ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2
Ask QuestionAsk Question

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two features of the NGFW policy-based mode? (Choose two.)
Refer to the exhibits. Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive-Bandwidth and Apple filter details. Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
What are two features of collector agent advanced mode? (Choose two.)
If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
What are two functions of the ZTNA rule? (Choose two.)
What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)

Question 1

Report
Export
Collapse

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

A.
Heartbeat interfaces have virtual IP addresses that are manually assigned.
A.
Heartbeat interfaces have virtual IP addresses that are manually assigned.
Answers
B.
A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
B.
A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
Answers
C.
Virtual IP addresses are used to distinguish between cluster members.
C.
Virtual IP addresses are used to distinguish between cluster members.
Answers
D.
The primary device in the cluster is always assigned IP address 169.254.0.1.
D.
The primary device in the cluster is always assigned IP address 169.254.0.1.
Answers
Suggested answer: B, D
asked 18/09/2024
Madhanraj N
42 questions

Question 2

Report
Export
Collapse

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

A.
DNS-based web filter and proxy-based web filter
A.
DNS-based web filter and proxy-based web filter
Answers
B.
Static URL filter, FortiGuard category filter, and advanced filters
B.
Static URL filter, FortiGuard category filter, and advanced filters
Answers
C.
Static domain filter, SSL inspection filter, and external connectors filters
C.
Static domain filter, SSL inspection filter, and external connectors filters
Answers
D.
FortiGuard category filter and rating filter
D.
FortiGuard category filter and rating filter
Answers
Suggested answer: B

Explanation:

FortiGate Security 7.2 Study Guide (p.285): 'Remember that the web filtering profile has several features. So, if you have enabled many of them, the inspection order flows as follows: 1. The local static URL filter 2. FortiGuard category filtering (to determine a rating) 3. Advanced filters (such as safe search or removing Active X components)'

asked 18/09/2024
Pamela Joanne Ang
31 questions

Question 3

Report
Export
Collapse

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A.
IP address
A.
IP address
Answers
B.
Once Internet Service is selected, no other object can be added
B.
Once Internet Service is selected, no other object can be added
Answers
C.
User or User Group
C.
User or User Group
Answers
D.
FQDN address
D.
FQDN address
Answers
Suggested answer: B

Explanation:

https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

asked 18/09/2024
Mpho Ntshontsi
40 questions

Question 4

Report
Export
Collapse

Which statement about the IP authentication header (AH) used by IPsec is true?

A.
AH does not provide any data integrity or encryption.
A.
AH does not provide any data integrity or encryption.
Answers
B.
AH does not support perfect forward secrecy.
B.
AH does not support perfect forward secrecy.
Answers
C.
AH provides data integrity bur no encryption.
C.
AH provides data integrity bur no encryption.
Answers
D.
AH provides strong data integrity but weak encryption.
D.
AH provides strong data integrity but weak encryption.
Answers
Suggested answer: C
asked 18/09/2024
Landry Tankam
38 questions

Question 5

Report
Export
Collapse

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A.
Log ID
A.
Log ID
Answers
B.
Universally Unique Identifier
B.
Universally Unique Identifier
Answers
C.
Policy ID
C.
Policy ID
Answers
D.
Sequence ID
D.
Sequence ID
Answers
Suggested answer: B

Explanation:

FortiGate Security 7.2 Study Guide (p.67): 'When creating firewall objects or policies, a universally unique identifier (UUID) attribute is added so that logs can record these UUIDs and improve functionality when integrating with FortiManager or FortiAnalyzer.'

asked 18/09/2024
Rosalba Scalera
48 questions

Question 6

Report
Export
Collapse

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

A.
The firmware image must be manually uploaded to each FortiGate.
A.
The firmware image must be manually uploaded to each FortiGate.
Answers
B.
Only secondary FortiGate devices are rebooted.
B.
Only secondary FortiGate devices are rebooted.
Answers
C.
Uninterruptable upgrade is enabled by default.
C.
Uninterruptable upgrade is enabled by default.
Answers
D.
Traffic load balancing is temporally disabled while upgrading the firmware.
D.
Traffic load balancing is temporally disabled while upgrading the firmware.
Answers
Suggested answer: C, D
asked 18/09/2024
Oliver Buss
29 questions

Question 7

Report
Export
Collapse

Which two statements ate true about the Security Fabric rating? (Choose two.)

A.
It provides executive summaries of the four largest areas of security focus.
A.
It provides executive summaries of the four largest areas of security focus.
Answers
B.
Many of the security issues can be fixed immediately by clicking Apply where available.
B.
Many of the security issues can be fixed immediately by clicking Apply where available.
Answers
C.
The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
C.
The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
Answers
D.
The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
D.
The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
Answers
Suggested answer: B, C
asked 18/09/2024
Juan Contreras
36 questions

Question 8

Report
Export
Collapse

An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

A.
Configure Source IP Pools.
A.
Configure Source IP Pools.
Answers
B.
Configure split tunneling in tunnel mode.
B.
Configure split tunneling in tunnel mode.
Answers
C.
Configure different SSL VPN realms.
C.
Configure different SSL VPN realms.
Answers
D.
Configure host check .
D.
Configure host check .
Answers
Suggested answer: D
asked 18/09/2024
ALEXANDRE NGUYEN
36 questions

Question 9

Report
Export
Collapse

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A.
The public key of the web server certificate must be installed on the browser.
A.
The public key of the web server certificate must be installed on the browser.
Answers
B.
The web-server certificate must be installed on the browser.
B.
The web-server certificate must be installed on the browser.
Answers
C.
The CA certificate that signed the web-server certificate must be installed on the browser.
C.
The CA certificate that signed the web-server certificate must be installed on the browser.
Answers
D.
The private key of the CA certificate that signed the browser certificate must be installed on the browser.
D.
The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Answers
Suggested answer: C
asked 18/09/2024
Venish Arumugam
35 questions

Question 10

Report
Export
Collapse

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

A.
NGFW policy-based mode does not require the use of central source NAT policy
A.
NGFW policy-based mode does not require the use of central source NAT policy
Answers
B.
NGFW policy-based mode can only be applied globally and not on individual VDOMs
B.
NGFW policy-based mode can only be applied globally and not on individual VDOMs
Answers
C.
NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
C.
NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
Answers
D.
NGFW policy-based mode policies support only flow inspection
D.
NGFW policy-based mode policies support only flow inspection
Answers
Suggested answer: C, D
asked 18/09/2024
Panayiotis Markatos
51 questions
Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium