1. Home
  2. Fortinet
  3. NSE4_FGT-7.0

Fortinet NSE 4 - FortiOS 7.0

Exam Details

  • Exam Code
    :NSE4_FGT-7.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 7.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :172 Q&As
  • Last Updated
    :Jun 14, 2025

Fortinet Fortinet Certifications NSE4_FGT-7.0 Questions & Answers

  • Question 41:

    Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

    An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.

    What is a possible reason for this?

    A. The IPS filter is missing the Protocol: HTTPS option.

    B. The HTTPS signatures have not been added to the sensor.

    C. A DoS policy should be used, instead of an IPS sensor.

    D. A DoS policy should be used, instead of an IPS sensor.

    E. The firewall policy is not using a full SSL inspection profile.

  • Question 42:

    If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy? A User or User Group

    A. IP address

    B. No other object can be added

    C. FQDN address

  • Question 43:

    An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

    A. Configure Source IP Pools.

    B. Configure split tunneling in tunnel mode.

    C. Configure different SSL VPN realms.

    D. Configure host check.

  • Question 44:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

    A. remote user's public IP address

    B. The public IP address of the FortiGate device.

    C. The remote user's virtual IP address.

    D. The internal IP address of the FortiGate device.

  • Question 45:

    Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

    A. FortiGate points the collector agent to use a remote LDAP server.

    B. FortiGate uses the AD server as the collector agent.

    C. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

    D. FortiGate queries AD by using the LDAP to retrieve user group information.

  • Question 46:

    If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

    A. The Services field prevents SNAT and DNAT from being combined in the same policy.

    B. The Services field is used when you need to bundle several VIPs into VIP groups.

    C. The Services field removes the requirement to create multiple VIPs for different services.

    D. The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.

  • Question 47:

    Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

    A. The firmware image must be manually uploaded to each FortiGate.

    B. Only secondary FortiGate devices are rebooted.

    C. Uninterruptable upgrade is enabled by default.

    D. Traffic load balancing is temporally disabled while upgrading the firmware.

  • Question 48:

    Refer to the exhibit.

    According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?

    A. A user

    B. A root CA

    C. A bridge CA

    D. A subordinate

  • Question 49:

    Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

    A. By default, FortiGate uses WINS servers to resolve names.

    B. By default, the SSL VPN portal requires the installation of a client's certificate.

    C. By default, split tunneling is enabled.

    D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.

  • Question 50:

    Refer to the exhibit.

    Which contains a Performance SLA configuration.

    An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

    A. Participants configured are not SD-WAN members.

    B. There may not be a static route to route the performance SLA traffic.

    C. The Ping protocol is not supported for the public servers that are configured.

    D. You need to turn on the Enable probe packets switch.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-7.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.