NSE4_FGT-7.0 Fortinet Exam Questions and Free Practice Test

Question 13

- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
With this configuration, which statement is true?

A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet.

C. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

D. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Correct Answer:A
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46542

Question 14

- (Exam Topic 2)
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A. Subject Key Identifier value

B. SMMIE Capabilities value

C. Subject value

D. Subject Alternative Name value

Correct Answer:A

Question 15

- (Exam Topic 2)
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

A. The Services field prevents SNAT and DNAT from being combined in the same policy.

B. The Services field is used when you need to bundle several VIPs into VIP groups.

C. The Services field removes the requirement to create multiple VIPs for different services.

D. The Services field prevents multiple sources of traffic from using multiple services to connect to a singlecomputer.

Correct Answer:C

Question 16

- (Exam Topic 1)
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

A. Static IP Address

B. Dialup User

C. Dynamic DNS

D. Pre-shared Key

Correct Answer:B
Dialup user is used when the remote peer's IP address is unknown. The remote peer whose IP address is unknown acts as the dialup clien and this is often the case for branch offices and mobile VPN clients that use dynamic IP address and no dynamic DNS

Question 17

- (Exam Topic 1)
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

A. 192.168.1.0/24

B. 192.168.0.0/24

C. 192.168.2.0/24

D. 192.168.3.0/24

Correct Answer:C

Question 18

- (Exam Topic 2)
Which statement about the IP authentication header (AH) used by IPsec is true?

A. AH does not provide any data integrity or encryption.

B. AH does not support perfect forward secrecy.

C. AH provides data integrity bur no encryption.

D. AH provides strong data integrity but weak encryption.

Correct Answer:C

START NSE4_FGT-7.0 EXAM