NSE4_FGT-7.0 Fortinet Exam Questions and Free Practice Test

Question 7

- (Exam Topic 1)
Refer to the exhibit showing a debug flow output.
NSE4_FGT-7.0 dumps exhibit
Which two statements about the debug flow output are correct? (Choose two.)

A. The debug flow is of ICMP traffic.

B. A firewall policy allowed the connection.

C. A new traffic session is created.

D. The default route is required to receive a reply.

Correct Answer:AC
Reference: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/54688/debugging-the-packet-flow

Question 8

- (Exam Topic 1)
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

A. FortiCache

B. FortiSIEM

C. FortiAnalyzer

D. FortiSandbox

E. FortiCloud

Correct Answer:BCE
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reporting-overview

Question 9

- (Exam Topic 2)
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scope of application control to the browser-based technology category only.

B. It limits the scope of application control to scan application traffic based on application category only.

C. It limits the scope of application control to scan application traffic using parent signatures only

D. It limits the scope of application control to scan application traffic on DNS protocol only.

Correct Answer:B

Question 10

- (Exam Topic 2)
Examine this FortiGate configuration:
NSE4_FGT-7.0 dumps exhibit
Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

A. It is allowed, but with no inspection

B. It is allowed and inspected as long as the inspection is flow based

C. It is dropped.

D. It is allowed and inspected, as long as the only inspection required is antivirus.

Correct Answer:C

Question 11

- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

A. The Detection Mode setting is not set to Passive.

B. Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid.

C. The configured participants are not SD-WAN members.

D. The Enable probe packets setting is not enabled.

Correct Answer:BD

Question 12

- (Exam Topic 1)
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

A. System time

B. FortiGuaid update servers

C. Operating mode

D. NGFW mode

Correct Answer:CD
C: "Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.
D: "Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM" Page 125 of FortiGate_Infrastructure_6.4_Study_Guide

START NSE4_FGT-7.0 EXAM