Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 11

List of questions
Question 101

In which two ways can RPF checking be disabled? (Choose two )
Question 102

Which feature in the Security Fabric takes one or more actions based on event triggers?
Question 103

Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)
Question 104

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
Question 105

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
FortiGate Security 7.2 Study Guide (p.317): 'You can configure the URL Category within the same security policy; however, adding a URL filter causes application control to scan applications in only the browser-based technology category, for example, Facebook Messenger on the Facebook website.'
Question 106

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides
(client and server) have terminated the session?
Question 107

Refer to the exhibit, which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042
Question 108

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)
'In IKEv1, there are two possible modes in which the IKE SA negotiation can take place: main, and aggressive mode. Settings on both ends must agree; otherwise, phase 1 negotiation fails and both IPsec peers are not able to establish a secure channel.'
Question 109

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
Question 110

An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)
Question