Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE4_FGT-7.0

Fortinet NSE4_FGT-7.0 Exam Practice Questions (P. 4)

  • Full Access (106 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address.
For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?
  1. A
    192.168.3.0/24
  2. B
    192.168.1.0/24
  3. C
    192.168.0.0/8
  4. D
    192.168.2.0/24

Correct Answer:
D

Question #17
Refer to the exhibits.
Exhibit A.

Exhibit B.

The SSL VPN connection fails when a user attempts to connect to it.
What should the user do to successfully connect to SSL VPN?
  1. A
    Change the SSL VPN port on the client.
  2. B
    Change the Server IP address.
  3. C
    Change the idle-timeout.
  4. D
    Change the SSL VPN portal to the tunnel.

Correct Answer:
A
Reference:
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/150494

Question #18
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
  1. A
    The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
  2. B
    The client FortiGate requires a manually added route to remote subnets.
  3. C
    The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.
  4. D
    Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

Correct Answer:
CD
Reference:
https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/266506/ssl-vpn-with-certificate-authentication

Question #19
Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
With this configuration, which statement is true?
  1. A
    Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.
  2. B
    A default static route is not required on the To_Internet VDOM to allow LAN users to access the internet.
  3. C
    Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.
  4. D
    Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Correct Answer:
AB
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD46542

Question #20
Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
  1. A
    Change the csf setting on Local-FortiGate (root) to set configuration-sync local.
  2. B
    Change the csf setting on ISFW (downstream) to set configuration-sync local.
  3. C
    Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
  4. D
    Change the csf setting on ISFW (downstream) to set fabric-object-unification default.

Correct Answer:
C

Previous Questions Next Questions

All Pages