Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. Fortinet
  3. NSE4
  4. NSE4_FGT-7.0 - Fortinet NSE 4 - FortiOS 7.0
Note! Following NSE4_FGT-7.0 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is NSE4_FGT-7.2

NSE4_FGT-7.0 Exam Dumps - Fortinet NSE 4 - FortiOS 7.0

Go to page:
Question # 17

Which two statements are true about the FGCP protocol? (Choose two.)

A.

Not used when FortiGate is in Transparent mode

B.

Elects the primary FortiGate device

C.

Runs only over the heartbeat links

D.

Is used to discover FortiGate devices in different HA groups

Full Access
Question # 18

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

A.

Disabled

B.

On Demand

C.

Enabled

D.

On Idle

Full Access
Question # 19

Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

A.

Shut down/reboot a downstream FortiGate device.

B.

Disable FortiAnalyzer logging for a downstream FortiGate device.

C.

Log in to a downstream FortiSwitch device.

D.

Ban or unban compromised hosts.

Full Access
Question # 20

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

A.

Addicting.Games is allowed based on the Application Overrides configuration.

B.

Addicting.Games is blocked on the Filter Overrides configuration.

C.

Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D.

Addcting.Games is allowed based on the Categories configuration.

Full Access
Question # 21

Refer to the exhibit.

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

A.

10.200.1.149

B.

10.200.1.1

C.

10.200.1.49

D.

10.200.1.99

Full Access
Question # 22

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A.

Antivirus engine

B.

Intrusion prevention system engine

C.

Flow engine

D.

Detection engine

Full Access
Question # 23

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

A.

The subject field in the server certificate

B.

The serial number in the server certificate

C.

The server name indication (SNI) extension in the client hello message

D.

The subject alternative name (SAN) field in the server certificate

E.

The host field in the HTTP header

Full Access
Question # 24

Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.

In this scenario, which statement is true?

A.

Apple FaceTime belongs to the custom monitored filter.

B.

The category of Apple FaceTime is being monitored.

C.

Apple FaceTime belongs to the custom blocked filter.

D.

The category of Apple FaceTime is being blocked.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps