NSE4_FGT-7.0 Fortinet Exam Questions and Free Practice Test

Question 31

- (Exam Topic 1)
Refer to the exhibits.
Exhibit A.
NSE4_FGT-7.0 dumps exhibit
Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?

A. Change the csf setting on Local-FortiGate (root) to sec configuration-sync local.

B. Change the csf setting on ISFW (downstream) to sec configuracion-sync local.

C. Change the csf setting on Local-FortiGate (root) to sec fabric-objecc-unificacion defaulc.

D. Change the csf setting on ISFW (downstream) to sec fabric-objecc-unificacion defaulc.

Correct Answer:A
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD43820

Question 32

- (Exam Topic 1)
Which two statements are true about the FGCP protocol? (Choose two.)

A. Not used when FortiGate is in Transparent mode

B. Elects the primary FortiGate device

C. Runs only over the heartbeat links

D. Is used to discover FortiGate devices in different HA groups

Correct Answer:BC
Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcp-fortigate-clustering-protocol

Question 33

- (Exam Topic 2)
Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

A. Set the maximum session TTL value for the TELNET service object.

B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

C. Create a new service object for TELNET and set the maximum session TTL.

D. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

Correct Answer:CD

Question 34

- (Exam Topic 2)
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

A. remote user’s public IP address

B. The public IP address of the FortiGate device.

C. The remote user’s virtual IP address.

D. The internal IP address of the FortiGate device.

Correct Answer:D
Source IP seen by the remote resources is FortiGate’s internal IP address and not the user’s IP address

Question 35

- (Exam Topic 2)
Which two types of traffic are managed only by the management VDOM? (Choose two.)

A. FortiGuard web filter queries

B. PKI

C. Traffic shaping

D. DNS

Correct Answer:AD

Question 36

- (Exam Topic 2)
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

A. Configure Source IP Pools.

B. Configure split tunneling in tunnel mode.

C. Configure different SSL VPN realms.

D. Configure host check.

Correct Answer:D

START NSE4_FGT-7.0 EXAM