NSE4 v7 – Cyber Security, Networking, Technology Courses and Blog

Certification Provider: Fortinet

Exam: NSE 4

Exam Code: NSE4 v7.0

Total Question: 131

Question per Quiz: 60

Updated On: 21 March 2023

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a single computer.

The Services field does not allow source NAT and destination NAT to be combined in the same policy.

The Services field removes the requirement of creating multiple VIPs for different services.

The Services field is used when several VIPs need to be bundled into VIP groups.

None

Which three methods are used by the collector agent for AD polling? (Choose three.)

WMI

WinSecLog

NetAPI

FortiGate polling

Novell API

Refer to the exhibit. How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose two.)

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-C credentials, the HTTP request will be denied.

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

FTM

FortiTelemetry

SSH

HTTPS

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Log downloads from the GUI are stored as LZ4 compressed files

Log backups from the CLI can be configured to upload to FTP as a scheduled time

Log backups from the CLI cannot be restored to another FortiGate

Log downloads from the GUI are limited to the current filter view

What devices form the core of the security fabric?

One FortiGate device and one Forti Analyzer device

Two FortiGate devices and one FortiManager device

One FortiGate device and one FortiManager device

Two FortiGate devices and one Forti Analyzer device

None

Which two statements are true about the Security Fabric rating?

The Security Fabric rating is a free service that comes bundled with all FortiGate devices

It provides executive summaries of the four largest areas of security focus

The Security Fabric rating must be run on the root FortiGate device in the Security Fabric

Many of the security issues can be fixed immediately by clicking Apply where available

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

Intrusion prevention system engine

Antivirus engine

None

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior when the local disk is full?

No new log is recorded until you manually clear logs from the local disk.

Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

None

10.

Which two statements are true about the FGCP protocol? (Choose two.)

Is used to discover FortiGate devices in different HA groups

Not used when FortiGate is in Transparent mode

Elects the primary FortiGate device

Runs only over the heartbeat links

11.

An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Configure different SSL VPN realms

Configure split tunneling in tunnel mode

Configure Source IP Pools

Configure host check

None

12.

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

The administrator can use a third-party radius OTP server.

The administrator can register the same FortiToken on more than one FortiGate.

The administrator must use a FortiAuthenticator device.

The administrator must use the user self-registration server.

None

13.

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Dynamic DNS

Pre-shared Key

Static IP Address

Dialup User

None

14.

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.)

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
✑ All traffic must be routed through the primary tunnel when both tunnels are up.
✑ The secondary tunnel must be used only if the primary tunnel goes down.
✑ In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

Enable Dead Peer Detection.

15.

Refer to the exhibit. What should the administrator do next to troubleshoot the problem?

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

Capture the traffic using an external sniffer connected to port1.

Execute a debug flow.

Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”

Run a sniffer on the web server.

None

16.

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

FortiGate automatically negotiates different local and remote addresses with the remote peer.

FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

FortiGate automatically negotiates a new security association after the existing security association expires.

None

17.

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

Security logs

System event logs

Forward traffic logs

Local traffic logs

None

18.

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

It limits the scanning of application traffic to the browser-based technology category only.

It limits the scanning of application traffic to the application category only.

It limits the scanning of application traffic to use parent signatures only.

It limits the scanning of application traffic to the DNS protocol only.

None

19.

An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Change the udp-idle-timer.

Change the idle-timeout.

Change the session-ttl.

Change the login-timeout.

None

20.

Which two statements are true about the RPF check? (Choose two.)

RPF is a mechanism that protects FortiGuard and your network from IP spoofing attacks.

The RPF check is run on the first reply packet of any new session.

The RPF check is run on the first sent and reply packet of any new session.

The RPF check is run on the first sent packet of any new session.

21.

Which two statements about antivirus scanning mode are true? (Choose two.)

In flow-based inspection mode, files bigger than the buffer size are scanned

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client

In proxy-based inspection mode, files bigger than the buffer size are scanned

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client

22.

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

The NetSessionEnum function is used to track user logouts.

The collector agent must search security event logs.

The collector agent uses a Windows API to query DCs for user logins.

NetAPI polling can increase bandwidth usage in large networks.

None

23.

An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Disable the RPF check at the FortiGate interface level for the reply check.

Enable asymmetric routing, so the RPF check will be bypassed.

Enable asymmetric routing at the interface level.

Disable the RPF check at the FortiGate interface level for the source check.

None

24.

An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?

Redundant interface

Aggregate interface

Software Switch interface

VLAN interface

None

25.

Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

FortiGate is using default FortiGuard communication settings.

One server was contacted to retrieve the contract information.

A local FortiManager is one of the servers FortiGate communicates with.

There is at least one server that lost packets consecutively.

26.

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface. In this scenario, which statement about VLAN IDs is true?

The two VLAN sub interfaces must have different VLAN IDs.

The two VLAN sub interfaces can have the same VLAN ID only if they have IP addresses in the same subnet.

The two VLAN sub interfaces can have the same VLAN ID only if they have IP addresses in different subnets.

The two VLAN sub interfaces can have the same VLAN ID only if they belong to different VDOMs.

None

27.

Which two statements are true about collector agent standard access mode? (Choose two.)

Standard mode uses Windows convention-NetBios: Domain\Username.

Standard mode security profiles apply to organizational units (OU).

Standard access mode supports nested groups.

Standard mode security profiles apply to user groups.

28.

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

FortiGate uses the SMB protocol to read the event viewer logs from the DCs

FortiGate queries AD by using the LDAP to retrieve user group information

FortiGate uses the AD server as the collector agent

FortiGate points the collector agent to use a remote LDAP server

29.

Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?

diagnose firewall proute list

get internet service route list

get router info routing-table database

get router info routing-table all

None

30.

Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

Mgmt

FG-Mgmt

FG-traffic

Root

31.

Which of statement is true about SSL VPN web mode?

The tunnel is up while the client is connected.

The external network application sends data through the VPN.

It assigns a virtual IP address to the client.

It supports a limited number of protocols.

None

32.

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

To encapsulation ESP packets in UDP packets using port 4500.

To force a new DH exchange with each phase 2 rekey.

To dynamically change phase 1 negotiation mode aggressive mode.

To delete intermediary NAT devices in the tunnel path.

33.

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

The firmware image must be manually uploaded to each FortiGate.

Only secondary FortiGate devices are rebooted.

Uninterruptable upgrade is enabled by default.

Traffic load balancing is temporally disabled while upgrading the firmware.

34.

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

Operating mode

FortiGuard update servers

NGFW mode

System time

35.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Consider the topology:
Application on a Windows machine FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

Create a new service object for TELNET and set the maximum session TTL.

Set the maximum session TTL value for the TELNET service object.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

36.

An administrator wants to configure timeouts for users. Regardless of the user’s behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?

soft-timeout

idle-timeout

new-session

hard-timeout

auth-on-demand

None

37.

Which three statements about a flow-based antivirus profile are correct? (Choose three.)

FortiGate buffers the whole file but transmits to the client simultaneously

Optimized performance compared to proxy-based inspection

If the virus is detected, the last packet is delivered to the client

Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection

IPS engine handles the process as a standalone

38.

Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)

Spillover

Session

Source IP

Volume

39.

In an explicit proxy setup, where is the authentication method and database configured?

Proxy Policy

Authentication Rule

Firewall Policy

Authentication scheme

None

40.

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Services defined in the firewall policy.

Highest to lowest priority defined in the firewall policy.

Lowest to highest policy ID number.

Destination defined as Internet Services in the firewall policy.

Source defined as Internet Services in the firewall policy.

41.

Refer to the exhibit. Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.

10.200.3.1

10.200.1.10

10.200.1.100

10.200.1.1

None

42.

Refer to the exhibits to view the firewall policy and the antivirus profile. Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

The flow-based inspection is used, which resets the last packet to the user.

The firewall policy performs the full content inspection on the file.

The volume of traffic being inspected is too high for this model of FortiGate.

None

43.

Refer to the exhibit to view the authentication rule configuration. In this scenario, which statement is true?

Session-based authentication is enabled

Route-based authentication is enabled

Policy-based authentication is enabled

IP-based authentication is enabled

None

44.

Which two statements are true about collector agent advanced mode? (Choose two.)

FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

Advanced mode supports nested or inherited groups.

Advanced mode uses Windows convention-NetBios: Domain\Username.

Security profiles can be applied only to user groups, nor individual users.

45.

Refer to the exhibit, which contains a Performance SLA configuration. An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

The Ping protocol is not supported for the public servers that are configured.

Participants configured are not SD-WAN members.

You need to turn on the Enable probe packets switch.

There may not be a static route to route the performance SLA traffic.

None

46.

Refer to the exhibit showing a debug flow output. Which two statements about the debug flow output are correct? (Choose two.)

The default route is required to receive a reply

A firewall policy allowed the connection

The debug flow is of ICMP traffic

A new traffic session is created

47.

Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.

FortiGate supports pre-shared key and signature as authentication methods.

Enabling XAuth results in a faster authentication because fewer packets are exchanged.

A certificate is not required on the remote peer when you set the signature as the authentication method.

48.

Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)

Allow

Exempt

Learn

Warning

49.

Refer to the exhibit. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

Change the Server IP address.

Change the idle-timeout.

Change the SSL VPN port on the client.

Change the SSL VPN portal to the tunnel.

None

50.

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

The client FortiGate requires a manually added route to remote subnets.

The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

51.

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

The server name indication (SNI) extension in the client hello message

The subject field in the server certificate

The serial number in the server certificate

The host field in the HTTP header

The subject alternative name (SAN) field in the server certificate

52.

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?

On Demand

Enabled

Disabled

On Idle

None

53.

Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?

The firewall policy must be configured in proxy-based inspection mode.

The firewall policy does not apply deep content inspection.

The action on the firewall policy must be set to deny.

Web filter should be enabled on the firewall policy to complement the antivirus profile.

None

54.

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

diagnose wad session list | grep hook-pre&&hook-out

diagnose wad session list

diagnose wad session list | grep "hook=pre"&"hook=out"

diagnose wad session list | grep hook=pre&&hook=out

None

55.

How do you format the FortiGate flash disk?

Load the hardware test (HQIP) image.

Load a debug FortiOS image.

Select the format boot device option from the BIOS menu.

Execute the CLI command execute formatlogdisk.

None

56.

In which two ways can RPF checking be disabled? (Choose two.)

Disable strict-src-check under system settings.

Enable anti-replay in firewall policy.

Disable the RPF check at the FortiGate interface level for the source check.

Enable asymmetric routing.

57.

An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?

Policy lookup will be disabled

Search option will be disabled

By Sequence view will be disabled

Interface Pair view will be disabled

None

58.

Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

FortiGate devices are not in sync because one device is down.

FortiGate SN FGVM010000065036 HA uptime has been reset.

FortiGate SN FGVM010000064692 has the higher HA priority.

FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

59.

Refer to the exhibit, which contains a session list output. Based on the information shown in the exhibit, which statement is true?

Port block allocation IP pool is used in the firewall policy

Destination NAT is disabled in the firewall policy

Overload NAT IP pool is used in the firewall policy

One-to-one NAT IP pool is used in the firewall policy

None

60.

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

set protocol udp

set webfilter-force-off disable

set fortiguard-anycast disable

set webfilter-cache disable

Time's up

Leave a Reply Cancel