Question #127Firewall Policies
Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
firewall policiespolicy matchingInternet Servicesservices - Question #128High Availability
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
HA clusteractive-activesynchronizationNTPDNS - Question #129Security Profiles
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
WAFSQL injectionserver protectionsecurity features - Question #130VPN
How does FortiGate act when using SSL VPN in web mode?
SSL VPNweb modereverse proxy - Question #131Firewall Policies
Refer to the exhibit. The exhibit contains a network diagram, firewall policies, and a firewall address object configuration. An administrator created a Deny policy with default se...
firewall policiesVIPpolicy matchingtroubleshooting - Question #132Security Profiles
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
SSL inspectionserver certificateSNISANhostname identification - Question #133System Configuration
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)
administrator accessSSHHTTPSmanagement - Question #134Troubleshooting and Monitoring
Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)
FortiGuardtroubleshootingdebug outputconnectivity - Question #135Security Profiles
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other sec...
security profilesNGFWfirewall policiesantivirusIPS - Question #136System Configuration
Which two types of traffic are managed only by the management VDOM? (Choose two.)
VDOMmanagement VDOMFortiGuardDNS - Question #137Network Configuration
An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention syste...
RPF checkasymmetric routinginterface configurationtroubleshooting - Question #138Network Configuration
Which two statements are correct about SLA targets? (Choose two.)
SLA targetsSD-WANperformance SLA - Question #139System Configuration
Which two statements are true about collector agent standard access mode? (Choose two.)
collector agentuser authenticationuser groupsActive Directory integration - Question #140Troubleshooting and Monitoring
Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)
loggingraw logsfirewall policysecurity eventstroubleshooting - Question #141System Configuration
Which three methods are used by the collector agent for AD polling? (Choose three.)
AD pollingcollector agentauthentication methods - Question #142Firewall Policies
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
firewall policysource objectsInternet Service Databaseuser groups - Question #143Troubleshooting and Monitoring
Consider the topology: Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server. An administrator is investigating a problem where an application establishes...
SSL VPNsession timeoutfirewall policyservice objects - Question #144System Configuration
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
Security FabricSecurity Ratingbest practicesconfiguration audit - Question #145High Availability
What is the primary FortiGate election process when the HA override setting is disabled?
HA electionHA overridemaster election criteriaHA uptime - Question #146System Configuration
Which three statements are true regarding session-based authentication? (Choose three.)
session-based authenticationuser authenticationresource utilizationNAT considerations - Question #147Routing
Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to v...
static routespolicy routesCLI commandsrouting table - Question #148Network Configuration
An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?
interface typeslink aggregationredundancynetwork bandwidth - Question #149Network Configuration
Refer to the exhibit. The exhibit contains a network diagram, central SNAT policy, and IP pool configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (p...
Source NATCentral SNATIP poolsfirewall policyNAT configuration - Question #150VPN
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achie...
FortiTokenmulti-site VPNFortiAuthenticatorVPN authentication