Fortinet NSE4_FGT-7.0 exam revealed answer (P. 11)

Win IT Exam with Last Dumps 2025

Fortinet NSE4_FGT-7.0 Exam

Page 11/11

Viewing Questions 101 106 out of 106 Questions

100.00%

Question 101

Refer to the exhibit to view the firewall policy.
Which statement is correct if well-known viruses are not being blocked?

Image NSE4_FGT-7.0_101Q.jpg related to the Fortinet NSE4_FGT-7.0 Exam

A. The firewall policy must be configured in proxy-based inspection mode.

B. The firewall policy does not apply deep content inspection.

C. The action on the firewall policy must be set to deny.

D. Web filter should be enabled on the firewall policy to complement the antivirus profile.

Question 102

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

A. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

B. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

C. No new log is recorded until you manually clear logs from the local disk.

D. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

Question 103

An administrator has a requirement to keep an application session from timing out on port 80.
What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

A. Set the TTL value to never under config system-ttl.

B. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

C. Create a new service object for HTTP service and set the session TTL to never.

D. Set the session TTL on the HTTP policy to maximum.

Question 104

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

A. Denial of Service

B. Web application firewall

C. Antivirus

D. Application control

Question 105

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Certificate inspection

B. Flow-based inspection

C. Proxy-based inspection

D. Full Content inspection

Question 106

Refer to the exhibit.
Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command onFortiGate?

Image NSE4_FGT-7.0_106Q.jpg related to the Fortinet NSE4_FGT-7.0 Exam

Win IT Exam with Last Dumps 2025

Fortinet NSE4_FGT-7.0 Exam

Page 11/11

Viewing Questions 101 106 out of 106 Questions

Refer to the exhibit to view the firewall policy.
Which statement is correct if well-known viruses are not being blocked?

A. The firewall policy must be configured in proxy-based inspection mode.

B. The firewall policy does not apply deep content inspection.

C. The action on the firewall policy must be set to deny.

D. Web filter should be enabled on the firewall policy to complement the antivirus profile.

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

A. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

B. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

C. No new log is recorded until you manually clear logs from the local disk.

D. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

An administrator has a requirement to keep an application session from timing out on port 80.
What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

A. Set the TTL value to never under config system-ttl.

B. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

C. Create a new service object for HTTP service and set the session TTL to never.

D. Set the session TTL on the HTTP policy to maximum.

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

A. Denial of Service

B. Web application firewall

C. Antivirus

D. Application control

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Certificate inspection

B. Flow-based inspection

C. Proxy-based inspection

D. Full Content inspection

Refer to the exhibit.
Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command onFortiGate?

A. Read/Write permission for Firewall

B. CLI diagnostics commands permission

C. Custom permission for Network

D. Read/Write permission for Log & Report

Win IT Exam with Last Dumps 2025

Fortinet NSE4_FGT-7.0 Exam

Page 11/11

Viewing Questions 101 106 out of 106 Questions

Refer to the exhibit to view the firewall policy.Which statement is correct if well-known viruses are not being blocked?

A. The firewall policy must be configured in proxy-based inspection mode.

B. The firewall policy does not apply deep content inspection.

C. The action on the firewall policy must be set to deny.

D. Web filter should be enabled on the firewall policy to complement the antivirus profile.

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.What is the default behavior when the local disk is full?

A. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

B. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

C. No new log is recorded until you manually clear logs from the local disk.

D. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

An administrator has a requirement to keep an application session from timing out on port 80.What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

A. Set the TTL value to never under config system-ttl.

B. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

C. Create a new service object for HTTP service and set the session TTL to never.

D. Set the session TTL on the HTTP policy to maximum.

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

A. Denial of Service

B. Web application firewall

C. Antivirus

D. Application control

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Certificate inspection

B. Flow-based inspection

C. Proxy-based inspection

D. Full Content inspection

Refer to the exhibit.Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command onFortiGate?

A. Read/Write permission for Firewall

B. CLI diagnostics commands permission

C. Custom permission for Network

D. Read/Write permission for Log & Report

Refer to the exhibit to view the firewall policy.
Which statement is correct if well-known viruses are not being blocked?

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

An administrator has a requirement to keep an application session from timing out on port 80.
What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

Refer to the exhibit.
Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command onFortiGate?