1. Home
  2. Fortinet
  3. NSE4_FGT-7.0

Fortinet NSE 4 - FortiOS 7.0

Exam Details

  • Exam Code
    :NSE4_FGT-7.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 7.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :172 Q&As
  • Last Updated
    :Jun 14, 2025

Fortinet Fortinet Certifications NSE4_FGT-7.0 Questions & Answers

  • Question 11:

    Which feature in the Security Fabric takes one or more actions based on event triggers?

    A. Fabric Connectors

    B. Automation Stitches

    C. Security Rating

    D. Logical Topology

  • Question 12:

    Refer to the exhibit.

    The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

    The WAN (port1) interface has the IP address 10.200.1.1/24.

    The LAN (port3) interface has the IP address 10.0.1.254/24.

    A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

    Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

    Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP

    address of Remote-FortiGate (10.200.3.1)?

    A. 10.200.1.149

    B. 10.200.1.1

    C. 10.200.1.49

    D. 10.200.1.99

  • Question 13:

    Which two types of traffic are managed only by the management VDOM? (Choose two.)

    A. FortiGuard web filter queries

    B. PKI

    C. Traffic shaping

    D. DNS

  • Question 14:

    Which two statements are correct about a software switch on FortiGate? (Choose two.)

    A. It can be configured only when FortiGate is operating in NAT mode

    B. Can act as a Layer 2 switch as well as a Layer 3 router

    C. All interfaces in the software switch share the same IP address

    D. It can group only physical interfaces

  • Question 15:

    Examine the two static routes shown in the exhibit, then answer the following question.

    Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

    A. FortiGate will load balance all traffic across both routes.

    B. FortiGate will use the port1 route as the primary candidate.

    C. FortiGate will route twice as much traffic to the port2 route

    D. FortiGate will only actuate the port1 route in the routing table

  • Question 16:

    Examine the exhibit, which contains a virtual IP and firewall policy configuration.

    The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.

    The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.

    Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

    A. 10.200.1.10

    B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24

    C. 10.200.1.1

    D. 10.0.1.254

  • Question 17:

    Refer to the exhibit.

    Based on the raw log, which two statements are correct? (Choose two.)

    A. Traffic is blocked because Action is set to DENY in the firewall policy.

    B. Traffic belongs to the root VDOM.

    C. This is a security log.

    D. Log severity is set to error on FortiGate.

  • Question 18:

    FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.

    Which two other security profiles can you apply to the security policy? (Choose two.)

    A. Antivirus scanning

    B. File filter

    C. DNS filter

    D. Intrusion prevention

  • Question 19:

    What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

    A. Traffic to botnetservers

    B. Traffic to inappropriate web sites

    C. Server information disclosure attacks

    D. Credit card data leaks

    E. SQL injection attacks

  • Question 20:

    Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

    A. Web filter in flow-based inspection

    B. Antivirus in flow-based inspection

    C. DNS filter

    D. Web application firewall

    E. Application control

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-7.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.