What Certified NSE4_FGT-7.0 Practice Question Is

Exam Code: NSE4_FGT-7.0 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet NSE 4 - FortiOS 7.0
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4_FGT-7.0 Exam.

Page: 1 / 14
Total 172 questions Full Exam Access
Question 1
- (Exam Topic 2)
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
My answer: -
Reference answer: CD
Reference analysis:

None

Question 2
- (Exam Topic 2)
Examine this PAC file configuration.
NSE4_FGT-7.0 dumps exhibit
Which of the following statements are true? (Choose two.)
My answer: -
Reference answer: AD
Reference analysis:

None

Question 3
- (Exam Topic 2)
Refer to the exhibit to view the firewall policy.
NSE4_FGT-7.0 dumps exhibit
Which statement is correct if well-known viruses are not being blocked?
My answer: -
Reference answer: A
Reference analysis:

None

Question 4
- (Exam Topic 2)
Examine this FortiGate configuration:
NSE4_FGT-7.0 dumps exhibit
How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
My answer: -
Reference answer: D
Reference analysis:

“What happens to traffic that requires authorization, but does not match any authentication rule? The active and passive SSO schemes to use for those cases is defined under config authentication setting”

Question 5
- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24. The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?
My answer: -
Reference answer: A
Reference analysis:

Reference:
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-firewall/Concepts%20-%20Firewall/Static%20N
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD44529

Question 6
- (Exam Topic 2)
What is the primary FortiGate election process when the HA override setting is disabled?
My answer: -
Reference answer: B
Reference analysis:

Reference: http://myitmicroblog.blogspot.com/2018/11/what-should-you-know-about-ha-override.html

Question 7
- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
My answer: -
Reference answer: AD
Reference analysis:

* 1. Override is disable by default - OK
* 2. "If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the primary" The question here is : HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study Guide.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disab

Question 8
- (Exam Topic 1)
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
My answer: -
Reference answer: B
Reference analysis:

Reference: http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control

Question 9
- (Exam Topic 2)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)
My answer: -
Reference answer: AD
Reference analysis:

None

Question 10
- (Exam Topic 2)
Which two statements are true about the RPF check? (Choose two.)
My answer: -
Reference answer: AD
Reference analysis:

Reference: https://www.programmersought.com/article/16383871634/

Question 11
- (Exam Topic 1)
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
My answer: -
Reference answer: B
Reference analysis:

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955

Question 12
- (Exam Topic 2)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How does FortiGate process the traffic sent to http://www.fortinet.com?
My answer: -
Reference answer: D
Reference analysis:

None

Question 13
- (Exam Topic 1)
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
My answer: -
Reference answer: BC
Reference analysis:

B - because the customer requires the tunnels to notify when a tunnel goes down. DPD is designed for that purpose. To send a packet over a firewall to determine a failover for the next tunnel after a specific amount of time of not receiving a response from its peer.
C - remember when it comes to choosing a route with regards to Administrative Distance. The route with the lowest distance for that particular route will be chosen. So, by configuring a lower routing distance on the primary tunnel, means that the primary tunnel will be chosen to route packets towards their destination.

Question 14
- (Exam Topic 2)
Refer to the exhibit, which contains a session diagnostic output.
NSE4_FGT-7.0 dumps exhibit
Which statement is true about the session diagnostic output?
My answer: -
Reference answer: C
Reference analysis:

None

Question 15
- (Exam Topic 2)
Which of the following statements about central NAT are true? (Choose two.)
My answer: -
Reference answer: AB
Reference analysis:

None

Question 16
- (Exam Topic 2)
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.
NSE4_FGT-7.0 dumps exhibit
NSE4_FGT-7.0 dumps exhibit
An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine
whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?
My answer: -
Reference answer: E
Reference analysis:

None

Question 17
- (Exam Topic 2)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
My answer: -
Reference answer: CD
Reference analysis:

None

Question 18
- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
My answer: -
Reference answer: D
Reference analysis:

Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/168495
Encryption and authentication algorithm needs to match in order for IPSEC be successfully established.

Question 19
- (Exam Topic 2)
Which of the following SD-WAN load –balancing method use interface weight value to distribute traffic? (Choose two.)
My answer: -
Reference answer: CD
Reference analysis:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/49719/configuring-sd-wan-load-balancing

Question 20
- (Exam Topic 1)
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
My answer: -
Reference answer: CD
Reference analysis:

C: "Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.
D: "Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM" Page 125 of FortiGate_Infrastructure_6.4_Study_Guide

Page: 1 / 14
Total 172 questions Full Exam Access