ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 19

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Question 181

Report
Export
Collapse

What is the primary FortiGate election process when the HA override setting is disabled?

A.
Connected monitored ports > Priority > HA uptime > FortiGate serial number
A.
Connected monitored ports > Priority > HA uptime > FortiGate serial number
Answers
B.
Connected monitored ports > Priority > System uptime > FortiGate serial number
B.
Connected monitored ports > Priority > System uptime > FortiGate serial number
Answers
C.
Connected monitored ports > HA uptime > Priority > FortiGate serial number
C.
Connected monitored ports > HA uptime > Priority > FortiGate serial number
Answers
D.
Connected monitored ports > System uptime > Priority > FortiGate serial number
D.
Connected monitored ports > System uptime > Priority > FortiGate serial number
Answers
Suggested answer: C

Question 182

Report
Export
Collapse

Refer to the exhibit to view the firewall policy

Why would the firewall policy not block a well-known virus, for example eicar?

A.
Web filter is not enabled on the firewall policy to complement the antivirus profile.
A.
Web filter is not enabled on the firewall policy to complement the antivirus profile.
Answers
B.
The firewall policy does not apply deep content inspection.
B.
The firewall policy does not apply deep content inspection.
Answers
C.
The firewall policy is not configured in proxy-based inspection mode.
C.
The firewall policy is not configured in proxy-based inspection mode.
Answers
D.
The action on the firewall policy is not set to deny
D.
The action on the firewall policy is not set to deny
Answers
Suggested answer: B

Question 183

Report
Export
Collapse

Refer to the exhibits.

Exhibit A

Exhibit B

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.

How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

A.
If there is a fall-through policy in place, users will not be prompted for authentication.
A.
If there is a fall-through policy in place, users will not be prompted for authentication.
Answers
B.
Authentication is enforced at a policy level; all users will be prompted for authentication.
B.
Authentication is enforced at a policy level; all users will be prompted for authentication.
Answers
C.
All users will be prompted for authentication, users from the Sales group can authenticate successfully with the correct credentials.
C.
All users will be prompted for authentication, users from the Sales group can authenticate successfully with the correct credentials.
Answers
D.
All users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials.
D.
All users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials.
Answers
Suggested answer: D

Question 184

Report
Export
Collapse

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

A.
The server name indication (SNI) extension in the client hello message
A.
The server name indication (SNI) extension in the client hello message
Answers
B.
The subject alternative name (SAN) field in the server certificate
B.
The subject alternative name (SAN) field in the server certificate
Answers
C.
The host field in the HTTP header
C.
The host field in the HTTP header
Answers
D.
The serial number in the server certificate
D.
The serial number in the server certificate
Answers
E.
The subject field in the server certificate
E.
The subject field in the server certificate
Answers
Suggested answer: A, B, E

Explanation:

A) The server name indication (SNI) extension in the client hello message. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The SNI extension is a feature of the TLS protocol that allows a client to indicate the hostname of the server it wants to connect to during the TLS handshake.This helps the server to present the appropriate certificate for the requested hostname, especially when the server hosts multiple domains on the same IP address1.FortiGate can use the SNI extension in the client hello message to identify the hostname of the SSL server and verify it against the server certificate2.

B) The subject alternative name (SAN) field in the server certificate. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The SAN field is an extension of the X.509 certificate standard that allows a certificate to specify multiple hostnames or IP addresses that are valid for the certificate.This helps the certificate to support multiple domains or subdomains on the same server, or multiple servers with different IP addresses3.FortiGate can use the SAN field in the server certificate to identify the hostname of the SSL server and verify it against the client request2.

E) The subject field in the server certificate. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The subject field is a part of the X.509 certificate standard that contains information about the identity of the entity that owns the certificate, such as common name, organization, country, and so on.The common name usually specifies the hostname or domain name of the server that owns the certificate4.FortiGate can use the subject field in the server certificate to identify the hostname of the SSL server and verify it against the client request2.

Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms