Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

NSE4_FGT-7.0 Exam Dumps - Fortinet NSE4 Questions and Answers

Question # 14

Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

Options:

A.

It always authorizes the traffic without requiring authentication.

B.

It drops the traffic.

C.

It authenticates the traffic using the authentication scheme SCHEME2.

D.

It authenticates the traffic using the authentication scheme SCHEME1.

Buy Now
Question # 15

Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

Options:

A.

Root VDOM

B.

FG-traffic VDOM

C.

Customer VDOM

D.

Global VDOM

Buy Now
Question # 16

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

Options:

A.

Firewall policy

B.

Policy rule

C.

Security policy

D.

SSL inspection and authentication policy

Buy Now
Question # 17

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.

What is the default behavior when the local disk is full?

Options:

A.

Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

B.

No new log is recorded until you manually clear logs from the local disk.

C.

Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

D.

No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Buy Now
Question # 18

Refer to the exhibit.

The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.

Which interface will be selected as an outgoing interface?

Options:

A.

port2

B.

port4

C.

port3

D.

port1

Buy Now
Question # 19

Which statement about video filtering on FortiGate is true?

Options:

A.

Full SSL Inspection is not required.

B.

It is available only on a proxy-based firewall policy.

C.

It inspects video files hosted on file sharing services.

D.

Video filtering FortiGuard categories are based on web filter FortiGuard categories.

Buy Now
Question # 20

The exhibit shows the configuration for the SD-WAN member, Performance SLA, and SD-WAN Rule, as well as the output of diagnose sys virtual-wan- link health-check.

Which interface will be selected as an outgoing interface?

Options:

A.

port2

B.

port3

C.

port4

D.

port1

Buy Now
Question # 21

Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

Options:

A.

The SSL inspection needs to be a deep content inspection.

B.

Force access to Facebook using the HTTP service.

C.

Additional application signatures are required to add to the security policy.

D.

Add Facebook in the URL category in the security policy.

Buy Now
Question # 22

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

* All traffic must be routed through the primary tunnel when both tunnels are up

* The secondary tunnel must be used only if the primary tunnel goes down

* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

Options:

A.

Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

B.

Enable Dead Peer Detection.

C.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

D.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Buy Now
Question # 23

A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.

Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

Options:

A.

The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

B.

The two VLAN sub interfaces must have different VLAN IDs.

C.

The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.

D.

The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

Buy Now
Exam Code: NSE4_FGT-7.0
Exam Name: Fortinet NSE 4 - FortiOS 7.0
Last Update: Mar 9, 2025
Questions: 173
NSE4_FGT-7.0 pdf

NSE4_FGT-7.0 PDF

$25.5  $84.99
 Add to Cart
NSE4_FGT-7.0 Engine

NSE4_FGT-7.0 Testing Engine

$28.5  $94.99
 Add to Cart
NSE4_FGT-7.0 PDF + Engine

NSE4_FGT-7.0 PDF + Testing Engine

$40.5  $134.99
 Add to Cart