ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which two statements are correct about SLA targets? (Choose two.)
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 111

Report
Export
Collapse

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

A.
Implement a web filter category override for the specified website
A.
Implement a web filter category override for the specified website
Answers
B.
Implement a DNS filter for the specified website.
B.
Implement a DNS filter for the specified website.
Answers
C.
Implement web filter quotas for the specified website
C.
Implement web filter quotas for the specified website
Answers
D.
Implement web filter authentication for the specified website.
D.
Implement web filter authentication for the specified website.
Answers
Suggested answer: D

Question 112

Report
Export
Collapse

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

A.
The matching firewall policy is set to proxy inspection mode.
A.
The matching firewall policy is set to proxy inspection mode.
Answers
B.
The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
B.
The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
Answers
C.
The full SSL inspection feature does not have a valid license.
C.
The full SSL inspection feature does not have a valid license.
Answers
D.
The browser does not trust the certificate used by FortiGate for SSL inspection.
D.
The browser does not trust the certificate used by FortiGate for SSL inspection.
Answers
Suggested answer: D

Explanation:

FortiGate Security 7.2 Study Guide (p.235): 'If FortiGate receives a trusted SSL certificate, then it generates a temporary certificate signed by the built-in Fortinet_CA_SSL certificate and sends it to the browser. If the browser trusts the Fortinet_CA_SSL certificate, the browser completes the SSL handshake. Otherwise, the browser also presents a warning message informing the user that the site is untrusted. In other words, for this function to work as intended, you must import the Fortinet_CA_SSL certificate into the trusted root CA certificate store of your browser.'

Question 113

Report
Export
Collapse

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A.
Subject Key Identifier value
A.
Subject Key Identifier value
Answers
B.
SMMIE Capabilities value
B.
SMMIE Capabilities value
Answers
C.
Subject value
C.
Subject value
Answers
D.
Subject Alternative Name value
D.
Subject Alternative Name value
Answers
Suggested answer: A

Question 114

Report
Export
Collapse

Which two statements are true about the RPF check? (Choose two.)

A.
The RPF check is run on the first sent packet of any new session.
A.
The RPF check is run on the first sent packet of any new session.
Answers
B.
The RPF check is run on the first reply packet of any new session.
B.
The RPF check is run on the first reply packet of any new session.
Answers
C.
The RPF check is run on the first sent and reply packet of any new session.
C.
The RPF check is run on the first sent and reply packet of any new session.
Answers
D.
RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.
D.
RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.
Answers
Suggested answer: A, D

Question 115

Report
Export
Collapse

Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

A.
DNS
A.
DNS
Answers
B.
ping
B.
ping
Answers
C.
udp-echo
C.
udp-echo
Answers
D.
TWAMP
D.
TWAMP
Answers
Suggested answer: C, D

Question 116

Report
Export
Collapse

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

A.
The administrator can register the same FortiToken on more than one FortiGate.
A.
The administrator can register the same FortiToken on more than one FortiGate.
Answers
B.
The administrator must use a FortiAuthenticator device
B.
The administrator must use a FortiAuthenticator device
Answers
C.
The administrator can use a third-party radius OTP server.
C.
The administrator can use a third-party radius OTP server.
Answers
D.
The administrator must use the user self-registration server.
D.
The administrator must use the user self-registration server.
Answers
Suggested answer: B

Question 117

Report
Export
Collapse

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A.
By default, all interfaces are part of the same broadcast domain.
A.
By default, all interfaces are part of the same broadcast domain.
Answers
B.
The existing network IP schema must be changed when installing a transparent mode.
B.
The existing network IP schema must be changed when installing a transparent mode.
Answers
C.
Static routes are required to allow traffic to the next hop.
C.
Static routes are required to allow traffic to the next hop.
Answers
D.
FortiGate forwards frames without changing the MAC address.
D.
FortiGate forwards frames without changing the MAC address.
Answers
Suggested answer: A, D

Explanation:

attachID=Fortigate_Transparent_Mode_Technical_Guide_FortiOS_4_0_version1.2.pdf&documentID=FD33113

Question 118

Report
Export
Collapse

Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

A.
diagnose sys top
A.
diagnose sys top
Answers
B.
execute ping
B.
execute ping
Answers
C.
execute traceroute
C.
execute traceroute
Answers
D.
diagnose sniffer packet any
D.
diagnose sniffer packet any
Answers
E.
get system arp
E.
get system arp
Answers
Suggested answer: B, C, D

Question 119

Report
Export
Collapse

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A.
Browsers can be configured to retrieve this PAC file from the FortiGate.
A.
Browsers can be configured to retrieve this PAC file from the FortiGate.
Answers
B.
Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.
B.
Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.
Answers
C.
All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.
C.
All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.
Answers
D.
Any web request fortinet.com is allowed to bypass the proxy.
D.
Any web request fortinet.com is allowed to bypass the proxy.
Answers
Suggested answer: A, D

Question 120

Report
Export
Collapse

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A.
A CRL
A.
A CRL
Answers
B.
A person
B.
A person
Answers
C.
A subordinate CA
C.
A subordinate CA
Answers
D.
A root CA
D.
A root CA
Answers
Suggested answer: D
Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms