NSE4 v7 – Cyber Security, Networking, Technology Courses and Blog

Certification Provider: Fortinet

Exam: NSE 4

Exam Code: NSE4 v7.0

Total Question: 131

Question per Quiz: 60

Updated On: 21 March 2023

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

diagnose wad session list

diagnose wad session list | grep "hook=pre"&"hook=out"

diagnose wad session list | grep hook=pre&&hook=out

diagnose wad session list | grep hook-pre&&hook-out

None

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Consider the topology:
Application on a Windows machine FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

Create a new service object for TELNET and set the maximum session TTL.

Set the maximum session TTL value for the TELNET service object.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

In an explicit proxy setup, where is the authentication method and database configured?

Authentication Rule

Proxy Policy

Authentication scheme

Firewall Policy

None

Which three statements are true regarding session-based authentication? (Choose three.)

It can differentiate among multiple clients behind the same source IP address.

It is not recommended if multiple users are behind the source NAT

It requires more resources.

IP sessions from the same source IP address are treated as a single user.

HTTP sessions are treated as a single user.

Which two statements are true about collector agent standard access mode? (Choose two.)

Standard mode security profiles apply to user groups.

Standard access mode supports nested groups.

Standard mode security profiles apply to organizational units (OU).

Standard mode uses Windows convention-NetBios: Domain\Username.

Refer to the exhibit. The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Change password

Change Administrator profile

Enable two-factor authentication

Enable restrict access to trusted hosts

None

Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

The sensor will reset all connections that match these signatures

The sensor will block all attacks aimed at Windows servers

The sensor will gather a packet log for all matched traffic

The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

It limits the scanning of application traffic to the application category only.

It limits the scanning of application traffic to the browser-based technology category only.

It limits the scanning of application traffic to the DNS protocol only.

It limits the scanning of application traffic to use parent signatures only.

None

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

diagnose sys top

get system arp

get system performance status

get system status

None

10.

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

DNS-based web filter and proxy-based web filter

Static URL filter, FortiGuard category filter, and advanced filters

FortiGuard category filter and rating filter

Static domain filter, SSL inspection filter, and external connectors filters

None

11.

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

FortiGate forwards frames without changing the MAC address.

The existing network IP schema must be changed when installing a transparent mode FortiGate in the network.

Static routes are required to allow traffic to the next hop.

By default, all interfaces are part of the same broadcast domain.

12.

Refer to the exhibit. How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose two.)

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

If a Mozilla Firefox browser is used with User-C credentials, the HTTP request will be denied.

If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

13.

Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

Source IP is translated to the outgoing interface IP.

This is known as many-to-one NAT.

Port address translation is not used.

Connections are tracked using source port and source MAC address.

14.

Refer to the exhibit. The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem. Which two statements are true? (Choose two.)

A static route is required on the To-Internet VDOM to allow LAN users to access the Internet.

Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

Inter-VDOM links are not required between the Root and To-Internet VDOMs because the Root VDOM is used only as a management VDOM.

15.

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

To force a new DH exchange with each phase 2 rekey.

To encapsulation ESP packets in UDP packets using port 4500.

To dynamically change phase 1 negotiation mode aggressive mode.

To delete intermediary NAT devices in the tunnel path.

16.

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

The interface has been configured for one-arm sniffer.

The operation mode is transparent.

Captive portal is enabled in the interface.

The interface is a member of a virtual wire pair.

The interface is a member of a zone.

17.

Refer to the exhibit, which contains a session diagnostic output. Which statement is true about the session diagnostic output?

The session is a UDP unidirectional state.

The session is in TCP ESTABLISHED state.

The session is a bidirectional TCP connection.

The session is a bidirectional UDP connection.

None

18.

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

DNS filter

Application control

Antivirus in flow-based inspection

Web application firewall

Web filter in flow-based inspection

19.

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?

On Demand

On Idle

Enabled

Disabled

None

20.

Refer to the exhibit. An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)

Packet payload

IP header

Interface name

Ethernet header

Application header

21.

Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)

Traffic belongs to the root VDOM.

This is a security log.

Traffic is blocked because Action is set to DENY in the firewall policy.

Log severity is set to error on FortiGate.

22.

Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

FortiGate supports pre-shared key and signature as authentication methods.

A certificate is not required on the remote peer when you set the signature as the authentication method.

Enabling XAuth results in a faster authentication because fewer packets are exchanged.

For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.

23.

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

FortiGuard web filter cache

FortiGate hostname

NTP

DNS

24.

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

There are network connectivity issues.

The browser requires a software update.

The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.

FortiGate does not support full SSL inspection when web filtering is enabled.

None

25.

Refer to the exhibit to view the application control profile. Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is true?

The category of Apple FaceTime is being monitored.

Apple FaceTime belongs to the custom monitored filter.

Apple FaceTime belongs to the custom blocked filter.

The category of Apple FaceTime is being blocked.

None

26.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Search option will be disabled

Interface Pair view will be disabled

Policy lookup will be disabled

By Sequence view will be disabled

None

27.

Refer to the exhibit. The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.

If there is a fall-through policy in place, users will not be prompted for authentication.

Authentication is enforced at a policy level; all users will be prompted for authentication.

Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.

None

28.

Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)

Warning

Exempt

Learn

Allow

29.

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

Intrusion prevention system engine

Antivirus engine

Intrusion prevention system engine

None

30.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Search option will be disabled

By Sequence view will be disabled

Interface Pair view will be disabled

Policy lookup will be disabled

None

31.

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

The internal IP address of the FortiGate device.

The remote user's virtual IP address.

The public IP address of the FortiGate device.

remote user's public IP address

None

32.

Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?

Web filter should be enabled on the firewall policy to complement the antivirus profile.

The firewall policy must be configured in proxy-based inspection mode.

The firewall policy does not apply deep content inspection.

The action on the firewall policy must be set to deny.

None

33.

Which two statements are true about the RPF check? (Choose two.)

The RPF check is run on the first reply packet of any new session.

The RPF check is run on the first sent and reply packet of any new session.

The RPF check is run on the first sent packet of any new session.

RPF is a mechanism that protects FortiGuard and your network from IP spoofing attacks.

34.

Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

Automated Response

Security Posture

Fabric Coverage

Optimization

None

35.

Refer to the exhibit to view the authentication rule configuration. In this scenario, which statement is true?

Route-based authentication is enabled

Policy-based authentication is enabled

IP-based authentication is enabled

Session-based authentication is enabled

None

36.

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

set protocol udp

set fortiguard-anycast disable

set webfilter-force-off disable

set webfilter-cache disable

37.

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.

The IP version of the sources and destinations in a firewall policy must be different.

The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

The IP version of the sources and destinations in a policy must match.

38.

What devices form the core of the security fabric?

Two FortiGate devices and one Forti Analyzer device

One FortiGate device and one Forti Analyzer device

One FortiGate device and one FortiManager device

Two FortiGate devices and one FortiManager device

None

39.

Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

FortiGate SN FGVM010000065036 HA uptime has been reset.

FortiGate devices are not in sync because one device is down.

FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

FortiGate SN FGVM010000064692 has the higher HA priority.

40.

Refer to the exhibit. Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.

10.200.1.1

10.200.1.10

10.200.1.100

10.200.3.1

None

41.

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

Log ID

Sequence ID

Universally Unique Identifier

Policy ID

None

42.

Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

To generate logs

To allow for out-of-order packets that could arrive after the FIN/ACK packets

To remove the NAT operation

To finish any inspection operations

None

43.

Which two statements are correct about a software switch on FortiGate? (Choose two.)

It can group only physical interfaces

Can act as a Layer 2 switch as well as a Layer 3 router

All interfaces in the software switch share the same IP address

It can be configured only when FortiGate is operating in NAT mode

44.

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?

User or User Group

IP address

FQDN address

Once Internet Service is selected, no other object can be added

None

45.

Which of statement is true about SSL VPN web mode?

The external network application sends data through the VPN.

It supports a limited number of protocols.

It assigns a virtual IP address to the client.

The tunnel is up while the client is connected.

None

46.

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Credit card data leaks

Traffic to botnetservers

Traffic to inappropriate web sites

SQL injection attacks

Server information disclosure attacks

47.

An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?

Redundant interface

Aggregate interface

VLAN interface

Software Switch interface

None

48.

wo protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

ping

TWAMP

DNS

udp-echo

49.

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

Denial of Service

Web application firewall

Antivirus

Application control

None

50.

Which two statements are true about the Security Fabric rating?

Many of the security issues can be fixed immediately by clicking Apply where available

It provides executive summaries of the four largest areas of security focus

The Security Fabric rating is a free service that comes bundled with all FortiGate devices

The Security Fabric rating must be run on the root FortiGate device in the Security Fabric

51.

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Log backups from the CLI cannot be restored to another FortiGate

Log backups from the CLI can be configured to upload to FTP as a scheduled time

Log downloads from the GUI are stored as LZ4 compressed files

Log downloads from the GUI are limited to the current filter view

52.

How does FortiGate act when using SSL VPN in web mode?

FortiGate acts as an FDS server.

FortiGate acts as DNS server.

FortiGate acts as an HTTP reverse proxy.

FortiGate acts as router.

None

53.

A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the reason for the failed virus detection by FortiGate?

Application control is not enabled

Antivirus profile configuration is incorrect

Antivirus definitions are not up to date

SSL/SSH Inspection profile is incorrect

None

54.

An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Configure host check

Configure different SSL VPN realms

Configure split tunneling in tunnel mode

Configure Source IP Pools

None

55.

Based on the raw logs shown in the exhibit, which statement is correct?

The action on firewall policy ID 1 is set to warning.

The name of the firewall policy is all_users_web.

Social networking web filter category is configured with the action set to authenticate.

Access to the social networking web filter category was explicitly blocked to all users.

None

56.

Refer to the exhibit. Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

Device detection is disabled on all FortiGate devices.

There are 19 security recommendations for the security fabric

This security fabric topology is a logical topology view.

There are five devices that are part of the security fabric.

57.

An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Change the idle-timeout.

Change the udp-idle-timer.

Change the session-ttl.

Change the login-timeout.

None

58.

If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?

User or User Group

No other object can be added

IP address

FQDN address

None

59.

Which statement regarding the firewall policy authentication timeout is true?

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

None