File Info
| Exam | Fortinet NSE 4 - FortiOS 7.0 |
| Number | NSE4_FGT-7.0 |
| File Name | Fortinet.NSE4_FGT-7.0.VCEplus.2022-06-24.30q.vcex |
| Size | 4 MB |
| Posted | Jun 24, 2022 |
| Download | Fortinet.NSE4_FGT-7.0.VCEplus.2022-06-24.30q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
- FortiGate uses the AD server as the collector agent.
- FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
- FortiGate does not support workstation check.
- FortiGate directs the collector agent to use a remote LDAP server.
Correct answer: BD
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732 Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732
Question 2
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)
- www.example.com:443
- www.example.com
- example.com
- www.example.com/index.html
Correct answer: BC
Explanation:
FortiGate_Security_6.4 page 384When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names-- "no URLs or wildcard characters are allowed". FortiGate_Security_6.4 page 384
When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names-- "no URLs or wildcard characters are allowed".
Question 3
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).
Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
- The firewall policy performs the full content inspection on the file.
- The flow-based inspection is used, which resets the last packet to the user.
- The volume of traffic being inspected is too high for this model of FortiGate.
- The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
Correct answer: B
Explanation:
"ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block replacement message immediatelyWhen a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece of the file. Although the receiver gotmost of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a "SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a blockreplacement message to the client instead of scanning the file again.In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown. "ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block replacement message immediately
When a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece of the file. Although the receiver got
most of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a "SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a block
replacement message to the client instead of scanning the file again.
In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.
Question 4
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
- FortiCache
- FortiSIEM
- FortiAnalyzer
- FortiSandbox
- FortiCloud
Correct answer: BCE
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-andreporting-overview Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-andreporting-overview
Question 5
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- The collector agent uses a Windows API to query DCs for user logins.
- NetAPI polling can increase bandwidth usage in large networks.
- The collector agent must search security event logs.
- The NetSession Enum function is used to track user logouts.
Correct answer: D
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34906https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=210966035&stateId=1%200%20210968009%27) Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34906
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=210966035&stateId=1%200%20210968009%27)
Question 6
Refer to the exhibit.
An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)
- Interface name
- Ethernet header
- IP header
- Application header
- Packet payload
Correct answer: ACE
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=11186 Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=11186
Question 7
Refer to the exhibit.
The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?
- port2
- port4
- port3
- port1
Correct answer: D
Explanation:
Port 1 shows the lowest latency. Port 1 shows the lowest latency.
Question 8
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
- Add the support of NTLM authentication.
- Add user accounts to Active Directory (AD).
- Add user accounts to the FortiGate group fitter.
- Add user accounts to the Ignore User List.
Correct answer: D
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828 Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828
Question 9
Refer to the exhibit.
The global settings on a FortiGate device must be changed to align with company security policies.
What does the Administrator account need to access the FortiGate global settings?
- Change password
- Enable restrict access to trusted hosts
- Change Administrator profile
- Enable two-factor authentication
Correct answer: C
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34502 Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34502
Question 10
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
- Policy lookup will be disabled.
- By Sequence view will be disabled.
- Search option will be disabled
- Interface Pair view will be disabled.
Correct answer: D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821 https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821
