NSE4_FGT-7.0 Online Practice Questions and Answers

Which two statements are true about the FGCP protocol? (Choose two.)

A. Not used when FortiGate is in Transparent mode

B. Elects the primary FortiGate device

C. Runs only over the heartbeat links

D. Is used to discover FortiGate devices in different HA groups

Which statement about video filtering on FortiGate is true?

A. Full SSL Inspection is not required.

B. It is available only on a proxy-based firewall policy.

C. It inspects video files hosted on file sharing services.

D. Video filtering FortiGuard categories are based on web filter FortiGuard categories.

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

A. System event logs

B. Forward traffic logs

C. Local traffic logs

D. Security logs

Exhibit:

Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

A. IP-based authentication is enabled

B. Route-based authentication is enabled

C. Session-based authentication is enabled.

D. Policy-based authentication is enabled

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

A. Warning

B. Exempt

C. Allow

D. Learn

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

A. Source defined as Internet Services in the firewall policy.

B. Destination defined as Internet Services in the firewall policy.

C. Highest to lowest priority defined in the firewall policy.

D. Services defined in the firewall policy.

E. Lowest to highest policy ID number.

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

A. The browser requires a software update.

B. FortiGate does not support full SSL inspection when web filtering is enabled.

C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.

D. There are network connectivity issues.

Which scanning technique on FortiGate can be enabled only on the CLI?

A. Heuristics scan

B. Trojan scan

C. Antivirus scan

D. Ransomware scan

Examine the network diagram shown in the exhibit, then answer the following question: Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]

B. 0.0.0.0/0 [20/0] via 10.4.200.2, port2

C. 10.4.200.0/30 is directly connected, port2

D. 172.16.32.0/24 is directly connected, port1

Examine the exhibit, which contains a virtual IP and firewall policy configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.

The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

A. 10.200.1.10

B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24

C. 10.200.1.1

D. 10.0.1.254