ExamGecko
Login
Home / Fortinet / NSE4_FGT-7.2 / List of questions
Ask Question

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 4

List of questions

Question 31

Report Export Collapse

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

System time
System time
FortiGuaid update servers
FortiGuaid update servers
Operating mode
Operating mode
NGFW mode
NGFW mode
Suggested answer: C, D
Explanation:

C: 'Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.

D: 'Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM' Page 125 of FortiGate_Infrastructure_6.4_Study_Guide

asked 18/09/2024
Peter Unterasinger
46 questions

Question 32

Report Export Collapse

51 Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

The security actions applied on the web applications will also be explicitly applied on the third-party websites.
The security actions applied on the web applications will also be explicitly applied on the third-party websites.
The application signature database inspects traffic only from the original web application server.
The application signature database inspects traffic only from the original web application server.
FortiGuard maintains only one signature of each web application that is unique.
FortiGuard maintains only one signature of each web application that is unique.
FortiGate can inspect sub-application traffic regardless where it was originated.
FortiGate can inspect sub-application traffic regardless where it was originated.
Suggested answer: D
Explanation:

https://help.fortinet.com/fortiproxy/11/Content/Admin%20Guides/FPX-AdminGuide/300_System/303d_FortiG

asked 18/09/2024
Jennifer Leon
47 questions

Question 33

Report Export Collapse

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

Disabled
Disabled
On Demand
On Demand
Enabled
Enabled
On Idle
On Idle
Suggested answer: D
asked 18/09/2024
KHALID ALSHAHRANI
48 questions

Question 34

Report Export Collapse

Refer to the exhibit.

Fortinet NSE4_FGT-7.2 image Question 34 26107 09182024185939000000

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Change password
Change password
Enable restrict access to trusted hosts
Enable restrict access to trusted hosts
Change Administrator profile
Change Administrator profile
Enable two-factor authentication
Enable two-factor authentication
Suggested answer: C
asked 18/09/2024
Soumia Djenan
33 questions

Question 35

Report Export Collapse

Which two statements are correct about SLA targets? (Choose two.)

You can configure only two SLA targets per one Performance SLA.
You can configure only two SLA targets per one Performance SLA.
SLA targets are optional.
SLA targets are optional.
SLA targets are required for SD-WAN rules with a Best Quality strategy.
SLA targets are required for SD-WAN rules with a Best Quality strategy.
SLA targets are used only when referenced by an SD-WAN rule.
SLA targets are used only when referenced by an SD-WAN rule.
Suggested answer: B, D
asked 18/09/2024
Brian Lester
46 questions

Question 36

Report Export Collapse

Refer to the exhibit.

Fortinet NSE4_FGT-7.2 image Question 36 26109 09182024185939000000

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

The port3 default route has the lowest metric.
The port3 default route has the lowest metric.
The port1 and port2 default routes are active in the routing table.
The port1 and port2 default routes are active in the routing table.
The ports default route has the highest distance.
The ports default route has the highest distance.
There will be eight routes active in the routing table.
There will be eight routes active in the routing table.
Suggested answer: B, C
Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-identify-Inactive-Routes-in-the-Routing/ta-p/197595

asked 18/09/2024
Knowledge Mathebula
40 questions

Question 37

Report Export Collapse

When configuring a firewall virtual wire pair policy, which following statement is true?

Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.
Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.
Only a single virtual wire pair can be included in each policy.
Only a single virtual wire pair can be included in each policy.
Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.
Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.
Exactly two virtual wire pairs need to be included in each policy.
Exactly two virtual wire pairs need to be included in each policy.
Suggested answer: A
asked 18/09/2024
James DePhillip
47 questions

Question 38

Report Export Collapse

Refer to the exhibit.

Fortinet NSE4_FGT-7.2 image Question 38 26111 09182024185939000000

An administrator is running a sniffer command as shown in the exhibit.

Which three pieces of information are included in the sniffer output? (Choose three.)

Interface name
Interface name
Ethernet header
Ethernet header
IP header
IP header
Application header
Application header
Packet payload
Packet payload
Suggested answer: A, C, E
Explanation:

Study Guide -- Routing -- Diagnostics -- Packet Capture Verbosity Level.

# diagnose sniffer packet <interface> '<filter>' <verbosity> <count> <timestamp> <frame size>

In the example, verbosity is 5.

The verbosity level specifies how much info you want to display.

1 (default): IP Headers.

2: IP Headers, Packet Payload.

3. IP Headers, Packet Payload, Ethernet Headers.

4: IP Headers, Interface Name.

5: IP Headers, Packet Payload, Interface Name.

6: IP Headers, Packet Payload, Ethernet Headers, Interface Name.

asked 18/09/2024
Renaldo Williams
45 questions

Question 39

Report Export Collapse

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Add the support of NTLM authentication.
Add the support of NTLM authentication.
Add user accounts to Active Directory (AD).
Add user accounts to Active Directory (AD).
Add user accounts to the FortiGate group fitter.
Add user accounts to the FortiGate group fitter.
Add user accounts to the Ignore User List.
Add user accounts to the Ignore User List.
Suggested answer: D
asked 18/09/2024
Seth Frizzell
43 questions

Question 40

Report Export Collapse

An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 168. 1.0/24 and the remote quick mode selector is 192. 168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?

192. 168. 1.0/24
192. 168. 1.0/24
192. 168.0.0/24
192. 168.0.0/24
192. 168.2.0/24
192. 168.2.0/24
192. 168.3.0/24
192. 168.3.0/24
Suggested answer: C
Explanation:

For an IPsec VPN between site A and site B, the administrator has configured the local quick mode selector for site A as 192.168.1.0/24 and the remote quick mode selector as 192.168.2.0/24. This means that the VPN will allow traffic to and from the 192.168.1.0/24 subnet at site A to reach the 192.168.2.0/24 subnet at site B.

To complete the configuration, the administrator must configure the local quick mode selector for site B. To do this, the administrator must use the same subnet as the remote quick mode selector for site A, which is 192.168.2.0/24. This will allow traffic to and from the 192.168.2.0/24 subnet at site B to reach the 192.168.1.0/24 subnet at site A.

Therefore, the administrator must configure the local quick mode selector for site B as 192.168.2.0/24.

asked 18/09/2024
Aurelie Touraille Colombo
33 questions
Total 184 questions
Go to page: of 19
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two features of the NGFW policy-based mode? (Choose two.)
Refer to the exhibits. Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive-Bandwidth and Apple filter details. Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
What are two features of collector agent advanced mode? (Choose two.)
If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
What are two functions of the ZTNA rule? (Choose two.)
What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)