An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Strict RPF checks the best route back to the source using the incoming interface

The strict RPF check is run on the first sent and reply packet of any new session.

Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.

Strict RPF allows packets back to sources with all active routes

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Enable restrict access to trusted hosts

Enable two-factor authentication

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

Intrusion prevention system engine

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

Interface Pair view will be disabled.

Policy lookup will be disabled.

By Sequence view will be disabled

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Add user accounts to the Ignore User List.

Add the support of NTLM authentication

Add user accounts to Active Directory (AD).

Add user accounts to the FortiGate group fitter

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

One-to-one NAT IP pool is used in the firewall policy.

Destination NAT is disabled in the firewall policy.

Overload NAT IP pool is used in the firewall policy

Port block allocation IP pool is used in the firewall policy

Which two statements are true about the FGCP protocol? (Choose two.)

Elects the primary FortiGate device

Runs only over the heartbeat links

Not used when FortiGate is in Transparent mode

Is used to discover FortiGate devices in different HA groups

How does FortiGate act when using SSL VPN in web mode?

FortiGate acts as an HTTP reverse proxy.

FortiGate acts as an FDS server

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

The client FortiGate requires a client certificate signed by the CA on the server FortiGate

The client FortiGate requires a manually added route to remote subnets.

A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the reason for the failed virus detection by FortiGate?

SSL/SSH Inspection profile is incorrect

Application control is not enabled

Antivirus profile configuration is incorrect

Antivirus definitions are not up to date

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

FortiGate queries AD by using the LDAP to retrieve user group information.

FortiGate points the collector agent to use a remote LDAP server.

FortiGate uses the AD server as the collector agent.

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

To detect intermediary NAT devices in the tunnel path.

To encapsulation ESP packets in UDP packets using port 4500.

To dynamically change phase 1 negotiation mode aggressive mode

To force a new DH exchange with each phase 2 rekey.

Exam Questions NSE4_FGT-7.0 Fortinet NSE 4 - FortiOS 7.0

Authored by Romina Valor

Computers

Professional Development

Used 16+ times

Exam Questions NSE4_FGT-7.0 Fortinet NSE 4 - FortiOS 7.0

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

22 questions

Show all answers

MULTIPLE CHOICE QUESTION

15 mins • 5 pts

An administrator wants to configure timeouts for users. Regardless of the user€™s behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?

auth-on-demand

soft-timeout

idle-timeout

new-session

hard-timeout

MULTIPLE SELECT QUESTION

15 mins • 5 pts

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

FortiCache

FortiSIEM

FortiAnalyzer

FortiSandbox

FortiCloud

MULTIPLE SELECT QUESTION

15 mins • 5 pts

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

System time

FortiGuaid update servers

Operating mode

NGFW mode

MULTIPLE CHOICE QUESTION

15 mins • 5 pts

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

The signature setting uses a custom rating threshold.

The signature setting includes a group of other signatures.

Traffic matching the signature will be allowed and logged.

Traffic matching the signature will be silently dropped and logged

MULTIPLE CHOICE QUESTION

15 mins • 5 pts

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

The collector agent uses a Windows API to query DCs for user logins.

NetAPI polling can increase bandwidth usage in large networks.

The collector agent must search security event logs.

The NetSession Enum function is used to track user logouts

MULTIPLE CHOICE QUESTION

15 mins • 5 pts

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?

Disabled

On Demand

Enabled

On Idle

MULTIPLE SELECT QUESTION

15 mins • 5 pts

An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

The Detection Mode setting is not set to Passive.

Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid.

The configured participants are not SD-WAN members.

The Enable probe packets setting is not enabled.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Part 3.5

Quiz

•

Professional Development

24 questions

CCNA 2 chapter 1

Quiz

•

1st Grade - Professio...

25 questions

SEC+ 001-025

Quiz

•

Professional Development

20 questions

CompTIA Sec+

Quiz

•

University - Professi...

18 questions

Cisco Unified Communications Quiz

Quiz

•

Professional Development

20 questions

A+ - 10A - Configure Windows User Settings

Quiz

•

Professional Development

18 questions

A+ - 11B - Use Performance and Troubleshooting Tools

Quiz

•

Professional Development

20 questions

Part 2.1

Quiz

•

Professional Development

Popular Resources on Wayground

25 questions

The Ultimate College Knowledge Quiz

Quiz

•

8th Grade

20 questions

Math Review

Quiz

•

3rd Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Math Review

Quiz

•

6th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

20 questions

Guess The App

Quiz

•

KG - Professional Dev...

11 questions

dog breeds

Quiz

•

3rd Grade - Professio...

15 questions

Trivia

Quiz

•

Professional Development

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

19 questions

Minecraft

Quiz

•

6th Grade - Professio...

20 questions

Disney characters

Quiz

•

KG - Professional Dev...