Spring Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE4_FGT_AD-7.6 Fortinet NSE 4 - FortiOS 7.6 Administrator Exam Practice Test

Fortinet NSE 4 - FortiOS 7.6 Administrator Questions and Answers

Question 1

An administrator has configured a dialup IPsec VPN on FortiGate with add-route enabled. However, the static route is not showing in the routing table. Which two statements about this scenario are correct? (Choose two.)

Options:

A.

The administrator must use a policy route instead of a static route for add-route to work properly.

B.

The administrator must ensure phase 2 is successfully established

C.

The administrator must define the remote network correctly in the phase 2 selectors.

D.

The administrator must enable a dynamic routing protocol on the dialup interface.

Question 2

Which two statements are true about an HA cluster? (Choose two answers)

Options:

A.

An HA cluster cannot have both in-band and out-of-band management interfaces at the same time.

B.

Link failover triggers a failover if the administrator sets the interface down on the primary device.

C.

When sniffing the heartbeat interface, the administrator must see the IP address 169.254.0.2.

D.

HA incremental synchronization includes FIB entries and IPsec SAs.

Question 3

Refer to the exhibit.

Question # 3

Based on the routing table shown in the exhibit, which two statements are true? (Choose two.)

Options:

A.

A packet with the source IP address 10.0.13.10 arriving on port2 is allowed if strict RPF is disabled.

B.

A packet with the source IP address 10.100.110.10 arriving on port2 is allowed if strict RPF is enabled.

C.

A packet with the source IP address 10.100.110.10 arriving on port3 is allowed if strict RPF is disabled.

D.

A packet with the source IP address 10.10.10.10 arriving on port2 is allowed if strict RPF is enabled.

Question 4

Refer to the exhibits.

Question # 4

Question # 4

Question # 4

A diagram of a FortiGate device connected to the network VIP object and firewall policy configurations are shown.

The WAN (port2) interface has the IP address

100.65.0.101/24.

The LAN (port4) interface has the IP address

10.0.11.254/24.

If the host 100.65.1.111 sends a TCP SYN packet on port 443 to 100.65.0.200. what will the source address, destination address, and destination port of the packet be at the time FortiGate forwards the packet to the destination?

Options:

A.

10.0.11.254, 100.65.0.200. and 443, respectively

B.

10.0.11.254, 10.0.15.50, and 4443. respectively

C.

100.65.1. ill, 10.0.11.50, and 4443. respectively

D.

100.65.1.111, 10.0.11.50. and 443. respectively

Question 5

What is the primary FortiGate election process when the HA override setting is enabled? (Choose one answer)

Options:

A.

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.

Connected monitored ports > System uptime > Priority > FortiGate serial number

Question 6

Refer to the exhibit.

Question # 6

What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

Options:

A.

FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.

B.

FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.

C.

FortiGate will close the connection if the SNI does not match the CN or SAN fields.

D.

FortiGate will close the connection if the SNI does not match the CN and SAN fields

Question 7

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Options:

A.

The collector agent uses a Windows API to query DCs for user logins.

B.

The NetSessionEnum function is used to track user logouts.

C.

NetAPI polling can increase bandwidth usage in large networks.

D.

The collector agent must search Windows application event logs.

Question 8

Refer to the exhibit.

Question # 8

An administrator has configured an Application Overrides for the ABC.Com application signature and set the Action to Allow This application control profile is then applied to a firewall policy that is scanning all outbound traffic. Logging is enabled in the firewall policy. To test the configuration, the administrator accessed the ABC.Com web site several times.

Why are there no logs generated under security logs for ABC.Com?

Options:

A.

The ABC Com is hitting the category Excessive-Bandwidth.

B.

The ABC.Com Type is set as Application instead of Filter.

C.

The ABC.Com is configured under application profile, which must be configured as a web filter profile.

D.

The ABC Com Action is set to Allow

Question 9

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.

Which DPD mode on FortiGate meets this requirement?

Options:

A.

On Demand

B.

Enabled

C.

On Idle

D.

Usabled

Question 10

Refer to the exhibit.

Question # 10

The administrator configured SD-WAN rules and set the FortiGate traffic log page to display SD-WAN-specific columns: SD-WAN Quality and SD-WAN Rule Name

FortiGate allows the traffic according to policy ID 1 placed at the top. This is the policy that allows SD-WAN traffic. Despite these settings, the traffic logs do not show the name of the SD-WAN rule used to steer those traffic flows

What could be the reason?

Options:

A.

SD-WAN rule names do not appear immediately. The administrator must refresh the page.

B.

There is no application control profile applied to the firewall policy.

C.

Destinations in the SD-WAN rules are configured for each application, but feature visibility is not enabled.

D.

FortiGate load balanced the traffic according to the implicit SD-WAN rule.

Question 11

A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode. Which step is not part of the expected process?

Options:

A.

The DC agent sends login event data directly to FortiGate.

B.

FortiGate determines user identity based on the IP address in the FSSO list.

C.

The collector agent forwards login event data to FortiGate.

D.

The user logs into the windows domain.

Question 12

You have created a web filter profile named restrictmedia-profile with a daily category usage quota.

When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down.

What could be the reason?

Options:

A.

The web filter profile is already referenced in another firewall policy.

B.

The firewall policy is in no-inspection mode instead of deep-inspection.

C.

The naming convention used in the web filter profile is restricting it in the firewall policy.

D.

The inspection mode in the firewall policy is not matching with web filter profile feature set.

Question 13

Refer to the exhibit.

Question # 13

The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivity. What must the administrator configure to answer this specific request from the NOC team?

Options:

A.

Increase the admintimeout value under config system accprofile noc Access.

B.

increase the of line value of the override idle Timeout parameter in the NOC_Access admin profile.

C.

Move NOC_Access to the top of the list to ensure all profile settings take effect.

D.

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access.

Question 14

How does FortiExtender connect to FortiSASE in a site-based, remote internet access method?

Options:

A.

FortiExtender uses a Virtual Extensible LAN (VXLAN)-over-IPsec connection.

B.

FortiExtender establishes a secure SSL connection using FortiClient.

C.

FortiExtender first connects to a FortiGate LAN extension through a secure web gateway (SWG).

D.

FortiExtender uses the proxy auto-configuration

Question 15

Which three statements explain a flow-based antivirus profile? (Choose three answers)

Options:

A.

FortiGate buffers the whole file but transmits to the client at the same time.

B.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

C.

If a virus is detected, the last packet is delivered to the client.

D.

Flow-based inspection optimizes performance compared to proxy-based inspection.

E.

The IPS engine handles the process as a standalone.

Question 16

You have configured the below commands on a FortiGate.

Question # 16

What would be the impact of this configuration on FortiGate?

Options:

A.

FortiGate will enable strict RPF on all its interfaces and porti will be exempted from RPF checks.

B.

FortiGate will enable strict RPF on all its interfaces and porti will be enable for asymmetric routing.

C.

The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

D.

Port1 will be enabled with flexible RPF. and all other interfaces will be enabled for strict RPF

Question 17

Refer to the exhibit.

Question # 17

An SD-WAN zone configuration on the FortiGate GUI is shown. Based on the exhibit, which statement is true?

Options:

A.

The Underlay zone contains no member.

B.

The virtual-wan-link and overlay zones can be deleted

C.

The Underlay zone is the zone by default.

D.

port2 and port3 are not assigned to a zone.

Question 18

An administrator wanted to configure an IPS sensor to block traffic that triggers the signature set number of times during a specific time period. How can the administrator achieve the objective?

Options:

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS signatures, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.