Download Fortinet NSE 4 -FortiOS 7-0.CertDumps.NSE4_FGT-7.0.2022-09-27.1e.39q.vcex

Download Exam

File Info

Exam Fortinet NSE 4 - FortiOS 7.0
Number NSE4_FGT-7.0
File Name Fortinet NSE 4 -FortiOS 7-0.CertDumps.NSE4_FGT-7.0.2022-09-27.1e.39q.vcex
Size 3.21 Mb
Posted September 27, 2022
Downloads 11

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Coupon: EXAM_HUB

Discount: 20%


Demo Questions

Question 1
An administrator is configuring an IPsec VPN between site A and site A. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is and the remote quick mode selector is subnet must the administrator configure for the local quick mode selector for site B?

  • A:
  • B:
  • C:
  • D:

Question 2
Refer to the exhibit.


The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

  • A: The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.
  • B: The sensor will block all attacks aimed at Windows servers.
  • C: The sensor will reset all connections that match these signatures.
  • D: The sensor will gather a packet log for all matched traffic.

Question 3
Refer to the exhibits.
Exhibit A.


Exhibit B.


The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?

  • A: The SSL inspection needs to be a deep content inspection.
  • B: Force access to Facebook using the HTTP service.
  • C: Additional application signatures are required to add to the security policy.
  • D: Add Facebook in the URL category in the security policy.

Question 4
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

  • A: The keyUsage extension must be set to keyCertSign.
  • B: The common name on the subject field must use a wildcard name.
  • C: The issuer must be a public CA.
  • D: The CA extension must be set to TRUE.

Question 5
Refer to the exhibit.


Which contains a session diagnostic output.
Which statement is true about the session diagnostic output?

  • A: The session is in SYN_SENT state.
  • B: The session is in FIN_ACK state.
  • C: The session is in FTN_WAIT state.
  • D: The session is in ESTABLISHED state.

Question 6
Refer to the exhibit.


An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

  • A: Interface name
  • B: Ethernet header
  • C: IP header
  • D: Application header
  • E: Packet payload

Question 7
Refer to the exhibit.
Exhibit A.


Exhibit B.


The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?

  • A: port2
  • B: port4
  • C: port3
  • D: port1

Question 8
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

  • A: FortiGuard web filter cache
  • B: FortiGate hostname
  • C: NTP
  • D: DNS

Question 9
An administrator has configured the following settings:


What are the two results of this configuration? (Choose two.)

  • A: Device detection on all interfaces is enforced for 30 minutes.
  • B: Denied users are blocked for 30 minutes.
  • C: A session for denied traffic is created.
  • D: The number of logs generated by denied traffic is reduced.

Question 10
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
All traffic must be routed through the primary tunnel when both tunnels are up
The secondary tunnel must be used only if the primary tunnel goes down
In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed on FortiGate to meet the design requirements?
(Choose two,)

  • A: Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
  • B: Enable Dead Peer Detection.
  • C: Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
  • D: Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.



You can buy ProfExam with a 20% discount..

Get Now!


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen


Use VCE Exam Simulator to open VCE files