NSE4 v7 Practice Test – Cyber Security, Networking, Technology Courses and Blog

Certification Provider: Fortinet

Exam: NSE 4

Exam Code: NSE4 v7.0

Total Question: 131

Question per Quiz: 60

Updated On: 21 March 2023

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

How does FortiGate act when using SSL VPN in web mode?

FortiGate acts as an HTTP reverse proxy.

FortiGate acts as an FDS server.

FortiGate acts as DNS server.

FortiGate acts as router.

None

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

Flow-based inspection

Certificate inspection

Proxy-based inspection

Full Content inspection

None

Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)

Traffic is blocked because Action is set to DENY in the firewall policy.

This is a security log.

Traffic belongs to the root VDOM.

Log severity is set to error on FortiGate.

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Traffic to inappropriate web sites

Traffic to botnetservers

Server information disclosure attacks

SQL injection attacks

Credit card data leaks

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?

Disabled

On Idle

Enabled

On Demand

None

Refer to the exhibit. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

Change the Server IP address.

Change the SSL VPN portal to the tunnel.

Change the idle-timeout.

Change the SSL VPN port on the client.

None

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

NetAPI polling can increase bandwidth usage in large networks.

The collector agent uses a Windows API to query DCs for user logins.

The collector agent must search security event logs.

The NetSessionEnum function is used to track user logouts.

None

Refer to the exhibit showing a debug flow output. Which two statements about the debug flow output are correct? (Choose two.)

A firewall policy allowed the connection

A new traffic session is created

The default route is required to receive a reply

The debug flow is of ICMP traffic

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

The server name indication (SNI) extension in the client hello message

The host field in the HTTP header

The subject field in the server certificate

The serial number in the server certificate

The subject alternative name (SAN) field in the server certificate

10.

Refer to the exhibit. Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

The port1 and port2 default routes are active in the routing table

There will be eight routes active in the routing table

The port3 default route has the highest distance

The port3 default route has the lowest metric

11.

Based on the raw logs shown in the exhibit, which statement is correct?

The name of the firewall policy is all_users_web.

Social networking web filter category is configured with the action set to authenticate.

Access to the social networking web filter category was explicitly blocked to all users.

The action on firewall policy ID 1 is set to warning.

None

12.

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

It limits the scanning of application traffic to the application category only.

It limits the scanning of application traffic to use parent signatures only.

It limits the scanning of application traffic to the browser-based technology category only.

It limits the scanning of application traffic to the DNS protocol only.

None

13.

Refer to the exhibit. What should the administrator do next to troubleshoot the problem?

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”

Execute a debug flow.

Run a sniffer on the web server.

Capture the traffic using an external sniffer connected to port1.

None

14.

Refer to the exhibit. Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.

10.200.1.10

10.200.3.1

10.200.1.100

10.200.1.1

None

15.

Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

FortiGate is using default FortiGuard communication settings.

There is at least one server that lost packets consecutively.

One server was contacted to retrieve the contract information.

A local FortiManager is one of the servers FortiGate communicates with.

16.

wo protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

ping

udp-echo

DNS

TWAMP

17.

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

Policy ID

Log ID

Sequence ID

Universally Unique Identifier

None

18.

An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?

Software Switch interface

VLAN interface

Redundant interface

Aggregate interface

None

19.

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

The administrator must use a FortiAuthenticator device.

The administrator can register the same FortiToken on more than one FortiGate.

The administrator can use a third-party radius OTP server.

The administrator must use the user self-registration server.

None

20.

IPS Engine is used by which three security features? (Choose three.)

Web application firewall

DNS filter

Application control

Web filter in flow-based inspection

Antivirus in flow-based inspection

21.

Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

Fabric Coverage

Security Posture

Automated Response

Optimization

None

22.

Which two statements are true about collector agent advanced mode? (Choose two.)

Advanced mode supports nested or inherited groups.

FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

Security profiles can be applied only to user groups, nor individual users.

Advanced mode uses Windows convention-NetBios: Domain\Username.

23.

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

The operation mode is transparent.

Captive portal is enabled in the interface.

The interface is a member of a zone.

The interface has been configured for one-arm sniffer.

The interface is a member of a virtual wire pair.

24.

Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)

Volume

Session

Source IP

Spillover

25.

A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the reason for the failed virus detection by FortiGate?

Antivirus definitions are not up to date

Application control is not enabled

Antivirus profile configuration is incorrect

SSL/SSH Inspection profile is incorrect

None

26.

Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?

get router info routing-table database

diagnose firewall proute list

get router info routing-table all

get internet service route list

None

27.

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

FortiGate forwards frames without changing the MAC address.

Static routes are required to allow traffic to the next hop.

By default, all interfaces are part of the same broadcast domain.

The existing network IP schema must be changed when installing a transparent mode FortiGate in the network.

28.

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not. Which configuration option is the most effective way to support this request?

Implement a DNS filter for the specified website.

Implement a web filter category override for the specified website.

Implement web filter quotas for the specified website.

Implement web filter authentication for the specified website.

None

29.

Which two statements are true about the Security Fabric rating?

The Security Fabric rating is a free service that comes bundled with all FortiGate devices

It provides executive summaries of the four largest areas of security focus

Many of the security issues can be fixed immediately by clicking Apply where available

The Security Fabric rating must be run on the root FortiGate device in the Security Fabric

30.

In an explicit proxy setup, where is the authentication method and database configured?

Authentication scheme

Authentication Rule

Proxy Policy

Firewall Policy

None

31.

Which three statements are true regarding session-based authentication? (Choose three.)

IP sessions from the same source IP address are treated as a single user.

It can differentiate among multiple clients behind the same source IP address.

It is not recommended if multiple users are behind the source NAT

It requires more resources.

HTTP sessions are treated as a single user.

32.

Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)

Warning

Allow

Learn

Exempt

33.

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

FortiGate automatically negotiates a new security association after the existing security association expires.

FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

FortiGate automatically negotiates different local and remote addresses with the remote peer.

FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

None

34.

What is the primary FortiGate election process when the HA override setting is disabled?

Connected monitored ports > Priority > System uptime > FortiGate Serial number

Connected monitored ports > System uptime > Priority > FortiGate Serial number

Connected monitored ports > HA uptime > Priority > FortiGate Serial number

Connected monitored ports > Priority > HA uptime > FortiGate Serial number

None

35.

Which two statements are correct about SLA targets? (Choose two.)

SLA targets are required for SD-WAN rules with a Best Quality strategy.

SLA targets are optional.

You can configure only two SLA targets per one Performance SLA.

SLA targets are used only when referenced by an SD-WAN rule.

36.

Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

This is known as many-to-one NAT.

Connections are tracked using source port and source MAC address.

Source IP is translated to the outgoing interface IP.

Port address translation is not used.

37.

Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

Customer VDOM

Global VDOM

FG-traffic VDOM

Root VDOM

None

38.

Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct if option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

The IPS engine will continue to run in a normal state

The IPS engine was blocking all traffic

The IPS engine was inspecting high volume of traffic

The IPS engine was unable to prevent an intrusion attack

None

39.

Which two statements about antivirus scanning mode are true? (Choose two.)

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client

In flow-based inspection mode, files bigger than the buffer size are scanned

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client

In proxy-based inspection mode, files bigger than the buffer size are scanned

40.

An administrator wants to configure timeouts for users. Regardless of the user’s behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?

new-session

soft-timeout

hard-timeout

auth-on-demand

idle-timeout

None

41.

An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

Set the TTL value to never under config system-ttl.

Set the session TTL on the HTTP policy to maximum.

Create a new service object for HTTP service and set the session TTL to never.

Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

42.

Which two statements are true about the RPF check? (Choose two.)

RPF is a mechanism that protects FortiGuard and your network from IP spoofing attacks.

The RPF check is run on the first sent and reply packet of any new session.

The RPF check is run on the first reply packet of any new session.

The RPF check is run on the first sent packet of any new session.

43.

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

Implement web filter authentication for the specified website.

Implement web filter quotas for the specified website

Implement a web filter category override for the specified website

Implement a DNS filter for the specified website.

None

44.

How do you format the FortiGate flash disk?

Select the format boot device option from the BIOS menu.

Load a debug FortiOS image.

Execute the CLI command execute formatlogdisk.

Load the hardware test (HQIP) image.

None

45.

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Static URL filter, FortiGuard category filter, and advanced filters

FortiGuard category filter and rating filter

DNS-based web filter and proxy-based web filter

Static domain filter, SSL inspection filter, and external connectors filters

None

46.

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Log backups from the CLI cannot be restored to another FortiGate

Log downloads from the GUI are limited to the current filter view

Log backups from the CLI can be configured to upload to FTP as a scheduled time

Log downloads from the GUI are stored as LZ4 compressed files

47.

Which statement regarding the firewall policy authentication timeout is true?

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

None

48.

Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?

The firewall policy must be configured in proxy-based inspection mode.

The action on the firewall policy must be set to deny.

Web filter should be enabled on the firewall policy to complement the antivirus profile.

The firewall policy does not apply deep content inspection.

None

49.

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.)

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
✑ All traffic must be routed through the primary tunnel when both tunnels are up.
✑ The secondary tunnel must be used only if the primary tunnel goes down.
✑ In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Enable Dead Peer Detection.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

50.

Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

diagnose sniffer packet any

diagnose sys top

get system arp

execute traceroute

execute ping

51.

Which three statements about a flow-based antivirus profile are correct? (Choose three.)

Optimized performance compared to proxy-based inspection

Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection

IPS engine handles the process as a standalone

FortiGate buffers the whole file but transmits to the client simultaneously

If the virus is detected, the last packet is delivered to the client

52.

An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Change the idle-timeout.

Change the udp-idle-timer.

Change the login-timeout.

Change the session-ttl.

None

53.

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

NGFW mode

Operating mode

System time

FortiGuard update servers

54.

Which two types of traffic are managed only by the management VDOM? (Choose two.)

FortiGuard web filter queries

DNS

Traffic shaping

PKI

55.

What are the two results of this configuration? (Choose two.)

An administrator has configured the following settings:
config system setting

set ses-denied-traffic enable

end

config system global

set block -session-timer 30

end

Device detection on all interfaces is enforced for 30 minutes

The number of logs generated by denied traffic is reduced

A session for denied traffic is created

Denied users are blocked for 30 minutes.

56.

Refer to the exhibit to view the application control profile. Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is true?

The category of Apple FaceTime is being monitored.

Apple FaceTime belongs to the custom blocked filter.

The category of Apple FaceTime is being blocked.

Apple FaceTime belongs to the custom monitored filter.

None

57.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Consider the topology:
Application on a Windows machine FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

Create a new service object for TELNET and set the maximum session TTL.

Set the maximum session TTL value for the TELNET service object.

58.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Search option will be disabled

Policy lookup will be disabled

Interface Pair view will be disabled

By Sequence view will be disabled

None

59.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Interface Pair view will be disabled

Policy lookup will be disabled

Search option will be disabled

By Sequence view will be disabled

None

60.

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

diagnose wad session list | grep "hook=pre"&"hook=out"

diagnose wad session list | grep hook=pre&&hook=out

diagnose wad session list | grep hook-pre&&hook-out

diagnose wad session list

None

Time's up

2 Comments

Lijo says:

November 6, 2022 at 12:28 pm

after submit ,need to show the correct answers

Organ says:

September 4, 2022 at 11:57 am

I took NSE4 few days before and Passed. Many question from this Quiz are in Exam. Recommend to take this practice test along with Guide. Quite helpful.
Thank You Practonet 🙂

Leave a Reply to Organ Cancel