Download NSE Fortigate 4 verion 2 exam and more Exams Computer Security in PDF only on Docsity!
Check OF The NSE4_FGT-7.
Dumps Questions
Your answers are shown below:
1. Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.) (^) FortiGate uses the AD server as the collector agent.correct (^) FortiGate uses the SMB protocol to read the event viewer logs from the DCs.correct (^) FortiGate does not support workstation check. (^) FortiGate directs the collector agent to use a remote LDAP server. Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD 2. FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating override for the home page? (Choose two.) (^) www.exaple.comcorrect (^) www.example.com/index.html (^) example.comcorrect (^) www.example.com: Question was not answered Explanation: When using FortiGuard category filtering to allow or block access to a website, one option is to make a web rating override and define the website in a different category. Web ratings are only for host names” "no URLs or wildcard characters are allowed". 3. Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Exhibit A.
Exhibit B.
4. Which three options are the remote log storage options you can configure on FortiGate? (Choose three.) (^) FortiSandbox (^) FortiCloudcorrect (^) FortiSIEMcorrect (^) FortiCache (^) ForiAnalyzercorrect Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reportingoverview 5. Which statement correctly describes NetAPI polling mode for the FSSO collector agent? (^) NetAPI polling can increase bandwidth usage in large networks. (^) The NetSessionEnum function is used to track user logouts.correct (^) The collector agent must search security event logs. (^) The collector agent uses a Windows API to query DCs for user logins. Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/microsites/search.do? cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID= 035&stateId=1%200%20210968009%27) 6. Refer to the exhibit.
An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.) (^) Interface namecorrect (^) IP headercorrect (^) Application header (^) Packet payloadcorrect (^) Ethernet header Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=
7. Refer to the exhibits. Exhibit A. Exhibit B.
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD
10. Which two statements are true about the Security Fabric rating? (Choose two.) (^) The Security Fabric rating is a free service that comes bundled with all FortiGate devices. (^) Many of the security issues can be fixed immediately by clicking Apply where available.correct (^) The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.correct (^) It provides executive summaries of the four largest areas of security focus. Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/292634/security-rating 11. An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view? (^) Interface Pair view will be disabled.correct (^) Search option will be disabled. (^) Policy lookup will be disabled. (^) By Sequence view will be disabled. Question was not answered 12. Refer to the exhibit. Given the interfaces shown in the exhibit, which two statements are true? (Choose two.) (^) Traffic between port2 and port2-vlan1 is allowed by default. (^) port1-vlan10 and port2-vlan10 are part of the same broadcast domain. (^) port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.correct (^) port1 is a native VLAcorrect Question was not answered 13. A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down.
In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.) (^) Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel. (^) Enable Dead Peer Detection.correct (^) Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels. (^) Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.correct Question was not answered
14. Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. The override setting is enable for the FortiGate with SN FGVM010000064692. Which two statements are true? (Choose two.) (^) FortiGate SN FGVM010000065036 HA uptime has been reset.correct (^) FortiGate devices are not in sync because one device is down. (^) FortiGate SN FGVM010000064692 is the primary because of higher HA uptime. (^) FortiGate SN FGVM010000064692 has the higher HA priority.correct Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-withoverride- disabled-default 15. Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows s FortiGate configured with the default configuration of high memory usage thresholds.
Exhibit B.
The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN? (^) Change the SSL VPN port on the client.correct (^) Change the Server IP address. (^) Change the idle-timeout. (^) Change the Server IP address. Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/
18. Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.) (^) The client FortiGate requires a client certificate signed by the CA on the server FortiGate.correct (^) The client FortiGate requires a manually added route to remote subnets. (^) The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPcorrect (^) Server FortiGate requires a CA certificate to verify the client FortiGate certificate. Question was not answered Explanation: Reference: https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/266506/ssl-vpn-with-certificateauthentication 19. Refer to the exhibit.
Exhibit B. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW). What must the administrator do to synchronize the address object? (^) Change the csf setting on Local-FortiGate (root) to set configuration-sync local. (^) Change the csf setting on ISFW (downstream) to set configuration-sync local. (^) Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default. correct (^) Change the csf setting on ISFW (downstream) to set fabric-object-unification default. Question was not answered Explanation: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD
