Fortinet NSE4_FGT_AD-7.6 Dumps (V8.02) Help You Pass Exam: First Read the NSE4_FGT_AD-7.6 Free Dumps (Part 1, Q1-Q40)

1. Which additional load balancing method is supported in equal cost multipath (ECMP) load balancing when SD-WAN is enabled?

2. 1.Refer to the exhibit.

Which route will be selected when trying to reach 10.20.30.254?

3. Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

4. Which two configuration settings are global settings? (Choose two.)

5. What are two functions of ZTNA? (Choose two.)

6. Which statement is correct regarding the use of application control for inspecting web applications?

7. What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)

8. Which three actions are valid for static URL filtering? (Choose three.)

9. Which timeout setting can be responsible for deleting SSL VPN associated sessions?

10. Which three settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

11. An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers.

Which two items must they configure on their FortiGate to accomplish this? (Choose two.)

12. Refer to the exhibit showing a debug flow output.

What two conclusions can you make from the debug flow output? (Choose two.)

13. Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

14. Which statement about firewall policy NAT is true?

15. Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

16. View the exhibit.

Which two behaviors result from this full (deep) SSL configuration? (Choose two.)

17. View the exhibit.

Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2. Also, necessary firewall policies are configured in VDOM1 and VDOM2.

Which two static routes are required in the FortiGate configuration, to route traffic between both subnets through an inter-VDOM link? (Choose two.)

18. Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook, but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

19. Which statement best describes the role of a DC agent in an FSSO DC agent mode solution?

20. Which statement about traffic flow in an active-active HA cluster is true?

21. What must you configure to enable proxy-based TCP session failover?

22. Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

23. Refer to the exhibits.

Exhibit A shows system performance output.

Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.

Based on the system performance output, which two results are correct? (Choose two.)

24. View the exhibit.

date=2022-06-14 time=14:45:16 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd="root" policyid=2 identidx=1 sessionid=31232959 user="anonymous" group="ldap_users" srcip=192.168.1.24 srcport=63355 srcintf="port2" dstip=66.171.121.44 dstport=80 dstintf="port1" service="http" hostname="www.fortinet.com" profiletype="Webfilter_Profile" profile="default" status="passthrough" reqtype="direct" url="/" sentbyte=304 rcvdbyte=60135 msg="URL belongs to an allowed category in policy" method=domain class=0 cat=140 catdesc="custom1"

What two things does this raw log indicate? (Choose two.)

25. Which two IP pool types enable you to identify user connections without having to log user traffic? (Choose two.)

26. An administrator wants to block https://www.example.com/videos and allow all other URLs on the website.

What are two configuration changes that the administrator can make to satisfy the requirement? (Choose two.)

27. Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)

28. What is eXtended Authentication (XAuth)?

29. What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

30. FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.

In this scenario, what are two requirements for the VLAN ID? (Choose two.)

31. Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

32. Refer to the exhibits.

The exhibits contain a network diagram, and virtual IP, IP pool, and firewall policies configuration information.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

The first firewall policy has NAT enabled using IP pool.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?

33. Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choose two.)

34. An administrator configured the antivirus profile in a firewall policy set to flow-based inspection mode. While testing the configuration, the administrator noticed that eicar.com test files can be downloaded using HTTPS protocol only.

What is causing this issue?

35. Which are two benefits of using SD-WAN? (Choose two.)

36. Which two statements about the application control profile mode are true? (Choose two.)

37. An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

38. An administrator needs to create a tunnel mode SSL-VPN to access an internal web server from the Internet. The web server is connected to port1. The Internet is connected to port2. Both interfaces belong to the VDOM named Corporation.

What interface must be used as the source for the firewall policy that will allow this traffic?

39. Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

40. A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)