Fortinet NSE4_FGT-7.0 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-7.0 Online Questions & Answers

• Question 21:

  Refer to the exhibit.

  

  The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.

  An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.

  The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database.

  Users will be prompted for authentication.

  How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

  A. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.
  B. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
  C. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.
  D. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.
  B. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
  D. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

• Question 22:

  Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

  A. SSH
  B. HTTPS
  C. FTM
  D. FortiTelemetry
  A. SSH
  B. HTTPS

  ---

  Reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/995103/buildingsecurity-into-fortios

• Question 23:

  What devices form the core of the security fabric?

  A. Two FortiGate devices and one FortiManager device
  B. One FortiGate device and one FortiManager device
  C. Two FortiGate devices and one FortiAnalyzer device
  D. One FortiGate device and one FortiAnalyzer device
  C. Two FortiGate devices and one FortiAnalyzer device

  ---

  Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/425100/components

• Question 24:

  Which three statements about a flow-based antivirus profile are correct? (Choose three.)

  A. IPS engine handles the process as a standalone.
  B. FortiGate buffers the whole file but transmits to the client simultaneously.
  C. If the virus is detected, the last packet is delivered to the client.
  D. Optimized performance compared to proxy-based inspection.
  E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
  B. FortiGate buffers the whole file but transmits to the client simultaneously.
  D. Optimized performance compared to proxy-based inspection.
  E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.

  ---

  Reference: https://forum.fortinet.com/tm.aspx?m=192309

• Question 25:

  Refer to the exhibits.

  

  The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

  A. Change the SSL VPN port on the client.
  B. Change the Server IP address.
  C. Change the idle-timeout.
  D. Change the SSL VPN portal to the tunnel.
  A. Change the SSL VPN port on the client.

  ---

  Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/150494

• Question 26:

  An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.

  Which subnet must the administrator configure for the local quick mode selector for site B?

  A. 192.168.1.0/24
  B. 192.168.0.0/24
  C. 192.168.2.0/24
  D. 192.168.3.0/24
  C. 192.168.2.0/24

• Question 27:

  Examine the following web filtering log.

  

  Which statement about the log message is true?

  A. The action for the category Games is set to block.
  B. The usage quota for the IP address 10.0.1.10 has expired
  C. The name of the applied web filter profile is default.
  D. The web site miniclip.com matches a static URL filter whose action is set to Warning.
  C. The name of the applied web filter profile is default.

• Question 28:

  Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

  A. get system status
  B. get system performance status
  C. diagnose sys top
  D. get system arp
  D. get system arp

  ---

  "If you suspect that there is an IP address conflict, or that an IP has been assigned to the wrong device, you may need to look at the ARP table."

• Question 29:

  Refer to the exhibit.

  

  

  The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

  The WAN (port1) interface has the IP address 10.200.1.1/24.

  The LAN (port3) interface has the IP address 10.0.1.254/24.

  A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

  Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

  Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

  A. 10.200.1.149
  B. 10.200.1.1
  C. 10.200.1.49
  D. 10.200.1.99
  D. 10.200.1.99

• Question 30:

  Refer to the exhibit.

  

  The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check. Which interface will be selected as an outgoing interface?

  A. port2
  B. port4
  C. port3
  D. port1
  D. port1

  ---

  Port 1 shows the lowest latency.