CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-7.0

Free NSE4_FGT-7.0 Exam Braindumps

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

  1. On Demand
  2. Disabled
  3. On Idle
  4. Enabled

Answer(s): C


Reference:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD40813



Which three statements about a flow-based antivirus profile are correct? (Choose three.)

  1. IPS engine handles the process as a standalone
  2. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
  3. If the virus is detected, the last packet is delivered to the client.
  4. Optimized performance compared to proxy-based inspection.
  5. FortiGate buffers the whole file but transmits to the client simultaneously.

Answer(s): B,D,E


Reference:

https://forum.fortinet.com/tm.aspx?m=192309



An administrator has configured a strict RPF check on FortiGate.
Which statement is true about the strict RPF check?

  1. The strict RPF check is run on the first sent and reply packet of any new session.
  2. Strict RPF checks the best route back to the source using the incoming interface.
  3. Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.
  4. Strict RPF allows packets back to sources with all active routes.

Answer(s): B


Reference:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955



Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings.
Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

  1. Traffic matching the signature will be silently dropped and logged.
  2. The signature setting uses a custom rating threshold.
  3. The signature setting includes a group of other signatures.
  4. Traffic matching the signature will be allowed and logged.

Answer(s): A






Post your Comments and Discuss Fortinet NSE4_FGT-7.0 exam with other Community members:

mfundo commented on October 23, 2023
f you memorize all questions and answers you are going to get around 85% or more. Looks like some questions are no longer in the exam. But still good enoug to pass.
SOUTH AFRICA
upvote

Soharb commented on May 02, 2022
If you memorize all questions and answers you are going to get around 85% or more. Looks like some questions are no longer in the exam. But still good enoug to pass.
INDIA
upvote