ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Question 21

Report
Export
Collapse

Which three statements explain a flow-based antivirus profile? (Choose three.)

A.
Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.
A.
Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.
Answers
B.
If a virus is detected, the last packet is delivered to the client.
B.
If a virus is detected, the last packet is delivered to the client.
Answers
C.
The IPS engine handles the process as a standalone.
C.
The IPS engine handles the process as a standalone.
Answers
D.
FortiGate buffers the whole file but transmits to the client at the same time.
D.
FortiGate buffers the whole file but transmits to the client at the same time.
Answers
E.
Flow-based inspection optimizes performance compared to proxy-based inspection.
E.
Flow-based inspection optimizes performance compared to proxy-based inspection.
Answers
Suggested answer: A, D, E

Question 22

Report
Export
Collapse

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

A.
The firewall policy performs the full content inspection on the file.
A.
The firewall policy performs the full content inspection on the file.
Answers
B.
The flow-based inspection is used, which resets the last packet to the user.
B.
The flow-based inspection is used, which resets the last packet to the user.
Answers
C.
The volume of traffic being inspected is too high for this model of FortiGate.
C.
The volume of traffic being inspected is too high for this model of FortiGate.
Answers
D.
The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
D.
The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
Answers
Suggested answer: B

Explanation:

* 'ONLY' If the virus is detected at the 'START' of the connection, the IPS engine sends the block replacement message immediately

* When a virus is detected on a TCP session (FIRST TIME), but where 'SOME PACKETS' have been already forwarded to the receiver, FortiGate 'resets the connection' and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a 'SECOND ATTEMPT' to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.

In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.

Question 23

Report
Export
Collapse

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

* All traffic must be routed through the primary tunnel when both tunnels are up

* The secondary tunnel must be used only if the primary tunnel goes down

* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

A.
Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
A.
Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
Answers
B.
Enable Dead Peer Detection.
B.
Enable Dead Peer Detection.
Answers
C.
Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
C.
Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
Answers
D.
Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
D.
Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
Answers
Suggested answer: B, C

Explanation:

Study Guide -- IPsec VPN -- IPsec configuration -- Phase 1 Network.

When Dead Peer Detection (DPD) is enabled, DPD probes are sent to detect a failed tunnel and bring it down before its IPsec SAs expire. This failure detection mechanism is very useful when you have redundant paths to the same destination, and you want to failover to a backup connection when the primary connection fails to keep the connectivity between the sites up.

There are three DPD modes. On demand is the default mode.

Study Guide -- IPsec VPN -- Redundant VPNs.

Add one phase 1 configuration for each tunnel. DPD should be enabled on both ends.

Add at least one phase 2 definition for each phase 1.

Add one static route for each path. Use distance or priority to select primary routes over backup routes (routes for the primary VPN must have a lower distance or lower priority than the backup). Alternatively, use dynamic routing.

Configure FW policies for each IPsec interface.

Question 24

Report
Export
Collapse

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A.
Antivirus engine
A.
Antivirus engine
Answers
B.
Intrusion prevention system engine
B.
Intrusion prevention system engine
Answers
C.
Flow engine
C.
Flow engine
Answers
D.
Detection engine
D.
Detection engine
Answers
Suggested answer: B

Explanation:

http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control

Question 25

Report
Export
Collapse

Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

A.
Traffic between port2 and port2-vlan1 is allowed by default.
A.
Traffic between port2 and port2-vlan1 is allowed by default.
Answers
B.
port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
B.
port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
Answers
C.
port1 is a native VLAN.
C.
port1 is a native VLAN.
Answers
D.
port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
D.
port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
Answers
Suggested answer: C, D

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-rules-about-VLAN-configuration-and-VDOM-interf

https://kb.fortinet.com/kb/viewContent.do?externalId=FD30883

Question 26

Report
Export
Collapse

Which statement about video filtering on FortiGate is true?

A.
Full SSL Inspection is not required.
A.
Full SSL Inspection is not required.
Answers
B.
It is available only on a proxy-based firewall policy.
B.
It is available only on a proxy-based firewall policy.
Answers
C.
It inspects video files hosted on file sharing services.
C.
It inspects video files hosted on file sharing services.
Answers
D.
Video filtering FortiGuard categories are based on web filter FortiGuard categories.
D.
Video filtering FortiGuard categories are based on web filter FortiGuard categories.
Answers
Suggested answer: B

Question 27

Report
Export
Collapse

Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

A.
There are five devices that are part of the security fabric.
A.
There are five devices that are part of the security fabric.
Answers
B.
Device detection is disabled on all FortiGate devices.
B.
Device detection is disabled on all FortiGate devices.
Answers
C.
This security fabric topology is a logical topology view.
C.
This security fabric topology is a logical topology view.
Answers
D.
There are 19 security recommendations for the security fabric.
D.
There are 19 security recommendations for the security fabric.
Answers
Suggested answer: C, D

Explanation:

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/761085/results

https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/736125/security-fabric-topology

Question 28

Report
Export
Collapse

A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.

What is the reason for the failed virus detection by FortiGate?

A.
The website is exempted from SSL inspection.
A.
The website is exempted from SSL inspection.
Answers
B.
The EICAR test file exceeds the protocol options oversize limit.
B.
The EICAR test file exceeds the protocol options oversize limit.
Answers
C.
The selected SSL inspection profile has certificate inspection enabled.
C.
The selected SSL inspection profile has certificate inspection enabled.
Answers
D.
The browser does not trust the FortiGate self-signed CA certificate.
D.
The browser does not trust the FortiGate self-signed CA certificate.
Answers
Suggested answer: A, C

Explanation:

SSL Inspection Profile, on the Inspection method there are 2 options to choose from, SSL Certificate Inspection or Full SSL Inspection. FG SEC 7.2 Studi Guide: Full SSL Inspection level is the only choice that allows antivirus to be effective.

Question 29

Report
Export
Collapse

Refer to the exhibits.

Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

A.
Administrators can access FortiGate only through the console port.
A.
Administrators can access FortiGate only through the console port.
Answers
B.
FortiGate has entered conserve mode.
B.
FortiGate has entered conserve mode.
Answers
C.
FortiGate will start sending all files to FortiSandbox for inspection.
C.
FortiGate will start sending all files to FortiSandbox for inspection.
Answers
D.
Administrators cannot change the configuration.
D.
Administrators cannot change the configuration.
Answers
Suggested answer: B, D

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Conserve-mode-changes/ta-p/198502

configurable thresholds

Though it is recommended to keep the default memory threshold, a new CLI command has been added to allow administrators to adjust the thresholds.

Default values are :

- red : 88% of total memory is considered 'used memory'

- extreme : 95% of total memory is considered 'used memory'

- green : 82% of total memory is considered 'used memory'

Question 30

Report
Export
Collapse

Refer to the exhibits.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

A.
Change the csf setting on ISFW (downstream) to set configuration-sync local.
A.
Change the csf setting on ISFW (downstream) to set configuration-sync local.
Answers
B.
Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.
B.
Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.
Answers
C.
Change the csf setting on both devices to set downstream-access enable.
C.
Change the csf setting on both devices to set downstream-access enable.
Answers
D.
Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
D.
Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
Answers
Suggested answer: C
Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms