March Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

Note! The NSE4_FGT-7.0 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the NSE4_FGT-7.2 Exam.

NSE4_FGT-7.0 Fortinet NSE 4 - FortiOS 7.0 Questions and Answers

Questions 4

Refer to the exhibit to view the application control profile.

NSE4_FGT-7.0 Question 4

Based on the configuration, what will happen to Apple FaceTime?

Options:

A.

Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration

B.

Apple FaceTime will be allowed, based on the Apple filter configuration.

C.

Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn

D.

Apple FaceTime will be allowed, based on the Categories configuration.

Buy Now
Questions 5

Refer to the exhibit.

NSE4_FGT-7.0 Question 5

NSE4_FGT-7.0 Question 5

NSE4_FGT-7.0 Question 5

NSE4_FGT-7.0 Question 5

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

Options:

A.

10.200.1.149

B.

10.200.1.1

C.

10.200.1.49

D.

10.200.1.99

Buy Now
Questions 6

How do you format the FortiGate flash disk?

Options:

A.

Load a debug FortiOS image.

B.

Load the hardware test (HQIP) image.

C.

Execute the CLI command execute formatlogdisk.

D.

Select the format boot device option from the BIOS menu.

Buy Now
Questions 7

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Options:

A.

The public key of the web server certificate must be installed on the browser.

B.

The web-server certificate must be installed on the browser.

C.

The CA certificate that signed the web-server certificate must be installed on the browser.

D.

The private key of the CA certificate that signed the browser certificate must be installed on the browser.

Buy Now
Questions 8

View the exhibit.

NSE4_FGT-7.0 Question 8

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

Options:

A.

Addicting.Games is allowed based on the Application Overrides configuration.

B.

Addicting.Games is blocked on the Filter Overrides configuration.

C.

Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D.

Addcting.Games is allowed based on the Categories configuration.

Buy Now
Questions 9

An organization’s employee needs to connect to the office through a high-latency internet connection.

Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Options:

A.

Change the session-ttl.

B.

Change the login timeout.

C.

Change the idle-timeout.

D.

Change the udp idle timer.

Buy Now
Questions 10

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Options:

A.

By default, all interfaces are part of the same broadcast domain.

B.

The existing network IP schema must be changed when installing a transparent mode.

C.

Static routes are required to allow traffic to the next hop.

D.

FortiGate forwards frames without changing the MAC address.

Buy Now
Questions 11

Refer to the exhibit.

NSE4_FGT-7.0 Question 11

According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?

Options:

A.

A user

B.

A root CA

C.

A bridge CA

D.

A subordinate

Buy Now
Questions 12

What is the primary FortiGate election process when the HA override setting is disabled?

Options:

A.

Connected monitored ports > System uptime > Priority > FortiGate Serial number

B.

Connected monitored ports > HA uptime > Priority > FortiGate Serial number

C.

Connected monitored ports > Priority > HA uptime > FortiGate Serial number

D.

Connected monitored ports > Priority > System uptime > FortiGate Serial number

Buy Now
Questions 13

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Options:

A.

Add the support of NTLM authentication.

B.

Add user accounts to Active Directory (AD).

C.

Add user accounts to the FortiGate group fitter.

D.

Add user accounts to the Ignore User List.

Buy Now
Questions 14

Which two statements are true about the FGCP protocol? (Choose two.)

Options:

A.

Not used when FortiGate is in Transparent mode

B.

Elects the primary FortiGate device

C.

Runs only over the heartbeat links

D.

Is used to discover FortiGate devices in different HA groups

Buy Now
Questions 15

Which statement about the policy ID number of a firewall policy is true?

Options:

A.

It is required to modify a firewall policy using the CLI.

B.

It represents the number of objects used in the firewall policy.

C.

It changes when firewall policies are reordered.

D.

It defines the order in which rules are processed.

Buy Now
Questions 16

How does FortiGate act when using SSL VPN in web mode?

Options:

A.

FortiGate acts as an FDS server.

B.

FortiGate acts as an HTTP reverse proxy.

C.

FortiGate acts as DNS server.

D.

FortiGate acts as router.

Buy Now
Questions 17

Refer to the exhibits.

NSE4_FGT-7.0 Question 17

NSE4_FGT-7.0 Question 17

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

Options:

A.

The SSL inspection needs to be a deep content inspection.

B.

Force access to Facebook using the HTTP service.

C.

Additional application signatures are required to add to the security policy.

D.

Add Facebook in the URL category in the security policy.

Buy Now
Questions 18

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Options:

A.

SSH

B.

HTTPS

C.

FTM

D.

FortiTelemetry

Buy Now
Questions 19

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

Options:

A.

FortiCache

B.

FortiSIEM

C.

FortiAnalyzer

D.

FortiSandbox

E.

FortiCloud

Buy Now
Questions 20

Which three statements about a flow-based antivirus profile are correct? (Choose three.)

Options:

A.

IPS engine handles the process as a standalone.

B.

FortiGate buffers the whole file but transmits to the client simultaneously.

C.

If the virus is detected, the last packet is delivered to the client.

D.

Optimized performance compared to proxy-based inspection.

E.

Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.

Buy Now
Questions 21

Which two statements are correct about SLA targets? (Choose two.)

Options:

A.

You can configure only two SLA targets per one Performance SLA.

B.

SLA targets are optional.

C.

SLA targets are required for SD-WAN rules with a Best Quality strategy.

D.

SLA targets are used only when referenced by an SD-WAN rule.

Buy Now
Questions 22

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.

Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

Options:

A.

set fortiguard-anycast disable

B.

set webfilter-force-off disable

C.

set webfilter-cache disable

D.

set protocol tcp

Buy Now
Questions 23

Refer to the exhibit.

NSE4_FGT-7.0 Question 23

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

Options:

A.

Traffic between port2 and port2-vlan1 is allowed by default.

B.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain.

C.

port1 is a native VLAN.

D.

port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

Buy Now
Questions 24

Refer to the exhibit.

NSE4_FGT-7.0 Question 24

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

Options:

A.

The IPS engine was inspecting high volume of traffic.

B.

The IPS engine was unable to prevent an intrusion attack.

C.

The IPS engine was blocking all traffic.

D.

The IPS engine will continue to run in a normal state.

Buy Now
Questions 25

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

Options:

A.

Policy lookup will be disabled.

B.

By Sequence view will be disabled.

C.

Search option will be disabled

D.

Interface Pair view will be disabled.

Buy Now
Exam Code: NSE4_FGT-7.0
Exam Name: Fortinet NSE 4 - FortiOS 7.0
Last Update: Dec 11, 2023
Questions: 173