Fortinet NSE 4 - FortiOS 7.0 (NSE4_FGT-7.0) Free Practice Test

Question 1

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not.
Which two configuration changes are the most effective way to support this requirement? (Choose two.)

A. Implement a DNS filter for the specified website.

B. Implement web category authentication for the specified website using a web filter profile.

C. Implement web filter quotas for the specified website.

D. Implement a firewall policy with authentication for the specified users.

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

Examine this output from a debug flow:

Why did the FortiGate drop the packet?

A. It matched the default implicit firewall policy.

B. It matched an explicitly configured firewall policy with the action DENY.

C. The next-hop IP address is unreachable.

D. It failed the RPF check.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

A. FortiGate SN FGVM010000064692 has the higher HA priority.

B. FortiGate SN FGVM010000065036 HA uptime has been reset.

C. FortiGate devices are not in sync because one device is down.

D. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

Correct Answer: A,B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

A. get system performance status

B. get system arp

C. diagnose sys top

D. get system status

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

A. The IPS engine was inspecting high volume of traffic.

B. The IPS engine will continue to run in a normal state.

C. The IPS engine was blocking all traffic.

D. The IPS engine was unable to prevent an intrusion attack.

Correct Answer: A

Question 6

Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?

A. The HTTPS signatures have not been added to the sensor.

B. A DoS policy should be used, instead of an IPS sensor.

C. A DoS policy should be used, instead of an IPS sensor.

D. The IPS filter is missing the Protocol: HTTPS option.

E. The firewall policy is not using a full SSL inspection profile.

Correct Answer: E

Question 7

Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

A. FortiGate does not support workstation check.

B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

C. FortiGate directs the collector agent to use a remote LDAP server.

D. FortiGate uses the AD server as the collector agent.

Correct Answer: B,C

Question 8

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Traffic to botnetservers

B. Server information disclosure attacks

C. SQL injection attacks

D. Credit card data leaks

E. Traffic to inappropriate web sites

Correct Answer: B,C,D

Question 9

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
What order must FortiGate use when the web filter profile has features enabled, such as safe search?

A. DNS-based web filter and proxy-based web filter

B. FortiGuard category filter and rating filter

C. Static domain filter, SSL inspection filter, and external connectors filters

D. Static URL filter, FortiGuard category filter, and advanced filters

Correct Answer: D

Question 10

Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

A. One-to-one NAT IP pool is used in the firewall policy.

B. Overload NAT IP pool is used in the firewall policy.

C. Port block allocation IP pool is used in the firewall policy.

D. Destination NAT is disabled in the firewall policy.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

A. Traffic matching the signature will be allowed and logged.

B. Traffic matching the signature will be silently dropped and logged.

C. The signature setting includes a group of other signatures.

D. The signature setting uses a custom rating threshold.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A. Enable two-factor authentication

B. Change password

C. Change Administrator profile

D. Enable restrict access to trusted hosts

Correct Answer: C

Question 13

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.
Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

A. set webfilter-force-off disable

B. set protocol tcp

C. set webfilter-cache disable

D. set fortiguard-anycast disable

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 14

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A. Once Internet Service is selected, no other object can be added

B. FQDN address

C. IP address

D. User or User Group

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 15

Refer to the exhibit.

Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

A. Participants configured are not SD-WAN members.

B. There may not be a static route to route the performance SLA traffic.

C. The Ping protocol is not supported for the public servers that are configured.

D. You need to turn on the Enable probe packets switch.

Correct Answer: D

Welcome to TestSimulate

Fortinet NSE 4 - FortiOS 7.0 (NSE4_FGT-7.0) Free Practice Test