Free NSE4_FGT-7.0 Exam Braindumps (page: 4)

Page 4 of 44

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

-All traffic must be routed through the primary tunnel when both tunnels are up
-The secondary tunnel must be used only if the primary tunnel goes down
-In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.)

  1. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
  2. Enable Dead Peer Detection.
  3. Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels.
  4. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

Answer(s): B,D



Refer to the exhibit.


The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
The override setting is enable for the FortiGate with SN FGVM010000064692.

Which two statements are true? (Choose two.)

  1. FortiGate SN FGVM010000065036 HA uptime has been reset.
  2. FortiGate devices are not in sync because one device is down.
  3. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
  4. FortiGate SN FGVM010000064692 has the higher HA priority.

Answer(s): A,D


Reference:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disabled-default



Refer to the exhibits.
Exhibit A shows system performance output.


Exhibit B shows s FortiGate configured with the default configuration of high memory usage thresholds.

Based on the system performance output, which two statements are correct? (Choose two.)

  1. FortiGate will start sending all files to FortiSandbox for inspection.
  2. FortiGate has entered conserve mode.
  3. Administrators cannot change the configuration.
  4. Administrators can access FortiGate only through the console port.

Answer(s): B,C


Reference:

https://www.skillfulist.com/fortigate/fortigate-conserve-mode-how-to-stop-it-and-what-it-means/



An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?

  1. 192.168.3.0/24
  2. 192.168.1.0/24
  3. 192.168.0.0/8
  4. 192.168.2.0/24

Answer(s): D



Page 4 of 44



Post your Comments and Discuss Fortinet NSE4_FGT-7.0 exam with other Community members:

mfundo commented on October 23, 2023
f you memorize all questions and answers you are going to get around 85% or more. Looks like some questions are no longer in the exam. But still good enoug to pass.
SOUTH AFRICA
upvote

Soharb commented on May 02, 2022
If you memorize all questions and answers you are going to get around 85% or more. Looks like some questions are no longer in the exam. But still good enoug to pass.
INDIA
upvote