Scribd Logo
Upload

Welcome to Scribd!

  • 60 views

    Fortinet Nse 4 - Fortios 7.0

    Uploaded by

    Jai Vj
    This document contains 10 practice questions for the Fortinet NSE 4 - FortiOS 7.0 exam. It provides the questions, answers, and brief explanations for each question. The questions cover topics like administrator access protocols, sniffer command output, firewall policy IDs, SSL VPN configuration between Fortigates, global settings modification requirements, IPS diagnostic commands, RPF check configuration, DPD configuration, web rating overrides, and the FGCP protocol.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Fortinet Nse 4 - Fortios 7.0

    Uploaded by

    Jai Vj
    60 views8 pages
    This document contains 10 practice questions for the Fortinet NSE 4 - FortiOS 7.0 exam. It provides the questions, answers, and brief explanations for each question. The questions cover topics like administrator access protocols, sniffer command output, firewall policy IDs, SSL VPN configuration between Fortigates, global settings modification requirements, IPS diagnostic commands, RPF check configuration, DPD configuration, web rating overrides, and the FGCP protocol.

    Original Description:

    Original Title

    NSE4_FGT-7.0-demo

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains 10 practice questions for the Fortinet NSE 4 - FortiOS 7.0 exam. It provides the questions, answers, and brief explanations for each question. The questions cover topics like administrator access protocols, sniffer command output, firewall policy IDs, SSL VPN configuration between Fortigates, global settings modification requirements, IPS diagnostic commands, RPF check configuration, DPD configuration, web rating overrides, and the FGCP protocol.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    60 views8 pages

    Fortinet Nse 4 - Fortios 7.0

    Uploaded by

    Jai Vj
    This document contains 10 practice questions for the Fortinet NSE 4 - FortiOS 7.0 exam. It provides the questions, answers, and brief explanations for each question. The questions cover topics like administrator access protocols, sniffer command output, firewall policy IDs, SSL VPN configuration between Fortigates, global settings modification requirements, IPS diagnostic commands, RPF check configuration, DPD configuration, web rating overrides, and the FGCP protocol.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    Fortinet NSE 4 - FortiOS 7.

    0
    Fortinet NSE4_FGT-7.0
    Version Demo

    Total Demo Questions: 10

    Total Premium Questions: 60


    Buy Premium PDF

    https://dumpsarena.com

    sales@dumpsarena.com
    QUESTION NO: 1

    Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

    A. FortiTelemetry

    B. HTTPS

    C. SSH

    D. FTM

    ANSWER: B C

    Explanation:

    Reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/995103/building-security-into-fortios

    QUESTION NO: 2

    Refer to the exhibit.

    DumpsArena - Pass Your Next Certification Exam Fast!


    dumpsarena.com
    An administrator is running a sniffer command as shown in the exhibit.

    Which three pieces of information are included in the sniffer output? (Choose three.)

    A. Interface name

    B. IP header

    C. Application header

    D. Packet payload

    E. Ethernet header

    ANSWER: A B D

    Explanation:

    Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=11186

    QUESTION NO: 3

    DumpsArena - Pass Your Next Certification Exam Fast!


    dumpsarena.com
    Which statement about the policy ID number of a firewall policy is true?

    A. It changes when firewall policies are reordered.

    B. It defines the order in which rules are processed.

    C. It represents the number of objects used in the firewall policy.

    D. It is required to modify a firewall policy using the CLI.

    ANSWER: D

    QUESTION NO: 4

    Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

    A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

    B. The client FortiGate requires a manually added route to remote subnets.

    C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

    D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

    ANSWER: C D

    Explanation:

    Reference: https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/266506/ssl-vpn-with-certificate-authentication

    QUESTION NO: 5

    Refer to the exhibit.

    DumpsArena - Pass Your Next Certification Exam Fast!


    dumpsarena.com
    The global settings on a FortiGate device must be changed to align with company security policies.

    What does the Administrator account need to access the FortiGate global settings?

    A. Enable two-factor authentication

    B. Change Administrator profile

    C. Change password

    D. Enable restrict access to trusted hosts.

    ANSWER: B

    Explanation:

    Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34502

    QUESTION NO: 6

    Refer to the exhibit.

    DumpsArena - Pass Your Next Certification Exam Fast!


    dumpsarena.com
    Examine the intrusion prevention system (IPS) diagnostic command.

    Which statement is correct if option 5 was used with the IPS diagnostic command and the outcome was a decrease in the
    CPU usage?

    A. The IPS engine will continue to run in a normal state.

    B. The IPS engine was unable to prevent an intrusion attack.

    C. The IPS engine was blocking all traffic.

    D. The IPS engine was inspecting high volume of traffic.

    ANSWER: D

    Explanation:

    Reference: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpu-usage

    QUESTION NO: 7

    An administrator has configured a strict RPF check on FortiGate.

    Which statement is true about the strict RPF check?

    A. The strict RPF check is run on the first sent and reply packet of any new session.

    B. Strict RPF checks the best route back to the source using the incoming interface.

    C. Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

    D. Strict RPF allows packets back to sources with ail active routes.

    ANSWER: B

    Explanation:

    DumpsArena - Pass Your Next Certification Exam Fast!


    dumpsarena.com
    Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955

    QUESTION NO: 8

    An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement
    is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

    Which DPD mode on FortiGate will meet the above requirement?

    A. On Demand

    B. Disabled

    C. On Idle

    D. Enabled

    ANSWER: C

    Explanation:

    Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD40813

    QUESTION NO: 9

    FortiGuard categories can be overridden and defined in different categories. To create a web rating override for
    example.com home page, the override must be configured using a specific syntax.

    Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)

    A. www.exaple.com

    B. www.example.com/index.html

    C. example.com

    D. www.example.com:443

    ANSWER: A C

    Explanation:

    When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override
    and define the website in a different category. Web ratings are only for host names— "no URLs or wildcard characters are
    allowed".

    QUESTION NO: 10

    DumpsArena - Pass Your Next Certification Exam Fast!


    dumpsarena.com
    Which two statements are true about the FGCP protocol? (Choose two.)

    A. Is used to discover FortiGate devices in different HA groups

    B. Runs only over the heartbeat links

    C. Elects the primary FortiGate device

    D. Not used when FortiGate is in Transparent mode

    ANSWER: B C

    Explanation:

    Reference: https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcp-fortigate-clustering-protocol

    DumpsArena - Pass Your Next Certification Exam Fast!


    dumpsarena.com

    You might also like