NSE4_FGT-7.0 Fortinet Exam Questions and Free Practice Test

Question 37

- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

A. There are five devices that are part of the security fabric.

B. Device detection is disabled on all FortiGate devices.

C. This security fabric topology is a logical topology view.

D. There are 19 security recommendations for the security fabric.

Correct Answer:CD
References: https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/761085/results
https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/736125/security-fabric-topology

Question 38

- (Exam Topic 1)
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

A. FortiGate uses the AD server as the collector agent.

B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

C. FortiGate does not support workstation check.

D. FortiGate directs the collector agent to use a remote LDAP server.

Correct Answer:BD
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

Question 39

- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

A. On HQ-FortiGate, enable Auto-negotiate.

B. On Remote-FortiGate, set Seconds to 43200.

C. On HQ-FortiGate, enable Diffie-Hellman Group 2.

D. On HQ-FortiGate, set Encryption to AES256.

Correct Answer:D
Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/168495
Encryption and authentication algorithm needs to match in order for IPSEC be successfully established.

Question 40

- (Exam Topic 2)
An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?

A. VLAN interface

B. Software Switch interface

C. Aggregate interface

D. Redundant interface

Correct Answer:C
Reference: https://forum.fortinet.com/tm.aspx?m=120324

Question 41

- (Exam Topic 2)
Which scanning technique on FortiGate can be enabled only on the CLI?

A. Heuristics scan

B. Trojan scan

C. Antivirus scan

D. Ransomware scan

Correct Answer:A
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/567568/enabling-scanning

Question 42

- (Exam Topic 1)
Refer to the exhibit.
NSE4_FGT-7.0 dumps exhibit
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

A. The session is in SYN_SENT state.

B. The session is in FIN_ACK state.

C. The session is in FTN_WAIT state.

D. The session is in ESTABLISHED state.

Correct Answer:A
Indicates TCP (proto=6) session in SYN_SENT state (proto=state=2) https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042

START NSE4_FGT-7.0 EXAM