NSE4 v7 Practice Test – Cyber Security, Networking, Technology Courses and Blog

Certification Provider: Fortinet

Exam: NSE 4

Exam Code: NSE4 v7.0

Total Question: 131

Question per Quiz: 60

Updated On: 21 March 2023

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

Web filter in flow-based inspection

Application control

Antivirus in flow-based inspection

DNS filter

Web application firewall

Which scanning technique on FortiGate can be enabled only on the CLI?

Ransomware scan

Trojan scan

Heuristics scan

Antivirus scan

None

Which three methods are used by the collector agent for AD polling? (Choose three.)

NetAPI

FortiGate polling

WMI

Novell API

WinSecLog

Which statement regarding the firewall policy authentication timeout is true?

It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

None

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Only secondary FortiGate devices are rebooted.

Traffic load balancing is temporally disabled while upgrading the firmware.

Uninterruptable upgrade is enabled by default.

The firmware image must be manually uploaded to each FortiGate.

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

The issuer must be a public CA

The common name on the subject field must use a wildcard name

The CA extension must be set to TRUE

The keyUsage extension must be set to keyCertSign

Which two statements are correct about a software switch on FortiGate? (Choose two.)

All interfaces in the software switch share the same IP address

Can act as a Layer 2 switch as well as a Layer 3 router

It can be configured only when FortiGate is operating in NAT mode

It can group only physical interfaces

Refer to the exhibit. Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

There are five devices that are part of the security fabric.

Device detection is disabled on all FortiGate devices.

This security fabric topology is a logical topology view.

There are 19 security recommendations for the security fabric

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.

The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

The IP version of the sources and destinations in a policy must match.

The IP version of the sources and destinations in a firewall policy must be different.

10.

wo protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

TWAMP

ping

DNS

udp-echo

11.

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

get system status

get system performance status

get system arp

diagnose sys top

None

12.

Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)

Source IP

Volume

Session

Spillover

13.

What devices form the core of the security fabric?

One FortiGate device and one Forti Analyzer device

Two FortiGate devices and one FortiManager device

Two FortiGate devices and one Forti Analyzer device

One FortiGate device and one FortiManager device

None

14.

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Log downloads from the GUI are stored as LZ4 compressed files

Log backups from the CLI can be configured to upload to FTP as a scheduled time

Log downloads from the GUI are limited to the current filter view

Log backups from the CLI cannot be restored to another FortiGate

15.

How does FortiGate act when using SSL VPN in web mode?

FortiGate acts as an HTTP reverse proxy.

FortiGate acts as router.

FortiGate acts as an FDS server.

FortiGate acts as DNS server.

None

16.

Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

diagnose sniffer packet any

execute traceroute

get system arp

diagnose sys top

execute ping

17.

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Add user accounts to the Ignore User List

Add user accounts to Active Directory (AD)

Add the support of NTLM authentication

Add user accounts to the FortiGate group filter

None

18.

Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

On HQ-FortiGate, enable Diffie-Hellman Group 2.

On HQ-FortiGate, enable Auto-negotiate.

On Remote-FortiGate, set Seconds to 43200.

On HQ-FortiGate, set Encryption to AES256.

None

19.

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

auth-on-demand

hard-timeout

new-session

soft-timeout

Idle-timeout

20.

Which of statement is true about SSL VPN web mode?

It supports a limited number of protocols.

It assigns a virtual IP address to the client.

The external network application sends data through the VPN.

The tunnel is up while the client is connected.

None

21.

Which two statements about antivirus scanning mode are true? (Choose two.)

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client

In proxy-based inspection mode, files bigger than the buffer size are scanned

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client

In flow-based inspection mode, files bigger than the buffer size are scanned

22.

Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

Traffic matching the signature will be silently dropped and logged.

The signature setting includes a group of other signatures.

Traffic matching the signature will be allowed and logged.

The signature setting uses a custom rating threshold.

None

23.

Refer to the exhibits to view the firewall policy and the antivirus profile. Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

The volume of traffic being inspected is too high for this model of FortiGate.

The flow-based inspection is used, which resets the last packet to the user.

The firewall policy performs the full content inspection on the file.

None

24.

Examine the two static routes shown in the exhibit, then answer the following question. Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

FortiGate will load balance all traffic across both routes.

FortiGate will only actuate the port1 route in the routing table

FortiGate will use the port1 route as the primary candidate.

FortiGate will route twice as much traffic to the port2 route

None

25.

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

NTP

FortiGuard web filter cache

DNS

FortiGate hostname

26.

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

Firewall policy

Policy rule

SSL inspection and authentication policy

Security policy

27.

In an explicit proxy setup, where is the authentication method and database configured?

Proxy Policy

Firewall Policy

Authentication scheme

Authentication Rule

None

28.

Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

Port address translation is not used.

This is known as many-to-one NAT.

Connections are tracked using source port and source MAC address.

Source IP is translated to the outgoing interface IP.

29.

An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?

Software Switch interface

Aggregate interface

Redundant interface

VLAN interface

None

30.

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.)

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
✑ All traffic must be routed through the primary tunnel when both tunnels are up.
✑ The secondary tunnel must be used only if the primary tunnel goes down.
✑ In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Enable Dead Peer Detection.

Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

31.

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

The host field in the HTTP header

The subject field in the server certificate

The server name indication (SNI) extension in the client hello message

The subject alternative name (SAN) field in the server certificate

The serial number in the server certificate

32.

Refer to the exhibit. Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.

10.200.1.1

10.200.1.10

10.200.3.1

10.200.1.100

None

33.

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

FortiSIEM

FortiCloud

FortiSandbox

FortiAnalyzer

FortiCache

34.

Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?

Web filter should be enabled on the firewall policy to complement the antivirus profile.

The action on the firewall policy must be set to deny.

The firewall policy does not apply deep content inspection.

The firewall policy must be configured in proxy-based inspection mode.

None

35.

Refer to the exhibit. Why did FortiGate drop the packet?

It failed the RPF check.

It matched an explicitly configured firewall policy with the action DENY.

It matched the default implicit firewall policy.

The next-hop IP address is unreachable.

None

36.

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

FortiGate uses the AD server as the collector agent

FortiGate queries AD by using the LDAP to retrieve user group information

FortiGate uses the SMB protocol to read the event viewer logs from the DCs

FortiGate points the collector agent to use a remote LDAP server

37.

An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Configure Source IP Pools

Configure different SSL VPN realms

Configure host check

Configure split tunneling in tunnel mode

None

38.

Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

Proxy-based inspection

Flow-based inspection

Certificate inspection

Full Content inspection

39.

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

FTM

SSH

FortiTelemetry

HTTPS

40.

Which two statements are true about the FGCP protocol? (Choose two.)

Not used when FortiGate is in Transparent mode

Runs only over the heartbeat links

Is used to discover FortiGate devices in different HA groups

Elects the primary FortiGate device

41.

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?

Enabled

On Demand

Disabled

On Idle

None

42.

Refer to the exhibit showing a debug flow output. Which two statements about the debug flow output are correct? (Choose two.)

The default route is required to receive a reply

A new traffic session is created

The debug flow is of ICMP traffic

A firewall policy allowed the connection

43.

IPS Engine is used by which three security features? (Choose three.)

DNS filter

Antivirus in flow-based inspection

Application control

Web application firewall

Web filter in flow-based inspection

44.

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

The primary device in the cluster is always assigned IP address 169.254.0.1

Heartbeat interfaces have virtual IP addresses that are manually assigned

A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster

Virtual IP addresses are used to distinguish between cluster members

45.

Refer to the exhibit. The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

If there is a fall-through policy in place, users will not be prompted for authentication.

Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.

Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.

Authentication is enforced at a policy level; all users will be prompted for authentication.

None

46.

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

DNS-based web filter and proxy-based web filter

Static URL filter, FortiGuard category filter, and advanced filters

FortiGuard category filter and rating filter

Static domain filter, SSL inspection filter, and external connectors filters

None

47.

Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

To allow for out-of-order packets that could arrive after the FIN/ACK packets

To generate logs

To remove the NAT operation

To finish any inspection operations

None

48.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Interface Pair view will be disabled

Policy lookup will be disabled

Search option will be disabled

By Sequence view will be disabled

None

49.

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)

www.example.com:443

example.com

www.example.com/index.html

www.example.com

50.

Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)

Learn

Exempt

Allow

Warning

51.

Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

Customer VDOM

FG-traffic VDOM

Root VDOM

Global VDOM

None

52.

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

The client FortiGate requires a manually added route to remote subnets.

Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

53.

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Source defined as Internet Services in the firewall policy.

Lowest to highest policy ID number.

Highest to lowest priority defined in the firewall policy.

Destination defined as Internet Services in the firewall policy.

Services defined in the firewall policy.

54.

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

remote user's public IP address

The remote user's virtual IP address.

The internal IP address of the FortiGate device.

The public IP address of the FortiGate device.

None

55.

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Static routes are required to allow traffic to the next hop.

The existing network IP schema must be changed when installing a transparent mode FortiGate in the network.

FortiGate forwards frames without changing the MAC address.

By default, all interfaces are part of the same broadcast domain.

56.

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Antivirus

Web application firewall

Application control

Denial of Service

None

57.

Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook. Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts. Which part of the policy configuration must you change to resolve the issue?

Additional application signatures are required to add to the security policy

The SSL inspection needs to be a deep content inspection

Add Facebook in the URL category in the security policy

Force access to Facebook using the HTTP service

None

58.

An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Enable asymmetric routing, so the RPF check will be bypassed.

Disable the RPF check at the FortiGate interface level for the reply check.

Enable asymmetric routing at the interface level.

Disable the RPF check at the FortiGate interface level for the source check.

None

59.

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

The collector agent must search security event logs.

The NetSessionEnum function is used to track user logouts.

NetAPI polling can increase bandwidth usage in large networks.

The collector agent uses a Windows API to query DCs for user logins.

None

60.

Refer to the exhibits. Based on the system performance output, which two statements are correct? (Choose two.)

Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.

Administrators cannot change the configuration

FortiGate has entered conserve mode

FortiGate will start sending all files to FortiSandbox for inspection

Administrators can access FortiGate only through the console port

Time's up

2 Comments

Lijo says:

November 6, 2022 at 12:28 pm

after submit ,need to show the correct answers

Organ says:

September 4, 2022 at 11:57 am

I took NSE4 few days before and Passed. Many question from this Quiz are in Exam. Recommend to take this practice test along with Guide. Quite helpful.
Thank You Practonet 🙂

Leave a Reply Cancel