Fortinet NSE4_FGT-7.0 Actual Free Exam Questions & Community Discussion
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
Correct Answer: B,D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
What is the reason for the failed virus detection by FortiGate?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
Correct Answer: B,D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Refer to the exhibit.
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
Correct Answer: A,D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)
Correct Answer: C,D
Vote an answer
Refer to the exhibit.
The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
Correct Answer: B,C
Vote an answer
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Correct Answer: B
Vote an answer
Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)
Which of the following statements are true? (Choose two.)
Correct Answer: A,C
Vote an answer
Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)
Correct Answer: B,C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Which two statements are true about collector agent standard access mode? (Choose two.)
Correct Answer: A,B
Vote an answer
Which statement regarding the firewall policy authentication timeout is true?
Correct Answer: B
Vote an answer
Examine the exhibit, which contains a virtual IP and firewall policy configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
0
0
0
10