NSE4 v7 Practice Test – Cyber Security, Networking, Technology Courses and Blog

Certification Provider: Fortinet

Exam: NSE 4

Exam Code: NSE4 v7.0

Total Question: 131

Question per Quiz: 60

Updated On: 21 March 2023

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

What is the primary FortiGate election process when the HA override setting is disabled?

Connected monitored ports > Priority > System uptime > FortiGate Serial number

Connected monitored ports > HA uptime > Priority > FortiGate Serial number

Connected monitored ports > System uptime > Priority > FortiGate Serial number

Connected monitored ports > Priority > HA uptime > FortiGate Serial number

None

Which statement about the policy ID number of a firewall policy is true?

It changes when firewall policies are reordered

It defines the order in which rules are processed

It represents the number of objects used in the firewall policy

It is required to modify a firewall policy using the CLI

None

Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

FortiGate SN FGVM010000064692 has the higher HA priority.

FortiGate devices are not in sync because one device is down.

FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

FortiGate SN FGVM010000065036 HA uptime has been reset.

Refer to the exhibit, which contains a session list output. Based on the information shown in the exhibit, which statement is true?

One-to-one NAT IP pool is used in the firewall policy

Port block allocation IP pool is used in the firewall policy

Destination NAT is disabled in the firewall policy

Overload NAT IP pool is used in the firewall policy

None

An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. Which subnet must the administrator configure for the local quick mode selector for site B?

192.168.2.0/24

192.168.1.0/24

192.168.0.0/8

192.168.3.0/24

None

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

The existing network IP schema must be changed when installing a transparent mode FortiGate in the network.

Static routes are required to allow traffic to the next hop.

By default, all interfaces are part of the same broadcast domain.

FortiGate forwards frames without changing the MAC address.

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

NetAPI polling can increase bandwidth usage in large networks.

The NetSessionEnum function is used to track user logouts.

The collector agent uses a Windows API to query DCs for user logins.

The collector agent must search security event logs.

None

Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook. Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts. Which part of the policy configuration must you change to resolve the issue?

The SSL inspection needs to be a deep content inspection

Add Facebook in the URL category in the security policy

Additional application signatures are required to add to the security policy

Force access to Facebook using the HTTP service

None

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

Policy ID

Sequence ID

Log ID

Universally Unique Identifier

None

10.

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

FortiGate automatically negotiates a new security association after the existing security association expires.

FortiGate automatically negotiates different local and remote addresses with the remote peer.

FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

None

11.

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

Virtual IP addresses are used to distinguish between cluster members

A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster

The primary device in the cluster is always assigned IP address 169.254.0.1

Heartbeat interfaces have virtual IP addresses that are manually assigned

12.

Which two statements are true about collector agent standard access mode? (Choose two.)

Standard mode uses Windows convention-NetBios: Domain\Username.

Standard mode security profiles apply to user groups.

Standard access mode supports nested groups.

Standard mode security profiles apply to organizational units (OU).

13.

Refer to the exhibit. The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem. Which two statements are true? (Choose two.)

Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

A static route is required on the To-Internet VDOM to allow LAN users to access the Internet.

Inter-VDOM links are not required between the Root and To-Internet VDOMs because the Root VDOM is used only as a management VDOM.

14.

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

Full Content inspection

Proxy-based inspection

Certificate inspection

Flow-based inspection

None

15.

What devices form the core of the security fabric?

One FortiGate device and one Forti Analyzer device

One FortiGate device and one FortiManager device

Two FortiGate devices and one FortiManager device

Two FortiGate devices and one Forti Analyzer device

None

16.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Search option will be disabled

Policy lookup will be disabled

Interface Pair view will be disabled

By Sequence view will be disabled

None

17.

An administrator wants to configure timeouts for users. Regardless of the user’s behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?

new-session

auth-on-demand

idle-timeout

soft-timeout

hard-timeout

None

18.

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

NGFW policy-based mode policies support only flow inspection

NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

NGFW policy-based mode can only be applied globally and not on individual VDOMs

NGFW policy-based mode does not require the use of central source NAT policy

19.

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

FortiGate points the collector agent to use a remote LDAP server

FortiGate queries AD by using the LDAP to retrieve user group information

FortiGate uses the AD server as the collector agent

FortiGate uses the SMB protocol to read the event viewer logs from the DCs

20.

Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

Source IP is translated to the outgoing interface IP.

Connections are tracked using source port and source MAC address.

This is known as many-to-one NAT.

Port address translation is not used.

21.

Based on the raw logs shown in the exhibit, which statement is correct?

Access to the social networking web filter category was explicitly blocked to all users.

The action on firewall policy ID 1 is set to warning.

The name of the firewall policy is all_users_web.

Social networking web filter category is configured with the action set to authenticate.

None

22.

Which two types of traffic are managed only by the management VDOM? (Choose two.)

Traffic shaping

FortiGuard web filter queries

PKI

DNS

23.

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Dialup User

Static IP Address

Pre-shared Key

Dynamic DNS

None

24.

Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)

Session

Source IP

Spillover

Volume

25.

Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)

Learn

Allow

Exempt

Warning

26.

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Traffic to inappropriate web sites

Server information disclosure attacks

Traffic to botnetservers

SQL injection attacks

Credit card data leaks

27.

Refer to the exhibit, which contains a Performance SLA configuration. An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

There may not be a static route to route the performance SLA traffic.

The Ping protocol is not supported for the public servers that are configured.

You need to turn on the Enable probe packets switch.

Participants configured are not SD-WAN members.

None

28.

An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Change the idle-timeout.

Change the session-ttl.

Change the login-timeout.

Change the udp-idle-timer.

None

29.

Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?

get internet service route list

get router info routing-table database

get router info routing-table all

diagnose firewall proute list

None

30.

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Add user accounts to the Ignore User List

Add the support of NTLM authentication

Add user accounts to the FortiGate group filter

Add user accounts to Active Directory (AD)

None

31.

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

The keyUsage extension must be set to keyCertSign

The issuer must be a public CA

The CA extension must be set to TRUE

The common name on the subject field must use a wildcard name

32.

Refer to the exhibit. Why did FortiGate drop the packet?

It matched an explicitly configured firewall policy with the action DENY.

The next-hop IP address is unreachable.

It matched the default implicit firewall policy.

It failed the RPF check.

None

33.

Refer to the exhibit to view the authentication rule configuration. In this scenario, which statement is true?

IP-based authentication is enabled

Route-based authentication is enabled

Policy-based authentication is enabled

Session-based authentication is enabled

None

34.

Which three statements about a flow-based antivirus profile are correct? (Choose three.)

IPS engine handles the process as a standalone

Optimized performance compared to proxy-based inspection

If the virus is detected, the last packet is delivered to the client

FortiGate buffers the whole file but transmits to the client simultaneously

Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection

35.

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

Implement web filter authentication for the specified website.

Implement a web filter category override for the specified website

Implement a DNS filter for the specified website.

Implement web filter quotas for the specified website

None

36.

wo protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

DNS

TWAMP

ping

udp-echo

37.

Refer to the exhibit showing a debug flow output. Which two statements about the debug flow output are correct? (Choose two.)

A new traffic session is created

The default route is required to receive a reply

A firewall policy allowed the connection

The debug flow is of ICMP traffic

38.

Which two statements about antivirus scanning mode are true? (Choose two.)

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client

In proxy-based inspection mode, files bigger than the buffer size are scanned

In flow-based inspection mode, files bigger than the buffer size are scanned

39.

Refer to the exhibit. Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

10.200.1.1

10.200.1.49

10.200.1.99

10.200.1.149

None

40.

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

DNS

NTP

FortiGate hostname

FortiGuard web filter cache

41.

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Static URL filter, FortiGuard category filter, and advanced filters

DNS-based web filter and proxy-based web filter

Static domain filter, SSL inspection filter, and external connectors filters

FortiGuard category filter and rating filter

None

42.

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

auth-on-demand

new-session

soft-timeout

hard-timeout

Idle-timeout

43.

An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

Create a new service object for HTTP service and set the session TTL to never.

Set the session TTL on the HTTP policy to maximum.

Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

Set the TTL value to never under config system-ttl.

44.

Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

diagnose sys top

diagnose sniffer packet any

execute ping

execute traceroute

get system arp

45.

Refer to the exhibit. What should the administrator do next to troubleshoot the problem?

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

Run a sniffer on the web server.

Capture the traffic using an external sniffer connected to port1.

Execute a debug flow.

Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”

None

46.

Refer to the exhibit. The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Enable restrict access to trusted hosts

Change Administrator profile

Change password

Enable two-factor authentication

None

47.

What are the two results of this configuration? (Choose two.)

An administrator has configured the following settings:
config system setting

set ses-denied-traffic enable

end

config system global

set block -session-timer 30

end

Denied users are blocked for 30 minutes.

Device detection on all interfaces is enforced for 30 minutes

The number of logs generated by denied traffic is reduced

A session for denied traffic is created

48.

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

To encapsulation ESP packets in UDP packets using port 4500.

To dynamically change phase 1 negotiation mode aggressive mode.

To force a new DH exchange with each phase 2 rekey.

To delete intermediary NAT devices in the tunnel path.

49.

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

The administrator can use a third-party radius OTP server.

The administrator can register the same FortiToken on more than one FortiGate.

The administrator must use the user self-registration server.

The administrator must use a FortiAuthenticator device.

None

50.

An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Strict RPF allows packets back to sources with all active routes

Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface

Strict RPF checks the best route back to the source using the incoming interface

The strict RPF check is run on the first sent and reply packet of any new session

None

51.

Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

There is at least one server that lost packets consecutively.

A local FortiManager is one of the servers FortiGate communicates with.

FortiGate is using default FortiGuard communication settings.

One server was contacted to retrieve the contract information.

52.

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

The browser requires a software update.

The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.

FortiGate does not support full SSL inspection when web filtering is enabled.

There are network connectivity issues.

None

53.

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?

IP address

User or User Group

Once Internet Service is selected, no other object can be added

FQDN address

None

54.

Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct if option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

The IPS engine was blocking all traffic

The IPS engine was unable to prevent an intrusion attack

The IPS engine will continue to run in a normal state

The IPS engine was inspecting high volume of traffic

None

55.

An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?

Aggregate interface

Software Switch interface

Redundant interface

VLAN interface

None

56.

IPS Engine is used by which three security features? (Choose three.)

Antivirus in flow-based inspection

Application control

DNS filter

Web application firewall

Web filter in flow-based inspection

57.

Refer to the exhibits. Based on the system performance output, which two statements are correct? (Choose two.)

Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.

Administrators cannot change the configuration

FortiGate will start sending all files to FortiSandbox for inspection

FortiGate has entered conserve mode

Administrators can access FortiGate only through the console port

58.

Which scanning technique on FortiGate can be enabled only on the CLI?

Ransomware scan

Heuristics scan

Trojan scan

Antivirus scan

None

59.

Which two statements are true about the Security Fabric rating?

It provides executive summaries of the four largest areas of security focus

Many of the security issues can be fixed immediately by clicking Apply where available

The Security Fabric rating is a free service that comes bundled with all FortiGate devices

The Security Fabric rating must be run on the root FortiGate device in the Security Fabric

60.

Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)

Traffic belongs to the root VDOM.

This is a security log.

Traffic is blocked because Action is set to DENY in the firewall policy.

Log severity is set to error on FortiGate.

Time's up

2 Comments

Lijo says:

November 6, 2022 at 12:28 pm

after submit ,need to show the correct answers

Organ says:

September 4, 2022 at 11:57 am

I took NSE4 few days before and Passed. Many question from this Quiz are in Exam. Recommend to take this practice test along with Guide. Quite helpful.
Thank You Practonet 🙂

Leave a Reply Cancel