Fortinet NSE4_FGT-7.0 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-7.0 Online Questions & Answers

• Question 101:

  Refer to the exhibit.

  

  The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

  A. FortiGate SN FGVM010000065036 HA uptime has been reset.
  B. FortiGate devices are not in sync because one device is down.
  C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
  D. FortiGate SN FGVM010000064692 has the higher HA priority.
  A. FortiGate SN FGVM010000065036 HA uptime has been reset.
  D. FortiGate SN FGVM010000064692 has the higher HA priority.

  ---

  1.

  Override is disable by default - OK

  2.

  "If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the primary" The question here is : HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study Guide.

  https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disabled-default

• Question 102:

  Examine the exhibit, which contains a virtual IP and firewall policy configuration.

  

  

  The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.

  The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.

  Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

  A. 10.200.1.10
  B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
  C. 10.200.1.1
  D. 10.0.1.254
  A. 10.200.1.10

  ---

  https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Virtual%20IPs.htm

• Question 103:

  Exhibit:

  

  Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

  A. IP-based authentication is enabled
  B. Route-based authentication is enabled
  C. Session-based authentication is enabled.
  D. Policy-based authentication is enabled
  C. Session-based authentication is enabled.

  ---

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD45387

• Question 104:

  Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

  A. System time
  B. FortiGuaid update servers
  C. Operating mode
  D. NGFW mode
  C. Operating mode
  D. NGFW mode

  ---

  C: "Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.

  D: "Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM" Page 125 of FortiGate_Infrastructure_6.4_Study_Guide

• Question 105:

  Which two statements are true about collector agent standard access mode? (Choose two.)

  A. Standard mode uses Windows convention-NetBios: Domain\Username.
  B. Standard mode security profiles apply to organizational units (OU).
  C. Standard mode security profiles apply to user groups.
  D. Standard access mode supports nested groups.
  A. Standard mode uses Windows convention-NetBios: Domain\Username.
  C. Standard mode security profiles apply to user groups.

  ---

  Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/482937/agent-based-fsso

• Question 106:

  Refer to the exhibit, which contains a static route configuration.

  

  An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?

  A. get router info routing-table all
  B. get internet service route list
  C. get router info routing-table database
  D. diagnose firewall proute list
  D. diagnose firewall proute list

  ---

  Reference: https://docs.fortinet.com/document/fortigate/latest/administration-guide/139692/routing-concepts

• Question 107:

  Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

  A. diagnose wad session list
  B. diagnose wad session list | grep hook-preandandhook-out
  C. diagnose wad session list | grep hook=preandandhook=out
  D. diagnose wad session list | grep "hook=pre"and"hook=out"
  A. diagnose wad session list

• Question 108:

  Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

  A. Warning
  B. Exempt
  C. Allow
  D. Learn
  A. Warning
  C. Allow

• Question 109:

  An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

  A. Policy lookup will be disabled.
  B. By Sequence view will be disabled.
  C. Search option will be disabled
  D. Interface Pair view will be disabled.
  D. Interface Pair view will be disabled.

  ---

  https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821

• Question 110:

  Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

  A. To remove the NAT operation.
  B. To generate logs
  C. To finish any inspection operations.
  D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
  D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.