NSE4_FGT-7.0 Exam Questions
188 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 4 of 4.
- Question #151Troubleshooting and Monitoring
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The...
IPsec VPNPhase 1 troubleshootingIKE modeinterface mismatch - Question #152VPN
An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN n...
SSL VPNhigh latencylogin timeoutVPN negotiation - Question #153Firewall Policies
Which two statements are true about the RPF check? (Choose two.)
RPF checkIP spoofingsecurity mechanismspacket flow - Question #154High Availability
Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
HA statusCLI diagnosticsHA uptimemaster election - Question #155Security Profiles
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visit...
SSL inspectioncertificate warningsCA certificateweb filtering - Question #156Firewall Policies
Refer to the exhibit. The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for...
firewall policyuser authenticationidentity-based policyauthentication enforcement - Question #157System Configuration
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)
VDOM modessplit VDOMdefault VDOMsvirtual domain - Question #158Troubleshooting and Monitoring
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
CLI commandsLayer 3 troubleshootingpingtraceroutepacket sniffer - Question #159Security Profiles
Refer to the exhibit to view the application control profile. Based on the configuration, what will happen to Apple FaceTime?
application controlsecurity profilespolicy precedenceapplication filters - Question #160Firewall Policies
In which two ways can RPF checking be disabled? (Choose two )
RPF checkasymmetric routinginterface configurationsecurity features - Question #161Firewall Policies
An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any...
session TTLfirewall policyservice objectsHTTP sessions - Question #162System Configuration
Which feature in the Security Fabric takes one or more actions based on event triggers?
Security FabricAutomation Stitchesevent triggers - Question #163Security Profiles
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effect...
web filteringcategory overrideuser groupsgranular access control - Question #164System Configuration
Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?
authentication rulessession-based authenticationuser authentication - Question #165System Configuration
Which two statements are true about collector agent advanced mode? (Choose two.)
FSSOcollector agentLDAP clientuser groups - Question #166Network Configuration
Which two statements are correct about a software switch on FortiGate? (Choose two.)
software switchvirtual interfacesNAT mode - Question #167Firewall Policies
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
NGFW policy modecentral source NATapplication controlweb filtering - Question #168System Configuration
Refer to the exhibit, which contains a radius server configuration. An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected th...
RADIUS serveruser authenticationuser groups - Question #169Security Profiles
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
application controlNGFWIPS engine - Question #170Troubleshooting and Monitoring
Refer to the exhibit. An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)
packet sniffertroubleshooting toolspacket analysisFortiGate diagnostics - Question #171Firewall Policies
If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?
firewall policyInternet Service Objectsdestination address - Question #172Security Profiles
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks...
SSL inspectionHTTPS inspectionantivirussecurity profiles - Question #173System Configuration
Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?
Security FabricVDOMssplit-task VDOM - Question #174System Configuration
An administrator wants to configure timeouts for users. Regardless of the user TMs behavior, the timer should start as soon as the user authenticates and expire after the configure...
user authenticationsession timeouthard-timeout - Question #175Security Profiles
Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
IPS sensorintrusion preventionsecurity profilessignature actions - Question #176VPN
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is ob...
IPsec VPNDead Peer Detection (DPD)VPN tunnels - Question #177System Configuration
In an explicit proxy setup, where is the authentication method and database configured?
explicit proxyproxy authenticationauthentication scheme - Question #178Routing
Refer to the exhibit. Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
routing tabledefault routeadministrative distancemetric - Question #179System Configuration
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
FSSOagentless pollingSMB protocolLDAP server - Question #180Security Profiles
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a spec...
FortiGuardweb rating overrideweb filteringURL syntax - Question #181Security Profiles
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Exhibit A Exhibit B Which statement is correct if a user is unable to receive a...
Antivirus profileFlow-based inspectionBlock replacement messageSecurity profiles - Question #182VPN
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
SSL VPNFortiGate SSL VPNTunnel interfaceCertificates - Question #183System Configuration
Refer to the exhibits. An administrator creates a new address object on the root FortiGate (Local- FortiGate) in the security fabric. After synchronization, this object is not avai...
FortiGate Security FabricObject synchronizationAddress objectsConfiguration sync - Question #184Security Profiles
Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
Application controlSub-application inspectionFortiGuard signaturesWeb application security - Question #186Firewall Policies
When configuring a firewall virtual wire pair policy, which following statement is true?
Virtual Wire PairFirewall policyPolicy configurationTraffic direction - Question #187Security Profiles
Which statement about video filtering on FortiGate is true?
Video filteringProxy-based inspectionFirewall policySecurity profiles - Question #188Firewall Policies
Refer to the exhibits. The exhibits contain a network diagram, virtual IP, IP pool, and firewall policies configuration. Exhibit A. Exhibit B. The WAN (port1) interface has the IP...
Source NATIP PoolFirewall policyNetwork Address Translation - Question #189Network Configuration
Refer to the exhibit. An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2...
SD-WANPerformance SLAProbe packetsGateway configuration