image


NSE4_FGT-7.0 Dumps

NSE4_FGT-7.0 Braindumps NSE4_FGT-7.0 Real Questions NSE4_FGT-7.0 Practice Test NSE4_FGT-7.0 Actual Questions


Fortinet


NSE4_FGT-7.0


Fortinet NSE 40 - FortiOS 7.0


https://killexams.com/pass4sure/exam-detail/NSE4_FGT-7.0


Question: 60


FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.


Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)

  1. www.exaple.com

  2. www.example.com/index.html

  3. example.com

  4. www.example.com:443


Answer: A,C Explanation:

When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names” "no URLs or wildcard characters are allowed".


Question: 61


Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

  1. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

  2. The client FortiGate requires a manually added route to remote subnets.

  3. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VP

E. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.


Answer: C,D Explanation:

Reference: https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/266506/ssl-vpn-with-certificateauthentication


Question: 62


Which two statements are true about the Security Fabric rating? (Choose two.)

  1. The Security Fabric rating is a free service that comes bundled with all FortiGate devices.

  2. Many of the security issues can be fixed immediately by clicking Apply where available.

  3. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.

  4. It provides executive summaries of the four largest areas of security focus.


Answer: B,C Explanation:

Reference: https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/292634/security-rating


Question: 63


Refer to the exhibits. Exhibit A.


Exhibit B.


image


An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?


  1. Change the csf setting on Local-FortiGate (root) to set configuration-sync local.


  2. Change the csf setting on ISFW (downstream) to set configuration-sync local.


  3. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.


  4. Change the csf setting on ISFW (downstream) to set fabric-object-unification default.


Answer: A Explanation:

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD43820


Question: 64


Refer to the exhibit.


The global settings on a FortiGate device must be changed to align with company security policies.


What does the Administrator account need to access the FortiGate global settings?

  1. Enable two-factor authentication

  2. Change Administrator profile

  3. Change password

  4. Enable restrict access to trusted hosts.


Answer: B Explanation:

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34502


Question: 65


Refer to the exhibit.


image


The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. The override setting is enable for the FortiGate with SN FGVM010000064692.

Which two statements are true? (Choose two.)

  1. FortiGate SN FGVM010000065036 HA uptime has been reset.

  2. FortiGate devices are not in sync because one device is down.

  3. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

  4. FortiGate SN FGVM010000064692 has the higher HA priority.


Answer: A,D Explanation:

Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-withoverride-disabled-default


Question: 66


Refer to the exhibits. Exhibit A.

image


Exhibit B.


image


The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

  1. Change the SSL VPN port on the client.


  2. Change the Server IP address.

  3. Change the idle-timeout.


  4. Change the Server IP address.


Answer: A Explanation:

Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/150494


Question: 67


Refer to the exhibits.


Exhibit A shows system performance output.


image


Exhibit B shows s FortiGate configured with the default configuration of high memory usage thresholds.


image


Based on the system performance output, which two statements are correct? (Choose two.)

  1. FortiGate will start sending all files to FortiSandbox for inspection.

  2. FortiGate has entered conserve mode.

  3. Administrators cannot change the configuration.

  4. Administrators can access FortiGate only through the condole port.


Answer: B,C Explanation:

Reference: https://www.skillfulist.com/fortigate/fortigate-conserve-mode-how-to-stop-it-and-what-it-means/


Question: 68


Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

  1. NetAPI polling can increase bandwidth usage in large networks.

  2. The NetSessionEnum function is used to track user logouts.

  3. The collector agent must search security event logs.

  4. The collector agent uses a Windows API to query DCs for user logins.


Answer: B Explanation:

Reference: https://kb.fortinet.com/kb/microsites/search.do? cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=210966035&stateId=1%200%20210968009%27)


Question: 69

Refer to the exhibit.


image


An administrator is running a sniffer command as shown in the exhibit.


Which three pieces of information are included in the sniffer output? (Choose three.)

  1. Interface name

  2. IP header

  3. Application header

  4. Packet payload

  5. Ethernet header


Answer: A,B,D Explanation:

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=11186


Question: 70

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

  1. Add user accounts to the Ignore User List.

  2. Add the support of NTLM authentication.

  3. Add user accounts to the FortiGate group filter.

  4. Add user accounts to Active Directory (AD).


Answer: A Explanation:

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828


image

6$03/( 48(67,216


7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV


.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP


$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP


([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP


3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV


*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV


8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV


7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\


'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU

.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG