Fortinet NSE4_FGT_AD-7.6 Practice Questions & Answers

Question 6 of 84

Refer to the exhibit, which shows a firewall policy to enable active authentication.

When attempting to access an external website using an active authentication method, the user is not presented with a login prompt.

What is the MOST likely reason for this situation?

A.

The Service DNS is required in the firewall policy.

B.

The Remote-users group is not added to the Destination.

C.

The Remote-users group must be set up correctly in the FSSO configuration.

D.

No matching user account exists for this user.

Question 7 of 84

A network administrator is reviewing firewall policies in both Interface Pair View and By Sequence View. The policies appear in a different order in each view.

Why is the policy order different in these two views?

A.

Interface Pair View sorts policies based on matching interfaces, while By Sequence View shows the actual processing order of rules.

B.

By Sequence View groups policies based on rule priority, while Interface Pair View always follows the order of traffic logs.

C.

The firewall dynamically reorders policies in Interface Pair View based on recent traffic patterns, but By Sequence View remains static.

D.

Policies in Interface Pair View are prioritized by security levels, while By Sequence View strictly follows the administrator’s manual ordering.

Question 8 of 84

You have created a web filter profile named restrict_media-profile with a daily category usage quota.

When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down.

What could be the reason?

A.

The inspection mode in the firewall policy is not matching with web filter profile feature set.

B.

The web filter profile is already referenced in another firewall policy.

C.

The naming convention used in the web filter profile is restricting it in the firewall policy.

D.

The firewall policy is in no-inspection mode instead of deep-inspection.

Question 9 of 84

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.

Which DPD mode on FortiGate meets this requirement?

A.

On Demand

B.

Enabled

C.

On Idle

D.

Disabled

Question 10 of 84

Refer to the exhibits.

You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits.

Which two factors can you observe from these configurations? (Choose two.)

A.

YouTube search is allowed based on the Google Application and Filter override settings.

B.

Facebook access is blocked based on the category filter settings.

C.

Facebook access is allowed but you cannot play Facebook videos based on Video/Audio category filter settings.

D.

YouTube access is blocked based on Excessive-Bandwidth Application and Filter override settings.