NSE4_FGT-7.0 Dumps
NSE4_FGT-7.0 Braindumps NSE4_FGT-7.0 Real Questions NSE4_FGT-7.0 Practice Test NSE4_FGT-7.0 Actual Questions
Fortinet NSE 40 - FortiOS 7.0
https://killexams.com/pass4sure/exam-detail/NSE4_FGT-7.0
Question: 60
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)
example.com
www.example.com:443
When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names” "no URLs or wildcard characters are allowed".
Question: 61
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
The client FortiGate requires a manually added route to remote subnets.
The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VP
E. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.
Reference: https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/266506/ssl-vpn-with-certificateauthentication
Question: 62
Which two statements are true about the Security Fabric rating? (Choose two.)
The Security Fabric rating is a free service that comes bundled with all FortiGate devices.
Many of the security issues can be fixed immediately by clicking Apply where available.
The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
It provides executive summaries of the four largest areas of security focus.
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/292634/security-rating
Question: 63
Refer to the exhibits. Exhibit A.
Exhibit B.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
Change the csf setting on Local-FortiGate (root) to set configuration-sync local.
Change the csf setting on ISFW (downstream) to set configuration-sync local.
Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
Change the csf setting on ISFW (downstream) to set fabric-object-unification default.
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD43820
Question: 64
Refer to the exhibit.
The global settings on a FortiGate device must be changed to align with company security policies.
What does the Administrator account need to access the FortiGate global settings?
Enable two-factor authentication
Change Administrator profile
Change password
Enable restrict access to trusted hosts.
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34502
Question: 65
Refer to the exhibit.
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. The override setting is enable for the FortiGate with SN FGVM010000064692.
Which two statements are true? (Choose two.)
FortiGate SN FGVM010000065036 HA uptime has been reset.
FortiGate devices are not in sync because one device is down.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
FortiGate SN FGVM010000064692 has the higher HA priority.
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-withoverride-disabled-default
Question: 66
Refer to the exhibits. Exhibit A.
Exhibit B.
The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?
Change the SSL VPN port on the client.
Change the Server IP address.
Change the idle-timeout.
Change the Server IP address.
Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/150494
Question: 67
Refer to the exhibits.
Exhibit A shows system performance output.
Exhibit B shows s FortiGate configured with the default configuration of high memory usage thresholds.
Based on the system performance output, which two statements are correct? (Choose two.)
FortiGate will start sending all files to FortiSandbox for inspection.
FortiGate has entered conserve mode.
Administrators cannot change the configuration.
Administrators can access FortiGate only through the condole port.
Question: 68
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
NetAPI polling can increase bandwidth usage in large networks.
The NetSessionEnum function is used to track user logouts.
The collector agent must search security event logs.
The collector agent uses a Windows API to query DCs for user logins.
Reference: https://kb.fortinet.com/kb/microsites/search.do? cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=210966035&stateId=1%200%20210968009%27)
Question: 69
Refer to the exhibit.
An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)
Interface name
IP header
Application header
Packet payload
Ethernet header
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=11186
Question: 70
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
Add user accounts to the Ignore User List.
Add the support of NTLM authentication.
Add user accounts to the FortiGate group filter.
Add user accounts to Active Directory (AD).
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828