NSE4_FGT-7.0 Online Practice Questions and Answers

When configuring a firewall virtual wire pair policy, which following statement is true?

A. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

B. Only a single virtual wire pair can be included in each policy.

C. Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

D. Exactly two virtual wire pairs need to be included in each policy.

Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

A. The IPS engine was inspecting high volume of traffic.

B. The IPS engine was unable to prevent an intrusion attack.

C. The IPS engine was blocking all traffic.

D. The IPS engine will continue to run in a normal state.

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

A. System time

B. FortiGuaid update servers

C. Operating mode

D. NGFW mode

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

A. Source defined as Internet Services in the firewall policy.

B. Destination defined as Internet Services in the firewall policy.

C. Highest to lowest priority defined in the firewall policy.

D. Services defined in the firewall policy.

E. Lowest to highest policy ID number.

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the preshared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

A. On HQ-FortiGate, set IKE mode to Main (ID protection).

B. On both FortiGate devices, set Dead Peer Detection to On Demand.

C. On HQ-FortiGate, disable Diffie-Helman group 2.

D. On Remote-FortiGate, set port2 as Interface.

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A. Browsers can be configured to retrieve this PAC file from the FortiGate.

B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D. Any web request fortinet.com is allowed to bypass the proxy.

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

A. Addicting.Games is allowed based on the Application Overrides configuration.

B. Addicting.Games is blocked on the Filter Overrides configuration.

C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D. Addcting.Games is allowed based on the Categories configuration.

Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses. How does FortiGate process the traffic sent to http://www.fortinet.com?

A. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.

B. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.

C. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.

D. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

Which three statements are true regarding session-based authentication? (Choose three.)

A. HTTP sessions are treated as a single user.

B. IP sessions from the same source IP address are treated as a single user.

C. It can differentiate among multiple clients behind the same source IP address.

D. It requires more resources.

E. It is not recommended if multiple users are behind the source NAT

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Traffic to botnetservers

B. Traffic to inappropriate web sites

C. Server information disclosure attacks

D. Credit card data leaks

E. SQL injection attacks