New Year Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

NSE4_FGT-7.0 PDF

$45

$99.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

NSE4_FGT-7.0 PDF + Testing Engine

$72

$159.99

3 Months Free Update

  • Exam Name: Fortinet NSE 4 - FortiOS 7.0
  • Last Update: Jan 24, 2022
  • Questions and Answers: 172
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

NSE4_FGT-7.0 Engine

$54

$119.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

NSE4_FGT-7.0 Fortinet NSE 4 - FortiOS 7.0 Questions and Answers

Question # 6

Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10 .0.1.254. /24.

The first firewall policy has NAT enabled using IP Pool.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

A.

10.200.1.1

B.

10.200.3.1

C.

10.200.1.100

D.

10.200.1.10

Full Access
Question # 7

An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?

A.

192.168.1.0/24

B.

192.168.0.0/24

C.

192.168.2.0/24

D.

192.168.3.0/24

Full Access
Question # 8

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

A.

NGFW policy-based mode does not require the use of central source NAT policy

B.

NGFW policy-based mode can only be applied globally and not on individual VDOMs

C.

NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

D.

NGFW policy-based mode policies support only flow inspection

Full Access
Question # 9

Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

A.

Traffic between port2 and port2-vlan1 is allowed by default.

B.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain.

C.

port1 is a native VLAN.

D.

port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

Full Access
Question # 10

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

A.

Disabled

B.

On Demand

C.

Enabled

D.

On Idle

Full Access
Question # 11

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.

Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

Full Access
Question # 12

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

A.

On HQ-FortiGate, enable Auto-negotiate.

B.

On Remote-FortiGate, set Seconds to 43200.

C.

On HQ-FortiGate, enable Diffie-Hellman Group 2.

D.

On HQ-FortiGate, set Encryption to AES256.

Full Access
Question # 13

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

A.

get system status

B.

get system performance status

C.

diagnose sys top

D.

get system arp

Full Access
Question # 14

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.

What is the default behavior when the local disk is full?

A.

Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

B.

No new log is recorded until you manually clear logs from the local disk.

C.

Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

D.

No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Full Access
Question # 15

What devices form the core of the security fabric?

A.

Two FortiGate devices and one FortiManager device

B.

One FortiGate device and one FortiManager device

C.

Two FortiGate devices and one FortiAnalyzer device

D.

One FortiGate device and one FortiAnalyzer device

Full Access
Question # 16

Which two statements ate true about the Security Fabric rating? (Choose two.)

A.

It provides executive summaries of the four largest areas of security focus.

B.

Many of the security issues can be fixed immediately by clicking Apply where available.

C.

The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.

D.

The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.

Full Access
Question # 17

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A.

By default, all interfaces are part of the same broadcast domain.

B.

The existing network IP schema must be changed when installing a transparent mode.

C.

Static routes are required to allow traffic to the next hop.

D.

FortiGate forwards frames without changing the MAC address.

Full Access
Question # 18

Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

A.

FG-traffic

B.

Mgmt

C.

FG-Mgmt

D.

Root

Full Access
Question # 19

Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.

In this scenario, which statement is true?

A.

Apple FaceTime belongs to the custom monitored filter.

B.

The category of Apple FaceTime is being monitored.

C.

Apple FaceTime belongs to the custom blocked filter.

D.

The category of Apple FaceTime is being blocked.

Full Access
Question # 20

Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

A.

Fabric Coverage

B.

Automated Response

C.

Security Posture

D.

Optimization

Full Access
Question # 21

Refer to the exhibit.

Which contains a network diagram and routing table output.

The Student is unable to access Webserver.

What is the cause of the problem and what is the solution for the problem?

A.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

B.

The first reply packet for Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

C.

The first reply packet for Student failed the RPF check.

This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.

D.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.

Full Access
Question # 22

Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

A.

DNS

B.

ping

C.

udp-echo

D.

TWAMP

Full Access
Question # 23

Refer to the exhibit, which contains a static route configuration.

An administrator created a static route for Amazon Web Services.

What CLI command must the administrator use to view the route?

A.

get router info routing-table all

B.

get internet service route list

C.

get router info routing-table database

D.

diagnose firewall proute list

Full Access
Question # 24

Which statement about the IP authentication header (AH) used by IPsec is true?

A.

AH does not provide any data integrity or encryption.

B.

AH does not support perfect forward secrecy.

C.

AH provides data integrity bur no encryption.

D.

AH provides strong data integrity but weak encryption.

Full Access
Question # 25

Which three statements are true regarding session-based authentication? (Choose three.)

A.

HTTP sessions are treated as a single user.

B.

IP sessions from the same source IP address are treated as a single user.

C.

It can differentiate among multiple clients behind the same source IP address.

D.

It requires more resources.

E.

It is not recommended if multiple users are behind the source NAT

Full Access