Win IT Exam with Last Dumps 2025


Fortinet NSE4_FGT-7.0 Exam

Page 10/11
Viewing Questions 91 100 out of 106 Questions
90.91%

Question 91
An organization's employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?
A. Change the session-ttl.
B. Change the udp-idle-timer.
C. Change the idle-timeout.
D. Change the login-timeout.

Question 92
Which feature in the Security Fabric takes one or more actions based on event triggers?
A. Fabric Connectors
B. Security Rating
C. Logical Topology
D. Automation Stitches

Question 93
Refer to the exhibit.
Based on the raw log, which two statements are correct? (Choose two.)
Image NSE4_FGT-7.0_93Q.png related to the Fortinet NSE4_FGT-7.0 Exam
A. Log severity is set to error on FortiGate.
B. Traffic belongs to the root VDOM.
C. Traffic is blocked because Action is set to DENY in the firewall policy.
D. This is a security log.

Question 94
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
What order must FortiGate use when the web filter profile has features enabled, such as safe search?
A. DNS-based web filter and proxy-based web filter
B. Static URL filter, FortiGuard category filter, and advanced filters
C. FortiGuard category filter and rating filter
D. Static domain filter, SSL inspection filter, and external connectors filters

Question 95
What is the primary FortiGate election process when the HA override setting is disabled?
A. Connected monitored ports > Priority > System uptime > FortiGate Serial number
B. Connected monitored ports > HA uptime > Priority > FortiGate Serial number
C. Connected monitored ports > System uptime > Priority > FortiGate Serial number
D. Connected monitored ports > Priority > HA uptime > FortiGate Serial number


Question 96
Refer to the exhibit, which contains a static route configuration.
An administrator created a static route for Amazon Web Services.
What CLI command must the administrator use to view the route?
Image NSE4_FGT-7.0_96Q.jpg related to the Fortinet NSE4_FGT-7.0 Exam
A. diagnose firewall proute list
B. get internet-service route list
C. get router info routing-table database
D. get router into routing-table all

Question 97
If Internet Service is already selected as Destination in a firewall policy, which other configuration objects can be selected for the Destination field of a firewall policy?
A. IP address
B. User or User Group
C. No other object can be added
D. FQDN address

Question 98
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
A. FortiGate automatically negotiates different local and remote addresses with the remote peer.
B. FortiGate automatically negotiates a new security association after the existing security association expires.
C. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
D. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

Question 99
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
A. TWAMP
B. DNS
C. udp-echo
D. ping

Question 100
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not.
Which two configuration changes are the most effective way to support this requirement? (Choose two.)
A. Implement web filter quotas for the specified website.
B. Implement a firewall policy with authentication for the specified users.
C. Implement a DNS filter for the specified website.
D. Implement web category authentication for the specified website using a web filter profile.