Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Note! The NSE4_FGT-7.0 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the NSE4_FGT-7.2 Exam.

NSE4_FGT-7.0 Fortinet NSE 4 - FortiOS 7.0 Questions and Answers

Questions 4

Refer to the exhibit.

NSE4_FGT-7.0 Question 4

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

Options:

A.

The IPS engine was inspecting high volume of traffic.

B.

The IPS engine was unable to prevent an intrusion attack.

C.

The IPS engine was blocking all traffic.

D.

The IPS engine will continue to run in a normal state.

Buy Now
Questions 5

Refer to the exhibit.

NSE4_FGT-7.0 Question 5

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

Options:

A.

On HQ-FortiGate, enable Auto-negotiate.

B.

On Remote-FortiGate, set Seconds to 43200.

C.

On HQ-FortiGate, enable Diffie-Hellman Group 2.

D.

On HQ-FortiGate, set Encryption to AES256.

Buy Now
Questions 6

Refer to the exhibit, which contains a radius server configuration.

NSE4_FGT-7.0 Question 6

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.

What will be the impact of using Include in every user group option in a RADIUS configuration?

Options:

A.

This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

B.

This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

C.

This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

D.

This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

Buy Now
Questions 7

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

Options:

A.

diagnose wad session list

B.

diagnose wad session list | grep hook-pre&&hook-out

C.

diagnose wad session list | grep hook=pre&&hook=out

D.

diagnose wad session list | grep "hook=pre"&"hook=out"

Buy Now
Questions 8

Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

Options:

A.

By default, FortiGate uses WINS servers to resolve names.

B.

By default, the SSL VPN portal requires the installation of a client’s certificate.

C.

By default, split tunneling is enabled.

D.

By default, the admin GUI and SSL VPN portal use the same HTTPS port.

Buy Now
Questions 9

Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

Options:

A.

Fabric Coverage

B.

Automated Response

C.

Security Posture

D.

Optimization

Buy Now
Questions 10

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

Options:

A.

remote user’s public IP address

B.

The public IP address of the FortiGate device.

C.

The remote user’s virtual IP address.

D.

The internal IP address of the FortiGate device.

Buy Now
Questions 11

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

Options:

A.

Warning

B.

Exempt

C.

Allow

D.

Learn

Buy Now
Questions 12

Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

Options:

A.

To allow for out-of-order packets that could arrive after the FIN/ACK packets

B.

To finish any inspection operations

C.

To remove the NAT operation

D.

To generate logs

Buy Now
Questions 13

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

Options:

A.

get system status

B.

get system performance status

C.

diagnose sys top

D.

get system arp

Buy Now
Questions 14

Which two statements are correct about SLA targets? (Choose two.)

Options:

A.

You can configure only two SLA targets per one Performance SLA.

B.

SLA targets are optional.

C.

SLA targets are required for SD-WAN rules with a Best Quality strategy.

D.

SLA targets are used only when referenced by an SD-WAN rule.

Buy Now
Questions 15

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Options:

A.

SSH

B.

HTTPS

C.

FTM

D.

FortiTelemetry

Buy Now
Questions 16

Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

Options:

A.

FortiGate uses the AD server as the collector agent.

B.

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

C.

FortiGate does not support workstation check.

D.

FortiGate directs the collector agent to use a remote LDAP server.

Buy Now
Questions 17

Refer to the exhibit.

NSE4_FGT-7.0 Question 17

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

Options:

A.

There are five devices that are part of the security fabric.

B.

Device detection is disabled on all FortiGate devices.

C.

This security fabric topology is a logical topology view.

D.

There are 19 security recommendations for the security fabric.

Buy Now
Questions 18

An administrator wants to configure timeouts for users. Regardless of the userג€™s behavior, the timer should start as soon as the user authenticates and expire after the configured value.

Which timeout option should be configured on FortiGate?

Options:

A.

auth-on-demand

B.

soft-timeout

C.

idle-timeout

D.

new-session

E.

hard-timeout

Buy Now
Questions 19

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Options:

A.

FortiGate automatically negotiates different local and remote addresses with the remote peer.

B.

FortiGate automatically negotiates a new security association after the existing security association expires.

C.

FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

D.

FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

Buy Now
Questions 20

Which two statements about antivirus scanning mode are true? (Choose two.)

Options:

A.

In proxy-based inspection mode, files bigger than the buffer size are scanned.

B.

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

C.

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.

D.

In flow-based inspection mode, files bigger than the buffer size are scanned.

Buy Now
Questions 21

An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Options:

A.

A phase 2 configuration is not required.

B.

This VPN cannot be used as part of a hub-and-spoke topology.

C.

A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

D.

The IPsec firewall policies must be placed at the top of the list.

Buy Now
Questions 22

Refer to the exhibit.

NSE4_FGT-7.0 Question 22

NSE4_FGT-7.0 Question 22

NSE4_FGT-7.0 Question 22

The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.

An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.

Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

Options:

A.

Disable match-vip in the Deny policy.

B.

Set the Destination address as Deny_IP in the Allow-access policy.

C.

Enable match vip in the Deny policy.

D.

Set the Destination address as Web_server in the Deny policy.

Buy Now
Questions 23

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

Options:

A.

It limits the scanning of application traffic to the DNS protocol only.

B.

It limits the scanning of application traffic to use parent signatures only.

C.

It limits the scanning of application traffic to the browser-based technology category only.

D.

It limits the scanning of application traffic to the application category only.

Buy Now
Questions 24

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

Options:

A.

Heartbeat interfaces have virtual IP addresses that are manually assigned.

B.

A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

C.

Virtual IP addresses are used to distinguish between cluster members.

D.

The primary device in the cluster is always assigned IP address 169.254.0.1.

Buy Now
Questions 25

Which of the following statements about central NAT are true? (Choose two.)

Options:

A.

IP tool references must be removed from existing firewall policies before enabling central NAT.

B.

Central NAT can be enabled or disabled from the CLI only.

C.

Source NAT, using central NAT, requires at least one central SNAT policy.

D.

Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Buy Now
Exam Code: NSE4_FGT-7.0
Exam Name: Fortinet NSE 4 - FortiOS 7.0
Last Update: Dec 2, 2023
Questions: 173
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 04 Dec 2024