1. Home
  2. Fortinet
  3. NSE4_FGT-7.0

Fortinet NSE 4 - FortiOS 7.0

Exam Details

  • Exam Code
    :NSE4_FGT-7.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 7.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :172 Q&As
  • Last Updated
    :Jun 14, 2025

Fortinet Fortinet Certifications NSE4_FGT-7.0 Questions & Answers

  • Question 21:

    An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

    A. A phase 2 configuration is not required.

    B. This VPN cannot be used as part of a hub-and-spoke topology.

    C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

    D. The IPsec firewall policies must be placed at the top of the list.

  • Question 22:

    Which statement about the IP authentication header (AH) used by IPsec is true?

    A. AH does not provide any data integrity or encryption.

    B. AH does not support perfect forward secrecy.

    C. AH provides data integrity bur no encryption.

    D. AH provides strong data integrity but weak encryption.

  • Question 23:

    Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

    A. Denial of Service

    B. Web application firewall

    C. Antivirus

    D. Application control

  • Question 24:

    What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

    A. FortiGate automatically negotiates different local and remote addresses with the remote peer.

    B. FortiGate automatically negotiates a new security association after the existing security association expires.

    C. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

    D. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

  • Question 25:

    Which of the following statements about central NAT are true? (Choose two.)

    A. IP tool references must be removed from existing firewall policies before enabling central NAT.

    B. Central NAT can be enabled or disabled from the CLI only.

    C. Source NAT, using central NAT, requires at least one central SNAT policy.

    D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

  • Question 26:

    Which statement regarding the firewall policy authentication timeout is true?

    A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

    C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

    D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

  • Question 27:

    An administrator is running the following sniffer command:

    Which three pieces of Information will be Included in me sniffer output? {Choose three.)

    A. Interface name

    B. Packet payload

    C. Ethernet header

    D. IP header

    E. Application header

  • Question 28:

    Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

    A. DNS

    B. ping

    C. udp-echo

    D. TWAMP

  • Question 29:

    Which three statements are true regarding session-based authentication? (Choose three.)

    A. HTTP sessions are treated as a single user.

    B. IP sessions from the same source IP address are treated as a single user.

    C. It can differentiate among multiple clients behind the same source IP address.

    D. It requires more resources.

    E. It is not recommended if multiple users are behind the source NAT

  • Question 30:

    Refer to the exhibit, which contains a radius server configuration.

    An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option. What will be the impact of using Include in every user group option in a RADIUS configuration?

    A. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

    B. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

    C. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

    D. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-7.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.