NSE4_FGT_AD-7.6 Exam Dumps (V8.02) Are Great for Preparation: Continue to Check the NSE4_FGT_AD-7.6 Free Dumps (Part 2, Q41-Q75)

1. An administrator has configured the following settings:

config system settings

set ses-denied-traffic enable

end

config system global

set block-session-timer 30

end

What are the two results of this configuration? (Choose two.)

2. Which NAT method translates the source IP address in a packet to another IP address?

3. Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

4. FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page, the override must be configured using a specific syntax.

Which two syntaxes are correct to configure a web rating override for the home page? (Choose two.)

5. A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.

Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

6. An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?

7. Examine the exhibit, which shows a firewall policy configured with multiple security profiles.

Which two security profiles are handled by the IPS engine? (Choose two.)

8. Refer to exhibit.

An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

9. What is the common feature shared between IPv4 and SD-WAN ECMP algorithms?

10. View the exhibit.

A user at 192.168.32.15 is trying to access the web server at 172.16.32.254.

Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF)

checks on this traffic? (Choose two.)

11. Which three criteria can FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

12. Refer to the exhibits.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

13. What does the command diagnose debug fsso-polling refresh-user do?

14. Which statement correctly describes the use of reliable logging on FortiGate?

15. Refer to the exhibit.

FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt.

What is the most likely reason for this situation?

16. An administrator has configured central DNAT and virtual IPs.

Which item can be selected in the firewall policy Destination field?

17. Refer to the exhibit.

Which statement about the configuration settings is true?

18. Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology? (Choose two.)

19. Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.

When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.

Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?

20. An administrator has configured a strict RPF check on FortiGate.

How does strict RPF check work?

21. A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

22. Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two.)

23. Refer to the exhibits.

Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic.

Exhibit B shows the HA configuration and the partial output of the get system ha status command.

Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)

24. Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings.

Which statement is correct in adding the FTP .Login.Failed signature to the IPS sensor profile?

25. Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)

26. Which two statements are true about the FGCP protocol? (Choose two.)

27. Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

28. Which two statements about FortiGate antivirus databases are true? (Choose two.)

29. Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

30. Refer to the exhibits.

The exhibits show the firewall policies and the objects used in the firewall policies.

The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.

Which policy will be highlighted, based on the input criteria?

31. An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN.

How can this be achieved?

32. Which three statements explain a flow-based antivirus profile? (Choose three.)

33. Which two statements about advanced AD access mode for the FSSO collector, agent are true? (Choose two.)

34. Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)

35. Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.

Which two statements are true? (Choose two.)