Fortinet NSE4_FGT_AD-7.6 Practice Questions & Answers

Question 6 of 84

Refer to the exhibit.
Exam NSE4_FGT_AD-7.6: Image 1

What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

A.

FortiGate will close the connection if the SNI does not match the CN and SAN fields.

B.

FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.

C.

FortiGate will close the connection if the SNI does not match the CN or SAN fields.

D.

FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.

Question 7 of 84

Refer to the exhibits.
Exam NSE4_FGT_AD-7.6: Image 1

A diagram of a FortiGate device connected to the network VIP object and firewall policy configurations are shown.
The WAN (port2) interface has the IP address 100.65.0.101/24.
The LAN (port4) interface has the IP address 10.0.11.254/24.
If the host 100.65.1.111 sends a TCP SYN packet on port 443 to 100.65.0.200, what will the source address, destination address, and destination port of packet be at the time FortiGate forwards the packet to the destination?

A.

100.65.1.111,10.0.11.50, and 443 respectively

B.

10.0.11.254,10.0.15.50, and 4443, respectively

C.

100.65.1.111,10.0.11.50, and 4443, respectively

D.

10.0.11.254,100.65.0.200, and 443, respectively

Question 8 of 84

Refer to the exhibits.
Exam NSE4_FGT_AD-7.6: Image 1

A web filter profile configuration and firewall policy configuration are shown. You are trying to access www.facebook.com , but you are redirected to a FortiGuard web filtering block page.
Based on the exhibits, what is the possible cause of the issue?

A.

The web rating override configuration is incorrect.

B.

The firewall policy inspection mode is incorrect.

C.

For www.facebook.com, the URL filter action is incorrect.

D.

The web filter profile feature set is configured incorrectly.

Question 9 of 84

Refer to the exhibit.
Exam NSE4_FGT_AD-7.6: Image 1

Based on the routing table shown in the exhibit, which two statements are true? (Choose two.)

A.

A packet with the source IP address 10.0.13.10 arriving on port2 is allowed if strict RPF is disabled.

B.

A packet with the source IP address 10.100.110.10 arriving on port3 is allowed if strict RPF is disabled.

C.

A packet with the source IP address 10.10.10.10 arriving on port2 is allowed if strict RPF is enabled.

D.

A packet with the source IP address 10.100.110.10 arriving on port2 is allowed if strict RPF is enabled.

Question 10 of 84

Refer to the exhibits.
Exam NSE4_FGT_AD-7.6: Image 1

You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits.
Which two factors can you observe from these configurations? (Choose two.)

A.

YouTube search is allowed based on the Google Application and Filter override settings.

B.

Facebook access is blocked based on the category filter settings.

C.

Facebook access is allowed but you cannot play Facebook videos based on Video/Audio category filter settings.

D.

YouTube access is blocked based on Excessive-Bandwidth Application and Filter override settings.