ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 13

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which two statements are correct about SLA targets? (Choose two.)
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 121

Report
Export
Collapse

Which three statements are true regarding session-based authentication? (Choose three.)

A.
HTTP sessions are treated as a single user.
A.
HTTP sessions are treated as a single user.
Answers
B.
IP sessions from the same source IP address are treated as a single user.
B.
IP sessions from the same source IP address are treated as a single user.
Answers
C.
It can differentiate among multiple clients behind the same source IP address.
C.
It can differentiate among multiple clients behind the same source IP address.
Answers
D.
It requires more resources.
D.
It requires more resources.
Answers
E.
It is not recommended if multiple users are behind the source NAT
E.
It is not recommended if multiple users are behind the source NAT
Answers
Suggested answer: A, C, D

Question 122

Report
Export
Collapse

Which statement regarding the firewall policy authentication timeout is true?

A.
It is an idle timeout. The FortiGate considers a user to be 'idle' if it does not see any packets coming from the user's source IP.
A.
It is an idle timeout. The FortiGate considers a user to be 'idle' if it does not see any packets coming from the user's source IP.
Answers
B.
It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
B.
It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
Answers
C.
It is an idle timeout. The FortiGate considers a user to be 'idle' if it does not see any packets coming from the user's source MAC.
C.
It is an idle timeout. The FortiGate considers a user to be 'idle' if it does not see any packets coming from the user's source MAC.
Answers
D.
It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.
D.
It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.
Answers
Suggested answer: A

Question 123

Report
Export
Collapse

Which of statement is true about SSL VPN web mode?

A.
The tunnel is up while the client is connected.
A.
The tunnel is up while the client is connected.
Answers
B.
It supports a limited number of protocols.
B.
It supports a limited number of protocols.
Answers
C.
The external network application sends data through the VPN.
C.
The external network application sends data through the VPN.
Answers
D.
It assigns a virtual IP address to the client.
D.
It assigns a virtual IP address to the client.
Answers
Suggested answer: B

Explanation:

FortiGate_Security_6.4 page 575 - Web mode requires only a web browser, but supports a limited number of protocols.

Question 124

Report
Export
Collapse

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A.
Full Content inspection
A.
Full Content inspection
Answers
B.
Proxy-based inspection
B.
Proxy-based inspection
Answers
C.
Certificate inspection
C.
Certificate inspection
Answers
D.
Flow-based inspection
D.
Flow-based inspection
Answers
Suggested answer: D

Question 125

Report
Export
Collapse

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

A.
Warning
A.
Warning
Answers
B.
Exempt
B.
Exempt
Answers
C.
Allow
C.
Allow
Answers
D.
Learn
D.
Learn
Answers
Suggested answer: A, C

Question 126

Report
Export
Collapse

Which two types of traffic are managed only by the management VDOM? (Choose two.)

A.
FortiGuard web filter queries
A.
FortiGuard web filter queries
Answers
B.
PKI
B.
PKI
Answers
C.
Traffic shaping
C.
Traffic shaping
Answers
D.
DNS
D.
DNS
Answers
Suggested answer: A, D

Question 127

Report
Export
Collapse

Which two types of traffic are managed only by the management VDOM? (Choose two.)

A.
FortiGuard web filter queries
A.
FortiGuard web filter queries
Answers
B.
PKI
B.
PKI
Answers
C.
Traffic shaping
C.
Traffic shaping
Answers
D.
DNS
D.
DNS
Answers
Suggested answer: A, D

Question 128

Report
Export
Collapse

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

A.
diagnose wad session list
A.
diagnose wad session list
Answers
B.
diagnose wad session list | grep hook-pre&&hook-out
B.
diagnose wad session list | grep hook-pre&&hook-out
Answers
C.
diagnose wad session list | grep hook=pre&&hook=out
C.
diagnose wad session list | grep hook=pre&&hook=out
Answers
D.
diagnose wad session list | grep 'hook=pre'&'hook=out'
D.
diagnose wad session list | grep 'hook=pre'&'hook=out'
Answers
Suggested answer: A

Question 129

Report
Export
Collapse

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A.
It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
A.
It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
Answers
B.
ADVPN is only supported with IKEv2.
B.
ADVPN is only supported with IKEv2.
Answers
C.
Tunnels are negotiated dynamically between spokes.
C.
Tunnels are negotiated dynamically between spokes.
Answers
D.
Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
D.
Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
Answers
Suggested answer: A, C

Question 130

Report
Export
Collapse

Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

A.
By default, FortiGate uses WINS servers to resolve names.
A.
By default, FortiGate uses WINS servers to resolve names.
Answers
B.
By default, the SSL VPN portal requires the installation of a client's certificate.
B.
By default, the SSL VPN portal requires the installation of a client's certificate.
Answers
C.
By default, split tunneling is enabled.
C.
By default, split tunneling is enabled.
Answers
D.
By default, the admin GUI and SSL VPN portal use the same HTTPS port.
D.
By default, the admin GUI and SSL VPN portal use the same HTTPS port.
Answers
Suggested answer: D
Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms