Question No. 1

Refer to Exhibit.

The exhibit shows the configuration for the SD-WAN member, Performance SLA, and SD-WAN Rule, as well as the output of diagnose sys virtual-wan- link health-check.

Which interface will be selected as an outgoing interface?

Aport2

Bport3

Cport4

Dport1

Show Answer

Correct Answer: A

Port 2 because of its lowest cost against Port1

Question No. 2

Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

AFortiGate uses the AD server as the collector agent.

BFortiGate uses the SMB protocol to read the event viewer logs from the DCs.

CFortiGate does not support workstation check.

DFortiGate directs the collector agent to use a remote LDAP server.

Show Answer

Correct Answer: B, D

Question No. 3

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.

Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

Awww.example.com:443

Bwww.example.com

Cexample.com

Dwww.example.com/index.html

Show Answer

Correct Answer: B, C

FortiGate_Security_6.4 page 384

When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names--- 'no URLs or wildcard characters are allowed'.

Question No. 4

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

AThe firewall policy performs the full content inspection on the file.

BThe flow-based inspection is used, which resets the last packet to the user.

CThe volume of traffic being inspected is too high for this model of FortiGate.

DThe intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

Show Answer

Correct Answer: B

* 'ONLY' If the virus is detected at the 'START' of the connection, the IPS engine sends the block replacement message immediately

* When a virus is detected on a TCP session (FIRST TIME), but where 'SOME PACKETS' have been already forwarded to the receiver, FortiGate 'resets the connection' and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a 'SECOND ATTEMPT' to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.

In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.

Question No. 5

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

AFortiCache

BFortiSIEM

CFortiAnalyzer

DFortiSandbox

EFortiCloud

Show Answer

Correct Answer: B, C, E

Free Fortinet NSE4_FGT-7.0 Exam Actual Questions

The questions for NSE4_FGT-7.0 were last updated On Sep 17, 2024