NSE4 v7 Practice Test – Cyber Security, Networking, Technology Courses and Blog

Certification Provider: Fortinet

Exam: NSE 4

Exam Code: NSE4 v7.0

Total Question: 131

Question per Quiz: 60

Updated On: 21 March 2023

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

Refer to the exhibits. Based on the system performance output, which two statements are correct? (Choose two.)

Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.

FortiGate will start sending all files to FortiSandbox for inspection

Administrators cannot change the configuration

FortiGate has entered conserve mode

Administrators can access FortiGate only through the console port

Refer to the exhibit. An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)

Packet payload

Interface name

Ethernet header

Application header

IP header

Which two statements are true about the RPF check? (Choose two.)

The RPF check is run on the first reply packet of any new session.

The RPF check is run on the first sent and reply packet of any new session.

The RPF check is run on the first sent packet of any new session.

RPF is a mechanism that protects FortiGuard and your network from IP spoofing attacks.

Refer to the exhibit. How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose two.)

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-C credentials, the HTTP request will be denied.

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.

The IP version of the sources and destinations in a firewall policy must be different.

The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

The IP version of the sources and destinations in a policy must match.

Refer to the exhibit. Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

The port3 default route has the highest distance

There will be eight routes active in the routing table

The port1 and port2 default routes are active in the routing table

The port3 default route has the lowest metric

What devices form the core of the security fabric?

Two FortiGate devices and one Forti Analyzer device

One FortiGate device and one FortiManager device

Two FortiGate devices and one FortiManager device

One FortiGate device and one Forti Analyzer device

None

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

DNS

FortiGate hostname

FortiGuard web filter cache

NTP

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Pre-shared Key

Static IP Address

Dialup User

Dynamic DNS

None

10.

Which two statements are true about collector agent advanced mode? (Choose two.)

Advanced mode uses Windows convention-NetBios: Domain\Username.

FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

Security profiles can be applied only to user groups, nor individual users.

Advanced mode supports nested or inherited groups.

11.

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

Flow-based inspection

Proxy-based inspection

Full Content inspection

Certificate inspection

None

12.

Refer to the exhibit. The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Change Administrator profile

Enable restrict access to trusted hosts

Enable two-factor authentication

Change password

None

13.

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Static routes are required to allow traffic to the next hop.

The existing network IP schema must be changed when installing a transparent mode FortiGate in the network.

By default, all interfaces are part of the same broadcast domain.

FortiGate forwards frames without changing the MAC address.

14.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Consider the topology:
Application on a Windows machine FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

Set the maximum session TTL value for the TELNET service object.

Create a new service object for TELNET and set the maximum session TTL.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

15.

An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Configure different SSL VPN realms

Configure Source IP Pools

Configure split tunneling in tunnel mode

Configure host check

None

16.

Which two statements are true about the Security Fabric rating?

It provides executive summaries of the four largest areas of security focus

The Security Fabric rating is a free service that comes bundled with all FortiGate devices

The Security Fabric rating must be run on the root FortiGate device in the Security Fabric

Many of the security issues can be fixed immediately by clicking Apply where available

17.

Which two statements are correct about a software switch on FortiGate? (Choose two.)

It can be configured only when FortiGate is operating in NAT mode

All interfaces in the software switch share the same IP address

Can act as a Layer 2 switch as well as a Layer 3 router

It can group only physical interfaces

18.

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

Application control

Web filter in flow-based inspection

DNS filter

Web application firewall

Antivirus in flow-based inspection

19.

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

SSH

FTM

HTTPS

FortiTelemetry

20.

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

set webfilter-cache disable

set protocol udp

set webfilter-force-off disable

set fortiguard-anycast disable

21.

Refer to the exhibits to view the firewall policy and the antivirus profile. Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

The flow-based inspection is used, which resets the last packet to the user.

The volume of traffic being inspected is too high for this model of FortiGate.

The firewall policy performs the full content inspection on the file.

None

22.

Refer to the exhibit, which contains a session diagnostic output. Which statement is true about the session diagnostic output?

The session is a UDP unidirectional state.

The session is a bidirectional UDP connection.

The session is a bidirectional TCP connection.

The session is in TCP ESTABLISHED state.

None

23.

Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

On HQ-FortiGate, enable Diffie-Hellman Group 2.

On Remote-FortiGate, set Seconds to 43200.

On HQ-FortiGate, enable Auto-negotiate.

On HQ-FortiGate, set Encryption to AES256.

None

24.

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

FortiGate does not support full SSL inspection when web filtering is enabled.

The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.

The browser requires a software update.

There are network connectivity issues.

None

25.

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

The internal IP address of the FortiGate device.

The public IP address of the FortiGate device.

The remote user's virtual IP address.

remote user's public IP address

None

26.

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

Intrusion prevention system engine

Antivirus engine

Intrusion prevention system engine

None

27.

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

SSL inspection and authentication policy

Policy rule

Firewall policy

Security policy

28.

An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Disable the RPF check at the FortiGate interface level for the source check.

Disable the RPF check at the FortiGate interface level for the reply check.

Enable asymmetric routing, so the RPF check will be bypassed.

Enable asymmetric routing at the interface level.

None

29.

Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

FG-traffic

Mgmt

Root

FG-Mgmt

30.

Which statement about the policy ID number of a firewall policy is true?

It is required to modify a firewall policy using the CLI

It represents the number of objects used in the firewall policy

It changes when firewall policies are reordered

It defines the order in which rules are processed

None

31.

Refer to the exhibit, which contains a session list output. Based on the information shown in the exhibit, which statement is true?

Destination NAT is disabled in the firewall policy

Overload NAT IP pool is used in the firewall policy

Port block allocation IP pool is used in the firewall policy

One-to-one NAT IP pool is used in the firewall policy

None

32.

Refer to the exhibit. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

Change the SSL VPN port on the client.

Change the Server IP address.

Change the SSL VPN portal to the tunnel.

Change the idle-timeout.

None

33.

Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)

Learn

Warning

Allow

Exempt

34.

Refer to the exhibit. What should the administrator do next to troubleshoot the problem?

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

Capture the traffic using an external sniffer connected to port1.

Run a sniffer on the web server.

Execute a debug flow.

Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”

None

35.

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)

example.com

www.example.com

www.example.com:443

www.example.com/index.html

36.

Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

Customer VDOM

FG-traffic VDOM

Root VDOM

Global VDOM

None

37.

Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?

The firewall policy must be configured in proxy-based inspection mode.

The firewall policy does not apply deep content inspection.

The action on the firewall policy must be set to deny.

Web filter should be enabled on the firewall policy to complement the antivirus profile.

None

38.

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Denial of Service

Web application firewall

Application control

Antivirus

None

39.

Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

FortiGate SN FGVM010000064692 has the higher HA priority.

FortiGate devices are not in sync because one device is down.

FortiGate SN FGVM010000065036 HA uptime has been reset.

FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

40.

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

The firmware image must be manually uploaded to each FortiGate.

Only secondary FortiGate devices are rebooted.

Uninterruptable upgrade is enabled by default.

Traffic load balancing is temporally disabled while upgrading the firmware.

41.

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

File filter

Intrusion prevention

Antivirus scanning

DNS filter

42.

An administrator wants to configure timeouts for users. Regardless of the user’s behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?

auth-on-demand

soft-timeout

new-session

idle-timeout

hard-timeout

None

43.

Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook. Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts. Which part of the policy configuration must you change to resolve the issue?

Add Facebook in the URL category in the security policy

Force access to Facebook using the HTTP service

The SSL inspection needs to be a deep content inspection

Additional application signatures are required to add to the security policy

None

44.

Which statement regarding the firewall policy authentication timeout is true?

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

None

45.

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?

Enabled

On Demand

Disabled

On Idle

None

46.

Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

By default, the admin GUI and SSL VPN portal use the same HTTPS port.

By default, the SSL VPN portal requires the installation of a client’s certificate.

By default, FortiGate uses WINS servers to resolve names.

By default, split tunneling is enabled.

None

47.

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

FortiAnalyzer

FortiSIEM

FortiCloud

FortiSandbox

FortiCache

48.

Which three statements are true regarding session-based authentication? (Choose three.)

HTTP sessions are treated as a single user.

It can differentiate among multiple clients behind the same source IP address.

It requires more resources.

It is not recommended if multiple users are behind the source NAT

IP sessions from the same source IP address are treated as a single user.

49.

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

The interface is a member of a zone.

The interface has been configured for one-arm sniffer.

The interface is a member of a virtual wire pair.

The operation mode is transparent.

Captive portal is enabled in the interface.

50.

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Log downloads from the GUI are limited to the current filter view

Log backups from the CLI can be configured to upload to FTP as a scheduled time

Log backups from the CLI cannot be restored to another FortiGate

Log downloads from the GUI are stored as LZ4 compressed files

51.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Search option will be disabled

Interface Pair view will be disabled

Policy lookup will be disabled

By Sequence view will be disabled

None

52.

Which feature in the Security Fabric takes one or more actions based on event triggers?

Automation Stitches

Security Rating

Fabric Connectors

Logical Topology

None

53.

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Lowest to highest policy ID number.

Source defined as Internet Services in the firewall policy.

Highest to lowest priority defined in the firewall policy.

Destination defined as Internet Services in the firewall policy.

Services defined in the firewall policy.

54.

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.)

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
✑ All traffic must be routed through the primary tunnel when both tunnels are up.
✑ The secondary tunnel must be used only if the primary tunnel goes down.
✑ In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

Enable Dead Peer Detection.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

55.

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

get system arp

diagnose sys top

get system status

get system performance status

None

56.

Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

The sensor will gather a packet log for all matched traffic

The sensor will reset all connections that match these signatures

The sensor will block all attacks aimed at Windows servers

The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature

57.

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

To delete intermediary NAT devices in the tunnel path.

To force a new DH exchange with each phase 2 rekey.

To dynamically change phase 1 negotiation mode aggressive mode.

To encapsulation ESP packets in UDP packets using port 4500.

58.

Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

To generate logs

To remove the NAT operation

To finish any inspection operations

To allow for out-of-order packets that could arrive after the FIN/ACK packets

None

59.

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not. Which configuration option is the most effective way to support this request?

Implement a web filter category override for the specified website.

Implement web filter quotas for the specified website.

Implement a DNS filter for the specified website.

Implement web filter authentication for the specified website.

None

60.

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Traffic to inappropriate web sites

SQL injection attacks

Traffic to botnetservers

Credit card data leaks

Server information disclosure attacks

Time's up

2 Comments

Lijo says:

November 6, 2022 at 12:28 pm

after submit ,need to show the correct answers

Organ says:

September 4, 2022 at 11:57 am

I took NSE4 few days before and Passed. Many question from this Quiz are in Exam. Recommend to take this practice test along with Guide. Quite helpful.
Thank You Practonet 🙂

Leave a Reply Cancel