Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-7.0

Fortinet NSE4_FGT-7.0 Exam
Fortinet NSE 4 - FortiOS 7.0 (Page 4 )

Updated On: 9-Feb-2026
Page 4 of 36
PDF with 172 Questions

An administrator has configured outgoing interface any in a firewall policy.
Which statement is true about the policy list view?

  1. Interface Pair view will be disabled.
  2. Search option will be disabled.
  3. Policy lookup will be disabled.
  4. By Sequence view will be disabled.

Answer(s): A



Refer to the exhibit.


Given the interfaces shown in the exhibit, which two statements are true? (Choose two.)

  1. Traffic between port2 and port2-vlan1 is allowed by default.
  2. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
  3. port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
  4. port1 is a native VLAN.

Answer(s): C,D



A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

-All traffic must be routed through the primary tunnel when both tunnels are up
-The secondary tunnel must be used only if the primary tunnel goes down
-In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.)

  1. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
  2. Enable Dead Peer Detection.
  3. Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels.
  4. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

Answer(s): B,D



Refer to the exhibit.


The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
The override setting is enable for the FortiGate with SN FGVM010000064692.

Which two statements are true? (Choose two.)

  1. FortiGate SN FGVM010000065036 HA uptime has been reset.
  2. FortiGate devices are not in sync because one device is down.
  3. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
  4. FortiGate SN FGVM010000064692 has the higher HA priority.

Answer(s): A,D


Reference:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disabled-default



Refer to the exhibits.
Exhibit A shows system performance output.


Exhibit B shows s FortiGate configured with the default configuration of high memory usage thresholds.

Based on the system performance output, which two statements are correct? (Choose two.)

  1. FortiGate will start sending all files to FortiSandbox for inspection.
  2. FortiGate has entered conserve mode.
  3. Administrators cannot change the configuration.
  4. Administrators can access FortiGate only through the console port.

Answer(s): B,C


Reference:

https://www.skillfulist.com/fortigate/fortigate-conserve-mode-how-to-stop-it-and-what-it-means/






Post your Comments and Discuss Fortinet NSE4_FGT-7.0 exam prep with other Community members:

Join the NSE4_FGT-7.0 Discussion