Fortinet NSE4_FGT-7.0 Fortinet NSE 4 – FortiOS 7.0 Online Training
Fortinet NSE4_FGT-7.0 Online Training
The questions for NSE4_FGT-7.0 were last updated at Nov 26,2024.
- Exam Code: NSE4_FGT-7.0
- Exam Name: Fortinet NSE 4 - FortiOS 7.0
- Certification Provider: Fortinet
- Latest update: Nov 26,2024
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)
- A . Proxy-based inspection
- B . Certificate inspection
- C . Flow-based inspection
- D . Full Content inspection
Which statement about the policy ID number of a firewall policy is true?
- A . It is required to modify a firewall policy using the CLI.
- B . It represents the number of objects used in the firewall policy.
- C . It changes when firewall policies are reordered.
- D . It defines the order in which rules are processed.
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)
- A . SSH
- B . HTTPS
- C . FTM
- D . FortiTelemetry
A,B
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/995103/buildingsecurity-into-fortios
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
- A . Static IP Address
- B . Dialup User
- C . Dynamic DNS
- D . Pre-shared Key
B
Explanation:
Dialup user is used when the remote peer’s IP address is unknown. The remote peer whose IP address is unknown acts as the dialup clien and this is often the case for branch offices and mobile VPN clients that use dynamic IP address and no dynamic DNS
An administrator wants to configure timeouts for users. Regardless of the user™s behavior, the timer should start as soon as the user authenticates and expire after the configured value.
Which timeout option should be configured on FortiGate?
- A . auth-on-demand
- B . soft-timeout
- C . idle-timeout
- D . new-session
- E . hard-timeout
E
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221#:~:text=Hard%20timeout%3A%20User%20entry%20will,(5%20minutes%20by%20default)
Refer to the exhibit.
Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
- A . The port3 default route has the highest distance.
- B . The port3 default route has the lowest metric.
- C . There will be eight routes active in the routing table.
- D . The port1 and port2 default routes are active in the routing table.
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
- A . The IPS engine was inspecting high volume of traffic.
- B . The IPS engine was unable to prevent an intrusion attack.
- C . The IPS engine was blocking all traffic.
- D . The IPS engine will continue to run in a normal state.
A
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpu-usage
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- A . The collector agent uses a Windows API to query DCs for user logins.
- B . NetAPI polling can increase bandwidth usage in large networks.
- C . The collector agent must search security event logs.
- D . The NetSession Enum function is used to track user logouts.
D
Explanation:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD34906
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=210966035&stateId=1%2 00%20210968009%27)
Refer to the exhibit.
An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)
- A . The Detection Mode setting is not set to Passive.
- B . Administrator didn’t configure a gateway for the SD-WAN members, or configured gateway is not valid.
- C . The configured participants are not SD-WAN members.
- D . The Enable probe packets setting is not enabled.
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
- A . The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
- B . The client FortiGate requires a manually added route to remote subnets.
- C . The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.
- D . Server FortiGate requires a CA certificate to verify the client FortiGate certificate.
C, D
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/266506/ssl-vpn-with-certificate-authentication
Latest NSE4_FGT-7.0 Dumps Valid Version with 172 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
