Summer Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Fortinet NSE 4 - FortiOS 7.6 Administrator Question and Answers

Fortinet NSE 4 - FortiOS 7.6 Administrator

Last Update Jul 14, 2026
Total Questions : 95

We are offering FREE NSE4_FGT_AD-7.6 Fortinet exam questions. All you do is to just go and sign up. Give your details, prepare NSE4_FGT_AD-7.6 free exam questions and then go for complete pool of Fortinet NSE 4 - FortiOS 7.6 Administrator test questions that will help you more.

NSE4_FGT_AD-7.6 pdf

NSE4_FGT_AD-7.6 PDF

$36.75  $104.99
NSE4_FGT_AD-7.6 Engine

NSE4_FGT_AD-7.6 Testing Engine

$43.75  $124.99
NSE4_FGT_AD-7.6 PDF + Engine

NSE4_FGT_AD-7.6 PDF + Testing Engine

$57.75  $164.99
Questions 1

What are two features of FortiGate FSSO agentless polling mode? (Choose two.)

Options:

A.  

FortiGate uses the AD server as the collector agent.

B.  

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

C.  

FortiGate does not support workstation check.

D.  

FortiGate directs the collector agent to use a remote LDAP server.

Discussion 0
Questions 2

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface? (Choose one answer)

Options:

A.  

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

B.  

To make sure all sessions without source NAT enabled always use the primary WAN link

C.  

To improve security by forcing users to authenticate again when the WAN link changes

D.  

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Discussion 0
Questions 3

Refer to the exhibit to view the firewall policy.

Why would the firewall policy not block a well-known virus, for example EICAR? (Choose one answer)

Options:

A.  

The action on the firewall policy is not set to DENY.

B.  

Web filter is not enabled, so the firewall policy does not complement the antivirus profile.

C.  

The firewall policy is not configured in proxy-based inspection mode.

D.  

The firewall policy does not apply deep content inspection.

Discussion 0
Questions 4

Refer to the exhibit.

Based on this partial configuration, what are the two possible outcomes when FortiGate enters conserve mode? (Choose two.)

Options:

A.  

FortiGate drops new sessions requiring inspection.

B.  

Administrators must restart FortiGate to allow new sessions.

C.  

Administrators cannot change the configuration.

D.  

FortiGate skips quarantine actions.

Discussion 0
Questions 5

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver. Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to block Remote-User2 from accessing the Webserver? (Choose one answer)

Options:

A.  

Disable match-vip in the Allow_access policy.

B.  

Configure a One-to-One IP Pool object in a new policy.

C.  

Set the Destination address as Webserver in the Deny policy.

D.  

Set the Destination address as Deny_IP in the Allow_access policy.

Discussion 0
Questions 6

An administrator has configured a dialup IPsec VPN on FortiGate with add-route enabled. However, the static route is not showing in the routing table. Which two statements about this scenario are correct? (Choose two.)

Options:

A.  

The administrator must use a policy route instead of a static route for add-route to work properly.

B.  

The administrator must ensure phase 2 is successfully established

C.  

The administrator must define the remote network correctly in the phase 2 selectors.

D.  

The administrator must enable a dynamic routing protocol on the dialup interface.

Discussion 0
Questions 7

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively. Which two statements about the requirements of connected physical interfaces on FortiGate are true? (Choose two.)

Options:

A.  

Both interfaces must have DHCP enabled and interfaces set to LAN and DMZ roles assigned.

B.  

Both interfaces must have the interface role assigned.

C.  

Both interfaces must have directly connected routes on the routing table.

D.  

Both interfaces must have IP addresses assigned.

Discussion 0
Questions 8

Refer to the exhibit.

An administrator has created a new firewall address to use as the destination for a static route. Why is the administrator not able to select the new address in the Destination field of the new static route? (Choose one answer)

Options:

A.  

In the new static route, the administrator must select Named Address.

B.  

In the new firewall address, the FQDN address must first be resolved.

C.  

In the new static route, the administrator must first set the interface to port2.

D.  

In the new firewall address, Routing configuration must be enabled.

Discussion 0
Questions 9

Exhibits:

You are asked to implement an antivirus profile for files downloaded through FTP, HTTP, and HTTPS.

While testing, you are successful with HTTP and FTP protocols, but FortiGate does not block the file download over HTTPS.

What could be the cause?

Options:

A.  

The feature set in the antivirus profile is not set to Flow-based.

B.  

Web filter is not enabled on the firewall policy to complement the antivirus profile.

C.  

The action on the firewall policy is not set to deny.

D.  

The SSL inspection mode in the firewall policy is not deep content inspection.

Discussion 0
Questions 10

Refer to the exhibit.

A partial cloud topology is shown.

You deployed a FortiGate Cloud-Native Firewall (CNF) in AWS for FortiGate CNF policy enforcement for EC2 instance traffic. Which path does the EC2 traffic take from the EC2 instance to the internet?

Options:

A.  

EC2 instance → GWLBe → FortiGate CNF → GWLBe → IGW → internet

B.  

EC2 instance → Internet Gateway (IGW) → Gateway Load Balancer (GWLB) → FortiGate CNF → internet

C.  

EC2 instance → FortiGate CNF → GWLB → GWLBe → IGW → internet

D.  

EC2 instance → GWLB endpoint (GWLBe) → FortiGate CNF → IGW → internet

Discussion 0
Questions 11

Refer to the exhibits.

An administrator has observed the performance status outputs on an HA cluster for 55 seconds.

Which FortiGate is the primary?

Options:

A.  

HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting

B.  

HQ-NGFW-2 with the parameter priority setting

C.  

HQ-NGFW-1 with the parameter override setting

D.  

HQ-NGFW-2 with the parameter memory-failover-threshold setting

Discussion 0
Questions 12

Refer to the exhibit.

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile. An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category. What are two solutions for satisfying the requirement? (Choose two answers)

Options:

A.  

Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

B.  

Configure a web override rating for download.com and select Malicious Websites as the subcategory.

C.  

Configure a separate firewall policy with action Deny and an FQDN address object for *.download.com as destination address.

D.  

Set the Freeware and Software Downloads category Action to Warning.

Discussion 0
Questions 13

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

Options:

A.  

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0.

B.  

On HQ-NGFW. enable Diffie-Hellman Group 2.

C.  

On BR1-FGT. set Seconds to 43200

D.  

On HQ-NGFW. set Encryption to AES256.

Discussion 0
Questions 14

You have configured the below commands on a FortiGate.

What would be the impact of this configuration on FortiGate?

Options:

A.  

FortiGate will enable strict RPF on all its interfaces and porti will be exempted from RPF checks.

B.  

FortiGate will enable strict RPF on all its interfaces and porti will be enable for asymmetric routing.

C.  

The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

D.  

Port1 will be enabled with flexible RPF. and all other interfaces will be enabled for strict RPF

Discussion 0
Questions 15

What are three key routing principles in SD-WAN? (Choose three answers)

Options:

A.  

By default, SD-WAN rules are skipped if the included SD-WAN members do not have a valid route to the destination.

B.  

SD-WAN rules have precedence over any other type of routes.

C.  

Regular policy routes have precedence over SD-WAN rules.

D.  

By default, SD-WAN rules are skipped if only one route to the destination is available.

E.  

By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Discussion 0
Questions 16

Refer to the exhibit.

A routing table is shown

An administrator wants to create a new static route so the traffic to the subnet 172.20.1.0/24 is routed through port2 only. What are the two criteria that the administrator can use to achieve this objective? (Choose two.)

Options:

A.  

The new static route must have the priority set to 3.

B.  

The new static route must have the metric set to 1.

C.  

The existing static route through port3 must have the distance set to 11.

D.  

The new static route must have the distance set to 9

Discussion 0
Questions 17

Refer to the exhibit.

What can you conclude from the log shown in the exhibit?

Options:

A.  

The IPS socket buffer is full and IPS engine needs more memory to create new sessions.

B.  

The IPS socket buffer is full and IPS engine cannot decode a packet.

C.  

The IPS scan is paused by the IPS diagnostic command with bypass mode option 5.

D.  

The IPS session scan is paused and reevaluating the packet because of a dirty flag.

Discussion 0
Questions 18

Refer to the exhibit.

Based on the routing table shown in the exhibit, which two statements are true? (Choose two.)

Options:

A.  

A packet with the source IP address 10.0.13.10 arriving on port2 is allowed if strict RPF is disabled.

B.  

A packet with the source IP address 10.100.110.10 arriving on port2 is allowed if strict RPF is enabled.

C.  

A packet with the source IP address 10.100.110.10 arriving on port3 is allowed if strict RPF is disabled.

D.  

A packet with the source IP address 10.10.10.10 arriving on port2 is allowed if strict RPF is enabled.

Discussion 0
Questions 19

Which two statements are true about an HA cluster? (Choose two answers)

Options:

A.  

An HA cluster cannot have both in-band and out-of-band management interfaces at the same time.

B.  

Link failover triggers a failover if the administrator sets the interface down on the primary device.

C.  

When sniffing the heartbeat interface, the administrator must see the IP address 169.254.0.2.

D.  

HA incremental synchronization includes FIB entries and IPsec SAs.

Discussion 0
Questions 20

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Options:

A.  

The collector agent uses a Windows API to query DCs for user logins.

B.  

The NetSessionEnum function is used to track user logouts.

C.  

NetAPI polling can increase bandwidth usage in large networks.

D.  

The collector agent must search Windows application event logs.

Discussion 0
Questions 21

You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits.

You cannot access any of the Google applications, but you are able to access www.fortinet.com .

What would you do to resolve this issue?

Options:

A.  

Change the Inspection mode to Proxy-based.

B.  

Set SSL inspection to deep-content-inspection.

C.  

Move up Google in the Application and Filter Overrides section to set its priority to 1.

D.  

Add Google .com to the URL category in the security profile.

Discussion 0
Questions 22

Refer to the exhibits.

The exhibits show the application sensor configuration and the Excessive-Bandwidth and Apple filter details. Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming? (Choose one answer)

Options:

A.  

Apple FaceTime will be allowed, based on the Video/Audio category configuration.

B.  

Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.

C.  

Apple FaceTime will be allowed, based on the Apple filter configuration.

D.  

Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow.

Discussion 0
Questions 23

Refer to the exhibits.

A diagram of a FortiGate device connected to the network VIP object and firewall policy configurations are shown.

The WAN (port2) interface has the IP address

100.65.0.101/24.

The LAN (port4) interface has the IP address

10.0.11.254/24.

If the host 100.65.1.111 sends a TCP SYN packet on port 443 to 100.65.0.200. what will the source address, destination address, and destination port of the packet be at the time FortiGate forwards the packet to the destination?

Options:

A.  

10.0.11.254, 100.65.0.200. and 443, respectively

B.  

10.0.11.254, 10.0.15.50, and 4443. respectively

C.  

100.65.1. 111, 10.0.11.50, and 4443. respectively

D.  

100.65.1.111, 10.0.11.50. and 443. respectively

Discussion 0
Questions 24

Refer to the exhibits.

You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits.

You cannot access any of the Google applications, but you are able to access www.fortinet.com.

Which two actions would you take to resolve the issue? (Choose two.)

Options:

A.  

Set SSL inspection to deep-content inspection.

B.  

Move up Google in the Application and Filter Overrides section to set its priority lot

C.  

Add " Google " .com to the URL category in the security profile.

D.  

Change the Inspection mode to Flow-based

E.  

Set the action for Google in the Application and Filter Overrides section to Allow

Discussion 0
Questions 25

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.

What is true about the DNS connection to a FortiGuard server?

Options:

A.  

It uses UDP 53.

B.  

It uses DNS over HTTPS.

C.  

It uses DNS over TLS.

D.  

It uses UDP 8888.

Discussion 0
Questions 26

What is the primary FortiGate election process when the HA override setting is enabled? (Choose one answer)

Options:

A.  

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.  

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.  

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.  

Connected monitored ports > System uptime > Priority > FortiGate serial number

Discussion 0
Questions 27

A network administrator is reviewing firewall policies in both Interface Pair View and By Sequence View. The policies appear in a different order in each view. Why is the policy order different in these two views?

Options:

A.  

By Sequence View groups policies based on rule priority, while Interface Pair View always follows the order of traffic logs.

B.  

The firewall dynamically reorders policies in Interface Pair View based on recent traffic patterns, but By Sequence View remains static.

C.  

Interface Pair View sorts policies based on matching interfaces, while By Sequence View shows the actual processing order of rules.

D.  

Policies in Interface Pair View are prioritized by security levels, while By Sequence View strictly follows the administrator ' s manual ordering.

Discussion 0
Questions 28

What are two characteristics of HA cluster heartbeat IP addresses in a FortiGate device? (Choose two.)

Options:

A.  

Heartbeat IP addresses are used to distinguish between cluster members.

B.  

The heartbeat interface of the primary device in the cluster is always assigned IP address 169.254.0.1.

C.  

A change in the heartbeat IP address happens when a FortiGate device joins or leaves the cluster.

D.  

Heartbeat interfaces have virtual IP addresses that are manually assigned.

Discussion 0