Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-7.0

Free NSE4_FGT-7.0 Exam Braindumps (page: 8)

Page 7 of 44
PDF with 172 Questions

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

  1. Intrusion prevention system engine
  2. Detection engine
  3. Flow engine
  4. Antivirus engine

Answer(s): A


Reference:

http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control



Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

  1. To allow for out-of-order packets that could arrive after the FIN/ACK packets
  2. To finish any inspection operations
  3. To generate logs
  4. To remove the NAT operation

Answer(s): A

Explanation:

TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end. This is called a half-close. FortiGate unit implements a specific timer before removing an entry in the firewall session table.



Refer to the exhibit.


A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

  1. On HQ-FortiGate, enable Auto-negotiate.
  2. On HQ-FortiGate, enable Diffie-Hellman Group 2.
  3. On HQ-FortiGate, set Encryption to AES256.
  4. On Remote-FortiGate, set Seconds to 43200.

Answer(s): C

Explanation:

Encryption and authentication algorithm needs to match in order for IPSEC be successfully established.



Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct if option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

  1. The IPS engine will continue to run in a normal state.
  2. The IPS engine was unable to prevent an intrusion attack.
  3. The IPS engine was blocking all traffic.
  4. The IPS engine was inspecting high volume of traffic.

Answer(s): D


Reference:

https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpu-usage






Post your Comments and Discuss Fortinet NSE4_FGT-7.0 exam with other Community members:

Exam Discussions & Posts