NSE4_FGT-7.0 Fortinet Exam Questions and Free Practice Test

Question 19

- (Exam Topic 2)
You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

A. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

B. No new log is recorded until you manually clear logs from the local disk.

C. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Correct Answer:C
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/cli-reference/462620/log-disk-setting

Question 20

- (Exam Topic 2)
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
What order must FortiGate use when the web filter profile has features enabled, such as safe search?

A. DNS-based web filter and proxy-based web filter

B. Static URL filter, FortiGuard category filter, and advanced filters

C. Static domain filter, SSL inspection filter, and external connectors filters

D. FortiGuard category filter and rating filter

Correct Answer:B
Reference: https://fortinet121.rssing.com/chan-67705148/all_p1.html

Question 21

- (Exam Topic 2)
An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

B. Create a new service object for HTTP service and set the session TTL to never

C. Set the TTL value to never under config system-ttl

D. Set the session TTL on the HTTP policy to maximum

Correct Answer:BC

Question 22

- (Exam Topic 2)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
Based on the raw log, which two statements are correct? (Choose two.)

A. Traffic is blocked because Action is set to DENY in the firewall policy.

B. Traffic belongs to the root VDOM.

C. This is a security log.

D. Log severity is set to error on FortiGate.

Correct Answer:AC

Question 23

- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24. The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

A. 10.200.1.1

B. 10.200.3.1

C. 10.200.1.100

D. 10.200.1.10

Correct Answer:A
Reference:
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-firewall/Concepts - Firewall/Static N
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD44529

Question 24

- (Exam Topic 2)
Examine this FortiGate configuration:
NSE4_FGT-7.0 dumps exhibit
How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

A. It always authorizes the traffic without requiring authentication.

B. It drops the traffic.

C. It authenticates the traffic using the authentication scheme SCHEME2.

D. It authenticates the traffic using the authentication scheme SCHEME1.

Correct Answer:D
“What happens to traffic that requires authorization, but does not match any authentication rule? The active and passive SSO schemes to use for those cases is defined under config authentication setting”

START NSE4_FGT-7.0 EXAM