ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Question 31

Report
Export
Collapse

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

A.
System time
A.
System time
Answers
B.
FortiGuaid update servers
B.
FortiGuaid update servers
Answers
C.
Operating mode
C.
Operating mode
Answers
D.
NGFW mode
D.
NGFW mode
Answers
Suggested answer: C, D

Explanation:

C: 'Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.

D: 'Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM' Page 125 of FortiGate_Infrastructure_6.4_Study_Guide

Question 32

Report
Export
Collapse

51 Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

A.
The security actions applied on the web applications will also be explicitly applied on the third-party websites.
A.
The security actions applied on the web applications will also be explicitly applied on the third-party websites.
Answers
B.
The application signature database inspects traffic only from the original web application server.
B.
The application signature database inspects traffic only from the original web application server.
Answers
C.
FortiGuard maintains only one signature of each web application that is unique.
C.
FortiGuard maintains only one signature of each web application that is unique.
Answers
D.
FortiGate can inspect sub-application traffic regardless where it was originated.
D.
FortiGate can inspect sub-application traffic regardless where it was originated.
Answers
Suggested answer: D

Explanation:

https://help.fortinet.com/fortiproxy/11/Content/Admin%20Guides/FPX-AdminGuide/300_System/303d_FortiG

Question 33

Report
Export
Collapse

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

A.
Disabled
A.
Disabled
Answers
B.
On Demand
B.
On Demand
Answers
C.
Enabled
C.
Enabled
Answers
D.
On Idle
D.
On Idle
Answers
Suggested answer: D

Question 34

Report
Export
Collapse

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A.
Change password
A.
Change password
Answers
B.
Enable restrict access to trusted hosts
B.
Enable restrict access to trusted hosts
Answers
C.
Change Administrator profile
C.
Change Administrator profile
Answers
D.
Enable two-factor authentication
D.
Enable two-factor authentication
Answers
Suggested answer: C

Question 35

Report
Export
Collapse

Which two statements are correct about SLA targets? (Choose two.)

A.
You can configure only two SLA targets per one Performance SLA.
A.
You can configure only two SLA targets per one Performance SLA.
Answers
B.
SLA targets are optional.
B.
SLA targets are optional.
Answers
C.
SLA targets are required for SD-WAN rules with a Best Quality strategy.
C.
SLA targets are required for SD-WAN rules with a Best Quality strategy.
Answers
D.
SLA targets are used only when referenced by an SD-WAN rule.
D.
SLA targets are used only when referenced by an SD-WAN rule.
Answers
Suggested answer: B, D

Question 36

Report
Export
Collapse

Refer to the exhibit.

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

A.
The port3 default route has the lowest metric.
A.
The port3 default route has the lowest metric.
Answers
B.
The port1 and port2 default routes are active in the routing table.
B.
The port1 and port2 default routes are active in the routing table.
Answers
C.
The ports default route has the highest distance.
C.
The ports default route has the highest distance.
Answers
D.
There will be eight routes active in the routing table.
D.
There will be eight routes active in the routing table.
Answers
Suggested answer: B, C

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-identify-Inactive-Routes-in-the-Routing/ta-p/197595

Question 37

Report
Export
Collapse

When configuring a firewall virtual wire pair policy, which following statement is true?

A.
Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.
A.
Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.
Answers
B.
Only a single virtual wire pair can be included in each policy.
B.
Only a single virtual wire pair can be included in each policy.
Answers
C.
Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.
C.
Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.
Answers
D.
Exactly two virtual wire pairs need to be included in each policy.
D.
Exactly two virtual wire pairs need to be included in each policy.
Answers
Suggested answer: A

Question 38

Report
Export
Collapse

Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.

Which three pieces of information are included in the sniffer output? (Choose three.)

A.
Interface name
A.
Interface name
Answers
B.
Ethernet header
B.
Ethernet header
Answers
C.
IP header
C.
IP header
Answers
D.
Application header
D.
Application header
Answers
E.
Packet payload
E.
Packet payload
Answers
Suggested answer: A, C, E

Explanation:

Study Guide -- Routing -- Diagnostics -- Packet Capture Verbosity Level.

# diagnose sniffer packet <interface> '<filter>' <verbosity> <count> <timestamp> <frame size>

In the example, verbosity is 5.

The verbosity level specifies how much info you want to display.

1 (default): IP Headers.

2: IP Headers, Packet Payload.

3. IP Headers, Packet Payload, Ethernet Headers.

4: IP Headers, Interface Name.

5: IP Headers, Packet Payload, Interface Name.

6: IP Headers, Packet Payload, Ethernet Headers, Interface Name.

Question 39

Report
Export
Collapse

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

A.
Add the support of NTLM authentication.
A.
Add the support of NTLM authentication.
Answers
B.
Add user accounts to Active Directory (AD).
B.
Add user accounts to Active Directory (AD).
Answers
C.
Add user accounts to the FortiGate group fitter.
C.
Add user accounts to the FortiGate group fitter.
Answers
D.
Add user accounts to the Ignore User List.
D.
Add user accounts to the Ignore User List.
Answers
Suggested answer: D

Question 40

Report
Export
Collapse

An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 168. 1.0/24 and the remote quick mode selector is 192. 168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?

A.
192. 168. 1.0/24
A.
192. 168. 1.0/24
Answers
B.
192. 168.0.0/24
B.
192. 168.0.0/24
Answers
C.
192. 168.2.0/24
C.
192. 168.2.0/24
Answers
D.
192. 168.3.0/24
D.
192. 168.3.0/24
Answers
Suggested answer: C

Explanation:

For an IPsec VPN between site A and site B, the administrator has configured the local quick mode selector for site A as 192.168.1.0/24 and the remote quick mode selector as 192.168.2.0/24. This means that the VPN will allow traffic to and from the 192.168.1.0/24 subnet at site A to reach the 192.168.2.0/24 subnet at site B.

To complete the configuration, the administrator must configure the local quick mode selector for site B. To do this, the administrator must use the same subnet as the remote quick mode selector for site A, which is 192.168.2.0/24. This will allow traffic to and from the 192.168.2.0/24 subnet at site B to reach the 192.168.1.0/24 subnet at site A.

Therefore, the administrator must configure the local quick mode selector for site B as 192.168.2.0/24.

Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms