NSE4_FGT-7.0 Practice Questions
189 real NSE4_FGT-7.0 exam questions with expert-verified answers and explanations. Page 4 of 4.
- Question #151
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The...
- Question #152
An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN n...
- Question #153
Which two statements are true about the RPF check? (Choose two.)
- Question #154
Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
- Question #155
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visit...
- Question #156
Refer to the exhibit. The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for...
- Question #157
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)
- Question #158
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
- Question #159
Refer to the exhibit to view the application control profile. Based on the configuration, what will happen to Apple FaceTime?
- Question #160
In which two ways can RPF checking be disabled? (Choose two )
- Question #161
An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any...
- Question #162
Which feature in the Security Fabric takes one or more actions based on event triggers?
- Question #163
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effect...
- Question #164
Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?
- Question #165
Which two statements are true about collector agent advanced mode? (Choose two.)
- Question #166
Which two statements are correct about a software switch on FortiGate? (Choose two.)
- Question #167
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
- Question #168
Refer to the exhibit, which contains a radius server configuration. An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected th...
- Question #169
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
- Question #170
Refer to the exhibit. An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)
- Question #171
If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?
- Question #172
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks...
- Question #173
Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?
- Question #174
An administrator wants to configure timeouts for users. Regardless of the user TMs behavior, the timer should start as soon as the user authenticates and expire after the configure...
- Question #175
Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
- Question #176
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is ob...
- Question #177
In an explicit proxy setup, where is the authentication method and database configured?
- Question #178
Refer to the exhibit. Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
- Question #179
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
- Question #180
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a spec...
- Question #181
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Exhibit A Exhibit B Which statement is correct if a user is unable to receive a...
- Question #182
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
- Question #183
Refer to the exhibits. An administrator creates a new address object on the root FortiGate (Local- FortiGate) in the security fabric. After synchronization, this object is not avai...
- Question #184
Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
- Question #185
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
- Question #186
When configuring a firewall virtual wire pair policy, which following statement is true?
- Question #187
Which statement about video filtering on FortiGate is true?
- Question #188
Refer to the exhibits. The exhibits contain a network diagram, virtual IP, IP pool, and firewall policies configuration. Exhibit A. Exhibit B. The WAN (port1) interface has the IP...
- Question #189
Refer to the exhibit. An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2...