Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

NSE Fortigate 4 verion 2 exam, Exams of Computer Security

NSE Fortigate 4 NSE Fortigate 4 NSE Fortigate 4 NSE Fortigate 4

Typology: Exams

2024/2025

Available from 04/13/2025

mohamed-nassar
mohamed-nassar 🇺🇸

6 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Check OF The NSE4_FGT-7.0
Dumps Questions
Your answers are shown below:
1. Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
FortiGate uses the AD server as the collector agent.correct
FortiGate uses the SMB protocol to read the event viewer logs from the DCs.correct
FortiGate does not support workstation check.
FortiGate directs the collector agent to use a remote LDAP server.
Question was not answered
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732
2. FortiGuard categories can be overridden and defined in different categories. To create a web rating
override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)
www.exaple.comcorrect
www.example.com/index.html
example.comcorrect
www.example.com:443
Question was not answered
Explanation:
When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating
override and define the website in a different category. Web ratings are only for host names” "no URLs or wildcard
characters are allowed".
3. Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).
Exhibit A.
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download NSE Fortigate 4 verion 2 exam and more Exams Computer Security in PDF only on Docsity!

Check OF The NSE4_FGT-7.

Dumps Questions

Your answers are shown below:

1. Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)  (^) FortiGate uses the AD server as the collector agent.correct  (^) FortiGate uses the SMB protocol to read the event viewer logs from the DCs.correct  (^) FortiGate does not support workstation check.  (^) FortiGate directs the collector agent to use a remote LDAP server. Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD 2. FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)  (^) www.exaple.comcorrect  (^) www.example.com/index.html  (^) example.comcorrect  (^) www.example.com: Question was not answered Explanation: When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names” "no URLs or wildcard characters are allowed". 3. Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Exhibit A.

Exhibit B.

4. Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)  (^) FortiSandbox  (^) FortiCloudcorrect  (^) FortiSIEMcorrect  (^) FortiCache  (^) ForiAnalyzercorrect Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reportingoverview 5. Which statement correctly describes NetAPI polling mode for the FSSO collector agent?  (^) NetAPI polling can increase bandwidth usage in large networks.  (^) The NetSessionEnum function is used to track user logouts.correct  (^) The collector agent must search security event logs.  (^) The collector agent uses a Windows API to query DCs for user logins. Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/microsites/search.do? cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID= 035&stateId=1%200%20210968009%27) 6. Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)  (^) Interface namecorrect  (^) IP headercorrect  (^) Application header  (^) Packet payloadcorrect  (^) Ethernet header Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=

7. Refer to the exhibits. Exhibit A. Exhibit B.

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD

10. Which two statements are true about the Security Fabric rating? (Choose two.)  (^) The Security Fabric rating is a free service that comes bundled with all FortiGate devices.  (^) Many of the security issues can be fixed immediately by clicking Apply where available.correct  (^) The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.correct  (^) It provides executive summaries of the four largest areas of security focus. Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/292634/security-rating 11. An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?  (^) Interface Pair view will be disabled.correct  (^) Search option will be disabled.  (^) Policy lookup will be disabled.  (^) By Sequence view will be disabled. Question was not answered 12. Refer to the exhibit. Given the interfaces shown in the exhibit, which two statements are true? (Choose two.)  (^) Traffic between port2 and port2-vlan1 is allowed by default.  (^) port1-vlan10 and port2-vlan10 are part of the same broadcast domain.  (^) port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.correct  (^) port1 is a native VLAcorrect Question was not answered 13. A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down.

In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.)  (^) Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.  (^) Enable Dead Peer Detection.correct  (^) Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels.  (^) Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.correct Question was not answered

14. Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. The override setting is enable for the FortiGate with SN FGVM010000064692. Which two statements are true? (Choose two.)  (^) FortiGate SN FGVM010000065036 HA uptime has been reset.correct  (^) FortiGate devices are not in sync because one device is down.  (^) FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.  (^) FortiGate SN FGVM010000064692 has the higher HA priority.correct Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-withoverride- disabled-default 15. Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows s FortiGate configured with the default configuration of high memory usage thresholds.

Exhibit B.

The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?  (^) Change the SSL VPN port on the client.correct  (^) Change the Server IP address.  (^) Change the idle-timeout.  (^) Change the Server IP address. Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/

18. Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)  (^) The client FortiGate requires a client certificate signed by the CA on the server FortiGate.correct  (^) The client FortiGate requires a manually added route to remote subnets.  (^) The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPcorrect  (^) Server FortiGate requires a CA certificate to verify the client FortiGate certificate. Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/266506/ssl-vpn-with-certificateauthentication 19. Refer to the exhibit.

Exhibit B. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW). What must the administrator do to synchronize the address object?  (^) Change the csf setting on Local-FortiGate (root) to set configuration-sync local.  (^) Change the csf setting on ISFW (downstream) to set configuration-sync local.  (^) Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default. correct  (^) Change the csf setting on ISFW (downstream) to set fabric-object-unification default. Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD