NSE4_FGT-7.0 | Top Tips Of Update NSE4_FGT-7.0 Test Engine

NEW QUESTION 1

Refer to the exhibit.

An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

• A. The Detection Mode setting is not set to Passive.
• B. Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid.
• C. The configured participants are not SD-WAN members.
• D. The Enable probe packets setting is not enabled.

Answer: BD

NEW QUESTION 2

Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.


An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine
whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?

• A. The IPS filter is missing the Protocol: HTTPS option.
• B. The HTTPS signatures have not been added to the sensor.
• C. A DoS policy should be used, instead of an IPS sensor.
• D. A DoS policy should be used, instead of an IPS sensor.
• E. The firewall policy is not using a full SSL inspection profile.

Answer: E

NEW QUESTION 3

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

• A. www.example.com:443
• B. www.example.com
• C. example.com
• D. www.example.com/index.html

Answer: BC

Explanation:
FortiGate_Security_6.4 page 384
When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names— "no URLs or wildcard characters are allowed".

NEW QUESTION 4

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

• A. IP address
• B. Once Internet Service is selected, no other object can be added
• C. User or User Group
• D. FQDN address

Answer: B

Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

NEW QUESTION 5

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

• A. Change password
• B. Enable restrict access to trusted hosts
• C. Change Administrator profile
• D. Enable two-factor authentication

Answer: C

Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34502

NEW QUESTION 6

Refer to the exhibit.

Which contains a Performance SLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

• A. Participants configured are not SD-WAN members.
• B. There may not be a static route to route the performance SLA traffic.
• C. The Ping protocol is not supported for the public servers that are configured.
• D. You need to turn on the Enable probe packets switch.

Answer: D

Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/478384/performance-sla-linkmonitoring

NEW QUESTION 7

In which two ways can RPF checking be disabled? (Choose two )

• A. Enable anti-replay in firewall policy.
• B. Disable the RPF check at the FortiGate interface level for the source check
• C. Enable asymmetric routing.
• D. Disable strict-arc-check under system settings.

Answer: CD

Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955

NEW QUESTION 8

Which statement about video filtering on FortiGate is true?

• A. Full SSL Inspection is not required.
• B. It is available only on a proxy-based firewall policy.
• C. It inspects video files hosted on file sharing services.
• D. Video filtering FortiGuard categories are based on web filter FortiGuard categories.

Answer: B

Explanation:
Reference: https://docs.fortinet.com/document/fortigate/7.0.0/new-features/190873/video-filtering

NEW QUESTION 9

Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How does FortiGate process the traffic sent to http://www.fortinet.com?

• A. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.
• B. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.
• C. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.
• D. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

Answer: D

NEW QUESTION 10

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

• A. Firewall policy
• B. Policy rule
• C. Security policy
• D. SSL inspection and authentication policy

Answer: CD

Explanation:
Reference: https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/38324/ngfw-policy-based-mode

NEW QUESTION 11

Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

• A. Proxy-based inspection
• B. Certificate inspection
• C. Flow-based inspection
• D. Full Content inspection

Answer: AC

NEW QUESTION 12

Which scanning technique on FortiGate can be enabled only on the CLI?

• A. Heuristics scan
• B. Trojan scan
• C. Antivirus scan
• D. Ransomware scan

Answer: A

Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/567568/enabling-scanning

NEW QUESTION 13

Which statement about the IP authentication header (AH) used by IPsec is true?

• A. AH does not provide any data integrity or encryption.
• B. AH does not support perfect forward secrecy.
• C. AH provides data integrity bur no encryption.
• D. AH provides strong data integrity but weak encryption.

Answer: C

NEW QUESTION 14

Refer to the exhibit, which contains a static route configuration.

An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?

• A. get router info routing-table all
• B. get internet service route list
• C. get router info routing-table database
• D. diagnose firewall proute list

Answer: D

Explanation:
Reference: https://docs.fortinet.com/document/fortigate/latest/administration-guide/139692/routing-concepts

NEW QUESTION 15

Which statement regarding the firewall policy authentication timeout is true?

• A. It is an idle timeou
• B. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP.
• C. It is a hard timeou
• D. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired.
• E. It is an idle timeou
• F. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC.
• G. It is a hard timeou
• H. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired.

Answer: A

NEW QUESTION 16

Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a
form-based authentication scheme for the FortiGate local user database. Users will be prompted for
authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.1.1.10 to the destination http://www.fortinet.com? (Choose two.)

• A. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.
• B. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
• C. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.
• D. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

Answer: BD

NEW QUESTION 17

Exhibit:

Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

• A. IP-based authentication is enabled
• B. Route-based authentication is enabled
• C. Session-based authentication is enabled.
• D. Policy-based authentication is enabled

Answer: C

Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD45387

NEW QUESTION 18

Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

• A. Lookup is done on the first packet from the session originator
• B. Lookup is done on the last packet sent from the responder
• C. Lookup is done on every packet, regardless of direction
• D. Lookup is done on the trust reply packet from the responder

Answer: AD

NEW QUESTION 19
......