Fortinet NSE4-FGT-7-0 Exam Questions
Questions for the NSE4-FGT-7-0 were updated on : Jul 20 ,2024
Page 1 out of 12. Viewing questions 1-15 out of 172
Question 1
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
- A. FortiGate uses the AD server as the collector agent.
- B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
- C. FortiGate does not support workstation check.
- D. FortiGate directs the collector agent to use a remote LDAP server.
Answer:
BD
Explanation:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732
Question 2
FortiGuard categories can be overridden and defined in different categories. To create a web rating
override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)
A.
www.example.com:443
B.
www.example.com
C. example.com
D.
www.example.com/index.html
Answer:
BC
Explanation:
FortiGate_Security_6.4 page 384
When using FortiGuard category filtering to allow or block access to a website, one option is to make
a web rating override and define the website in a different category. Web ratings are only for host
names "no URLs or wildcard characters are allowed".
Question 3
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).
Which statement is correct if a user is unable to receive a block replacement message when
downloading an infected file for the first time?
- A. The firewall policy performs the full content inspection on the file.
- B. The flow-based inspection is used, which resets the last packet to the user.
- C. The volume of traffic being inspected is too high for this model of FortiGate.
- D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
Answer:
B
Explanation:
"ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block
replacement message immediately
When a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been
already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece
of the file. Although the receiver got most of the file content, the file has been truncated and
therefore, cant be opened. The IPS engine also caches the URL of the infected file, so that if a
"SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a block replacement
message to the client instead of scanning the file again.
In flow mode, the FortiGate drops the last packet killing the file. But because of that the block
replacement message cannot be displayed. If the file is attempted to download again the block
message will be shown.
Question 4
Which three options are the remote log storage options you can configure on FortiGate? (Choose
three.)
- A. FortiCache
- B. FortiSIEM
- C. FortiAnalyzer
- D. FortiSandbox
- E. FortiCloud
Answer:
BCE
Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-
reporting-overview
Question 5
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- A. The collector agent uses a Windows API to query DCs for user logins.
- B. NetAPI polling can increase bandwidth usage in large networks.
- C. The collector agent must search security event logs.
- D. The NetSession Enum function is used to track user logouts.
Answer:
D
Explanation:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD34906
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34906
&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=210966035&stateId=1%200%20210968009%2
)
Question 6
Refer to the exhibit.
An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)
- A. Interface name
- B. Ethernet header
- C. IP header
- D. Application header
- E. Packet payload
Answer:
ACE
Explanation:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=11186
Question 7
Refer to the exhibit.
The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of
diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?
- A. port2
- B. port4
- C. port3
- D. port1
Answer:
D
Explanation:
Port 1 shows the lowest latency.
Question 8
An administrator does not want to report the logon events of service accounts to FortiGate. What
setting on the collector agent is required to achieve this?
- A. Add the support of NTLM authentication.
- B. Add user accounts to Active Directory (AD).
- C. Add user accounts to the FortiGate group fitter.
- D. Add user accounts to the Ignore User List.
Answer:
D
Explanation:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828
Question 9
Refer to the exhibit.
The global settings on a FortiGate device must be changed to align with company security policies.
What does the Administrator account need to access the FortiGate global settings?
- A. Change password
- B. Enable restrict access to trusted hosts
- C. Change Administrator profile
- D. Enable two-factor authentication
Answer:
C
Explanation:
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD34502
Question 10
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true
about the policy list view?
- A. Policy lookup will be disabled.
- B. By Sequence view will be disabled.
- C. Search option will be disabled
- D. Interface Pair view will be disabled.
Answer:
D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821
Question 11
Refer to the exhibit.
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
- A. Traffic between port2 and port2-vlan1 is allowed by default.
- B. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
- C. port1 is a native VLAN.
- D. port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
Answer:
CD
Explanation:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-rules-about-VLAN-configuration-and-
VDOM-interface/ta-p/197640?externalID=FD31639
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30883
Question 12
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two
IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed on FortiGate to meet the design requirements?
(Choose two,)
- A. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
- B. Enable Dead Peer Detection.
- C. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
- D. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
Answer:
BC
Explanation:
B - because the customer requires the tunnels to notify when a tunnel goes down. DPD is designed
for that purpose. To send a packet over a firewall to determine a failover for the next tunnel after a
specific amount of time of not receiving a response from its peer.
C - remember when it comes to choosing a route with regards to Administrative Distance. The route
with the lowest distance for that particular route will be chosen. So, by configuring a lower routing
distance on the primary tunnel, means that the primary tunnel will be chosen to route packets
towards their destination.
Question 13
Refer to the exhibit.
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)
- A. FortiGate SN FGVM010000065036 HA uptime has been reset.
- B. FortiGate devices are not in sync because one device is down.
- C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
- D. FortiGate SN FGVM010000064692 has the higher HA priority.
Answer:
AD
Explanation:
1. Override is disable by default - OK
2. "If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime
of the other FortiGate devices, it becomes the primary" The question here is : HA Uptime of
FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study
Guide.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-
override-disabled-default
Question 14
Refer to the exhibits.
Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default
configuration of high memory usage thresholds. Based on the system performance output, which
two statements are correct? (Choose two.)
- A. Administrators can access FortiGate only through the console port.
- B. FortiGate has entered conserve mode.
- C. FortiGate will start sending all files to FortiSandbox for inspection.
- D. Administrators cannot change the configuration.
Answer:
BD
Explanation:
Reference:
https://www.skillfulist.com/fortigate/fortigate-conserve-mode-how-to-stop-it-and-what-
it-means/
Question 15
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting
in both sites has been configured as Static IP Address. For site A, the local quick mode selector is
192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?
- A. 192.168.1.0/24
- B. 192.168.0.0/24
- C. 192.168.2.0/24
- D. 192.168.3.0/24
Answer:
C