ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 1

Report
Export
Collapse

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

A.
Heartbeat interfaces have virtual IP addresses that are manually assigned.
A.
Heartbeat interfaces have virtual IP addresses that are manually assigned.
Answers
B.
A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
B.
A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
Answers
C.
Virtual IP addresses are used to distinguish between cluster members.
C.
Virtual IP addresses are used to distinguish between cluster members.
Answers
D.
The primary device in the cluster is always assigned IP address 169.254.0.1.
D.
The primary device in the cluster is always assigned IP address 169.254.0.1.
Answers
Suggested answer: B, D

Question 2

Report
Export
Collapse

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

A.
DNS-based web filter and proxy-based web filter
A.
DNS-based web filter and proxy-based web filter
Answers
B.
Static URL filter, FortiGuard category filter, and advanced filters
B.
Static URL filter, FortiGuard category filter, and advanced filters
Answers
C.
Static domain filter, SSL inspection filter, and external connectors filters
C.
Static domain filter, SSL inspection filter, and external connectors filters
Answers
D.
FortiGuard category filter and rating filter
D.
FortiGuard category filter and rating filter
Answers
Suggested answer: B

Explanation:

FortiGate Security 7.2 Study Guide (p.285): 'Remember that the web filtering profile has several features. So, if you have enabled many of them, the inspection order flows as follows: 1. The local static URL filter 2. FortiGuard category filtering (to determine a rating) 3. Advanced filters (such as safe search or removing Active X components)'

Question 3

Report
Export
Collapse

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A.
IP address
A.
IP address
Answers
B.
Once Internet Service is selected, no other object can be added
B.
Once Internet Service is selected, no other object can be added
Answers
C.
User or User Group
C.
User or User Group
Answers
D.
FQDN address
D.
FQDN address
Answers
Suggested answer: B

Explanation:

https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

Question 4

Report
Export
Collapse

Which statement about the IP authentication header (AH) used by IPsec is true?

A.
AH does not provide any data integrity or encryption.
A.
AH does not provide any data integrity or encryption.
Answers
B.
AH does not support perfect forward secrecy.
B.
AH does not support perfect forward secrecy.
Answers
C.
AH provides data integrity bur no encryption.
C.
AH provides data integrity bur no encryption.
Answers
D.
AH provides strong data integrity but weak encryption.
D.
AH provides strong data integrity but weak encryption.
Answers
Suggested answer: C

Question 5

Report
Export
Collapse

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A.
Log ID
A.
Log ID
Answers
B.
Universally Unique Identifier
B.
Universally Unique Identifier
Answers
C.
Policy ID
C.
Policy ID
Answers
D.
Sequence ID
D.
Sequence ID
Answers
Suggested answer: B

Explanation:

FortiGate Security 7.2 Study Guide (p.67): 'When creating firewall objects or policies, a universally unique identifier (UUID) attribute is added so that logs can record these UUIDs and improve functionality when integrating with FortiManager or FortiAnalyzer.'

Question 6

Report
Export
Collapse

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

A.
The firmware image must be manually uploaded to each FortiGate.
A.
The firmware image must be manually uploaded to each FortiGate.
Answers
B.
Only secondary FortiGate devices are rebooted.
B.
Only secondary FortiGate devices are rebooted.
Answers
C.
Uninterruptable upgrade is enabled by default.
C.
Uninterruptable upgrade is enabled by default.
Answers
D.
Traffic load balancing is temporally disabled while upgrading the firmware.
D.
Traffic load balancing is temporally disabled while upgrading the firmware.
Answers
Suggested answer: C, D

Question 7

Report
Export
Collapse

Which two statements ate true about the Security Fabric rating? (Choose two.)

A.
It provides executive summaries of the four largest areas of security focus.
A.
It provides executive summaries of the four largest areas of security focus.
Answers
B.
Many of the security issues can be fixed immediately by clicking Apply where available.
B.
Many of the security issues can be fixed immediately by clicking Apply where available.
Answers
C.
The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
C.
The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
Answers
D.
The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
D.
The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
Answers
Suggested answer: B, C

Question 8

Report
Export
Collapse

An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

A.
Configure Source IP Pools.
A.
Configure Source IP Pools.
Answers
B.
Configure split tunneling in tunnel mode.
B.
Configure split tunneling in tunnel mode.
Answers
C.
Configure different SSL VPN realms.
C.
Configure different SSL VPN realms.
Answers
D.
Configure host check .
D.
Configure host check .
Answers
Suggested answer: D

Question 9

Report
Export
Collapse

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A.
The public key of the web server certificate must be installed on the browser.
A.
The public key of the web server certificate must be installed on the browser.
Answers
B.
The web-server certificate must be installed on the browser.
B.
The web-server certificate must be installed on the browser.
Answers
C.
The CA certificate that signed the web-server certificate must be installed on the browser.
C.
The CA certificate that signed the web-server certificate must be installed on the browser.
Answers
D.
The private key of the CA certificate that signed the browser certificate must be installed on the browser.
D.
The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Answers
Suggested answer: C

Question 10

Report
Export
Collapse

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

A.
NGFW policy-based mode does not require the use of central source NAT policy
A.
NGFW policy-based mode does not require the use of central source NAT policy
Answers
B.
NGFW policy-based mode can only be applied globally and not on individual VDOMs
B.
NGFW policy-based mode can only be applied globally and not on individual VDOMs
Answers
C.
NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
C.
NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
Answers
D.
NGFW policy-based mode policies support only flow inspection
D.
NGFW policy-based mode policies support only flow inspection
Answers
Suggested answer: C, D
Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms