Summer Sale Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

Note! NSE4_FGT-7.0 has been withdrawn. The new exam code is NSE4_FGT-7.2

NSE4_FGT-7.0 Practice Exam Questions with Answers Fortinet NSE 4 - FortiOS 7.0 Certification

Question # 6

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

A.

Log downloads from the GUI are limited to the current filter view

B.

Log backups from the CLI cannot be restored to another FortiGate.

C.

Log backups from the CLI can be configured to upload to FTP as a scheduled time

D.

Log downloads from the GUI are stored as LZ4 compressed files.

Full Access
Question # 7

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A.

Log ID

B.

Universally Unique Identifier

C.

Policy ID

D.

Sequence ID

Full Access
Question # 8

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

A.

hard-timeout

B.

auth-on-demand

C.

soft-timeout

D.

new-session

E.

Idle-timeout

Full Access
Question # 9

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.

What is the default behavior when the local disk is full?

A.

Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

B.

No new log is recorded until you manually clear logs from the local disk.

C.

Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

D.

No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Full Access
Question # 10

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

A.

Source defined as Internet Services in the firewall policy.

B.

Destination defined as Internet Services in the firewall policy.

C.

Highest to lowest priority defined in the firewall policy.

D.

Services defined in the firewall policy.

E.

Lowest to highest policy ID number.

Full Access
Question # 11

Which three methods are used by the collector agent for AD polling? (Choose three.)

A.

FortiGate polling

B.

NetAPI

C.

Novell API

D.

WMI

E.

WinSecLog

Full Access
Question # 12

Refer to the exhibit.

NSE4_FGT-7.0 question answer

Which contains a Performance SLA configuration.

An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

A.

Participants configured are not SD-WAN members.

B.

There may not be a static route to route the performance SLA traffic.

C.

The Ping protocol is not supported for the public servers that are configured.

D.

You need to turn on the Enable probe packets switch.

Full Access
Question # 13

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

A.

remote user’s public IP address

B.

The public IP address of the FortiGate device.

C.

The remote user’s virtual IP address.

D.

The internal IP address of the FortiGate device.

Full Access
Question # 14

Refer to the exhibit.

NSE4_FGT-7.0 question answer

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

A.

The signature setting uses a custom rating threshold.

B.

The signature setting includes a group of other signatures.

C.

Traffic matching the signature will be allowed and logged.

D.

Traffic matching the signature will be silently dropped and logged.

Full Access
Question # 15

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

A.

SSH

B.

HTTPS

C.

FTM

D.

FortiTelemetry

Full Access
Question # 16

Which two statements are true about the FGCP protocol? (Choose two.)

A.

Not used when FortiGate is in Transparent mode

B.

Elects the primary FortiGate device

C.

Runs only over the heartbeat links

D.

Is used to discover FortiGate devices in different HA groups

Full Access
Question # 17

Refer to the exhibit.

NSE4_FGT-7.0 question answer

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

A.

The IPS engine was inspecting high volume of traffic.

B.

The IPS engine was unable to prevent an intrusion attack.

C.

The IPS engine was blocking all traffic.

D.

The IPS engine will continue to run in a normal state.

Full Access
Question # 18

Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

A.

FortiGate uses the AD server as the collector agent.

B.

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

C.

FortiGate does not support workstation check.

D.

FortiGate directs the collector agent to use a remote LDAP server.

Full Access
Question # 19

How does FortiGate act when using SSL VPN in web mode?

A.

FortiGate acts as an FDS server.

B.

FortiGate acts as an HTTP reverse proxy.

C.

FortiGate acts as DNS server.

D.

FortiGate acts as router.

Full Access
Question # 20

Refer to the exhibit.

NSE4_FGT-7.0 question answer

Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

A.

The session is in SYN_SENT state.

B.

The session is in FIN_ACK state.

C.

The session is in FTN_WAIT state.

D.

The session is in ESTABLISHED state.

Full Access
Question # 21

When configuring a firewall virtual wire pair policy, which following statement is true?

A.

Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

B.

Only a single virtual wire pair can be included in each policy.

C.

Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

D.

Exactly two virtual wire pairs need to be included in each policy.

Full Access
Question # 22

Refer to the exhibit.

NSE4_FGT-7.0 question answer

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

A.

Destination NAT is disabled in the firewall policy.

B.

One-to-one NAT IP pool is used in the firewall policy.

C.

Overload NAT IP pool is used in the firewall policy.

D.

Port block allocation IP pool is used in the firewall policy.

Full Access
Question # 23

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

* All traffic must be routed through the primary tunnel when both tunnels are up

* The secondary tunnel must be used only if the primary tunnel goes down

* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

A.

Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

B.

Enable Dead Peer Detection.

C.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

D.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Full Access
Question # 24

Refer to the exhibit.

NSE4_FGT-7.0 question answer

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

A.

Traffic between port2 and port2-vlan1 is allowed by default.

B.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain.

C.

port1 is a native VLAN.

D.

port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

Full Access
Question # 25

Refer to the exhibit.

NSE4_FGT-7.0 question answer

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A.

Change password

B.

Enable restrict access to trusted hosts

C.

Change Administrator profile

D.

Enable two-factor authentication

Full Access