ExamGecko
Login
Home / Fortinet / NSE4_FGT-7.2 / List of questions
Ask Question

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

Heartbeat interfaces have virtual IP addresses that are manually assigned.
Heartbeat interfaces have virtual IP addresses that are manually assigned.
A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
Virtual IP addresses are used to distinguish between cluster members.
Virtual IP addresses are used to distinguish between cluster members.
The primary device in the cluster is always assigned IP address 169.254.0.1.
The primary device in the cluster is always assigned IP address 169.254.0.1.
Suggested answer: B, D
asked 18/09/2024
Madhanraj N
48 questions

Question 2

Report Export Collapse

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

DNS-based web filter and proxy-based web filter
DNS-based web filter and proxy-based web filter
Static URL filter, FortiGuard category filter, and advanced filters
Static URL filter, FortiGuard category filter, and advanced filters
Static domain filter, SSL inspection filter, and external connectors filters
Static domain filter, SSL inspection filter, and external connectors filters
FortiGuard category filter and rating filter
FortiGuard category filter and rating filter
Suggested answer: B
Explanation:

FortiGate Security 7.2 Study Guide (p.285): 'Remember that the web filtering profile has several features. So, if you have enabled many of them, the inspection order flows as follows: 1. The local static URL filter 2. FortiGuard category filtering (to determine a rating) 3. Advanced filters (such as safe search or removing Active X components)'

asked 18/09/2024
Pamela Joanne Ang
37 questions

Question 3

Report Export Collapse

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

IP address
IP address
Once Internet Service is selected, no other object can be added
Once Internet Service is selected, no other object can be added
User or User Group
User or User Group
FQDN address
FQDN address
Suggested answer: B
Explanation:

https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

asked 18/09/2024
Mpho Ntshontsi
50 questions

Question 4

Report Export Collapse

Which statement about the IP authentication header (AH) used by IPsec is true?

AH does not provide any data integrity or encryption.
AH does not provide any data integrity or encryption.
AH does not support perfect forward secrecy.
AH does not support perfect forward secrecy.
AH provides data integrity bur no encryption.
AH provides data integrity bur no encryption.
AH provides strong data integrity but weak encryption.
AH provides strong data integrity but weak encryption.
Suggested answer: C
asked 18/09/2024
Landry Tankam
46 questions

Question 5

Report Export Collapse

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

Log ID
Log ID
Universally Unique Identifier
Universally Unique Identifier
Policy ID
Policy ID
Sequence ID
Sequence ID
Suggested answer: B
Explanation:

FortiGate Security 7.2 Study Guide (p.67): 'When creating firewall objects or policies, a universally unique identifier (UUID) attribute is added so that logs can record these UUIDs and improve functionality when integrating with FortiManager or FortiAnalyzer.'

asked 18/09/2024
Rosalba Scalera
57 questions

Question 6

Report Export Collapse

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

The firmware image must be manually uploaded to each FortiGate.
The firmware image must be manually uploaded to each FortiGate.
Only secondary FortiGate devices are rebooted.
Only secondary FortiGate devices are rebooted.
Uninterruptable upgrade is enabled by default.
Uninterruptable upgrade is enabled by default.
Traffic load balancing is temporally disabled while upgrading the firmware.
Traffic load balancing is temporally disabled while upgrading the firmware.
Suggested answer: C, D
asked 18/09/2024
Oliver Buss
32 questions

Question 7

Report Export Collapse

Which two statements ate true about the Security Fabric rating? (Choose two.)

It provides executive summaries of the four largest areas of security focus.
It provides executive summaries of the four largest areas of security focus.
Many of the security issues can be fixed immediately by clicking Apply where available.
Many of the security issues can be fixed immediately by clicking Apply where available.
The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
Suggested answer: B, C
asked 18/09/2024
Juan Contreras
39 questions

Question 8

Report Export Collapse

An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Configure Source IP Pools.
Configure Source IP Pools.
Configure split tunneling in tunnel mode.
Configure split tunneling in tunnel mode.
Configure different SSL VPN realms.
Configure different SSL VPN realms.
Configure host check .
Configure host check .
Suggested answer: D
asked 18/09/2024
ALEXANDRE NGUYEN
42 questions

Question 9

Report Export Collapse

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

The public key of the web server certificate must be installed on the browser.
The public key of the web server certificate must be installed on the browser.
The web-server certificate must be installed on the browser.
The web-server certificate must be installed on the browser.
The CA certificate that signed the web-server certificate must be installed on the browser.
The CA certificate that signed the web-server certificate must be installed on the browser.
The private key of the CA certificate that signed the browser certificate must be installed on the browser.
The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Suggested answer: C
asked 18/09/2024
Venish Arumugam
41 questions

Question 10

Report Export Collapse

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

NGFW policy-based mode does not require the use of central source NAT policy
NGFW policy-based mode does not require the use of central source NAT policy
NGFW policy-based mode can only be applied globally and not on individual VDOMs
NGFW policy-based mode can only be applied globally and not on individual VDOMs
NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
NGFW policy-based mode policies support only flow inspection
NGFW policy-based mode policies support only flow inspection
Suggested answer: C, D
asked 18/09/2024
Panayiotis Markatos
55 questions
Total 184 questions
Go to page: of 19
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two features of the NGFW policy-based mode? (Choose two.)
Refer to the exhibits. Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive-Bandwidth and Apple filter details. Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
What are two features of collector agent advanced mode? (Choose two.)
If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
What are two functions of the ZTNA rule? (Choose two.)
What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)