NSE4_FGT-7.0 Free Practice Test

- (Exam Topic 2)
If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected to the Destination field of a firewall policy?
A User or User Group

1. A. IP address
2. B. No other object can be added
3. C. FQDN address

Correct Answer: B
Reference:
https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

- (Exam Topic 1)
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

1. A. Add the support of NTLM authentication.
2. B. Add user accounts to Active Directory (AD).
3. C. Add user accounts to the FortiGate group fitter.
4. D. Add user accounts to the Ignore User List.

Correct Answer: D
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD38828

- (Exam Topic 1)
Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

1. A. Traffic between port2 and port2-vlan1 is allowed by default.
2. B. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
3. C. port1 is a native VLAN.
4. D. port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

Correct Answer: CD
https://community.fortinet.com/t5/FortiGate/Technical-Tip-rules-about-VLAN-configuration-and-VDOM-interf https://kb.fortinet.com/kb/viewContent.do?externalId=FD30883

- (Exam Topic 2)
Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

1. A. FortiGate will load balance all traffic across both routes.
2. B. FortiGate will use the port1 route as the primary candidate.
3. C. FortiGate will route twice as much traffic to the port2 route
4. D. FortiGate will only actuate the port1 route in the routing table

Correct Answer: B
“If multiple static routes have the same distance, they are all active; however, only the one with the lowest priority is considered the best path.”

- (Exam Topic 2)
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

1. A. SMTP.Login.Brute.Force
2. B. IMAP.Login.brute.Force
3. C. ip_src_session
4. D. Location: server Protocol: SMTP

Correct Answer: B