ExamGecko
Login
Home / Fortinet / NSE4_FGT-7.2 / List of questions
Ask Question

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 7

Add to Whishlist

List of questions

Question 61

Report Export Collapse

Refer to the exhibit.

Fortinet NSE4_FGT-7.2 image Question 61 26134 09182024185939000000

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.

Which two statements are true? (Choose two.)

FortiGate SN FGVM010000065036 HA uptime has been reset.
FortiGate SN FGVM010000065036 HA uptime has been reset.
FortiGate devices are not in sync because one device is down.
FortiGate devices are not in sync because one device is down.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
FortiGate SN FGVM010000064692 has the higher HA priority.
FortiGate SN FGVM010000064692 has the higher HA priority.
Suggested answer: A, D
Explanation:

1. Override is disable by default - OK

2. 'If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the

primary' The QUESTION NO : here is : HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study Guide. https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disab

asked 18/09/2024
Dantrez Griffin
42 questions

Question 62

Report Export Collapse

Refer to the exhibit.

Fortinet NSE4_FGT-7.2 image Question 62 26135 09182024185939000000

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.

Which two statements are true? (Choose two.)

FortiGate SN FGVM010000065036 HA uptime has been reset.
FortiGate SN FGVM010000065036 HA uptime has been reset.
FortiGate devices are not in sync because one device is down.
FortiGate devices are not in sync because one device is down.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
FortiGate SN FGVM010000064692 has the higher HA priority.
FortiGate SN FGVM010000064692 has the higher HA priority.
Suggested answer: A, D
Explanation:

1. Override is disable by default - OK

2. 'If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the

primary' The QUESTION NO : here is : HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study Guide. https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disab

asked 18/09/2024
Johnny Oostdijk
30 questions

Question 63

Report Export Collapse

Refer to the exhibit.

Fortinet NSE4_FGT-7.2 image Question 63 26136 09182024185939000000

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

On HQ-FortiGate, enable Auto-negotiate.
On HQ-FortiGate, enable Auto-negotiate.
On Remote-FortiGate, set Seconds to 43200.
On Remote-FortiGate, set Seconds to 43200.
On HQ-FortiGate, enable Diffie-Hellman Group 2.
On HQ-FortiGate, enable Diffie-Hellman Group 2.
On HQ-FortiGate, set Encryption to AES256.
On HQ-FortiGate, set Encryption to AES256.
Suggested answer: D
Explanation:

Encryption and authentication algorithm needs to match in order for IPSEC be successfully established.

asked 18/09/2024
Katherine Messick
41 questions

Question 64

Report Export Collapse

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

FortiCache
FortiCache
FortiSIEM
FortiSIEM
FortiAnalyzer
FortiAnalyzer
FortiSandbox
FortiSandbox
FortiCloud
FortiCloud
Suggested answer: B, C, E
Explanation:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reporting-overview

asked 18/09/2024
Cynan Jones
43 questions

Question 65

Report Export Collapse

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.

What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

Static IP Address
Static IP Address
Dialup User
Dialup User
Dynamic DNS
Dynamic DNS
Pre-shared Key
Pre-shared Key
Suggested answer: B
Explanation:

Dialup user is used when the remote peer's IP address is unknown. The remote peer whose IP address is unknown acts as the dialup clien and this is often the case for branch offices and mobile VPN clients that use dynamic IP address and no dynamic DNS

asked 18/09/2024
Prashant Bari
48 questions

Question 66

Report Export Collapse

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

Policy lookup will be disabled.
Policy lookup will be disabled.
By Sequence view will be disabled.
By Sequence view will be disabled.
Search option will be disabled
Search option will be disabled
Interface Pair view will be disabled.
Interface Pair view will be disabled.
Suggested answer: D
Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821

asked 18/09/2024
Nenad Celikovic
49 questions

Question 67

Report Export Collapse

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

The collector agent uses a Windows API to query DCs for user logins.
The collector agent uses a Windows API to query DCs for user logins.
NetAPI polling can increase bandwidth usage in large networks.
NetAPI polling can increase bandwidth usage in large networks.
The collector agent must search security event logs.
The collector agent must search security event logs.
The NetSession Enum function is used to track user logouts.
The NetSession Enum function is used to track user logouts.
Suggested answer: D
Explanation:

FortiGate_Infrastructure_7.0 page 270: 'NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function in Windows.'

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1

asked 18/09/2024
Enayat Meer
40 questions

Question 68

Report Export Collapse

An administrator has configured the following settings:

Fortinet NSE4_FGT-7.2 image Question 68 26141 09182024185939000000

What are the two results of this configuration? (Choose two.)

Device detection on all interfaces is enforced for 30 minutes.
Device detection on all interfaces is enforced for 30 minutes.
Denied users are blocked for 30 minutes.
Denied users are blocked for 30 minutes.
A session for denied traffic is created.
A session for denied traffic is created.
The number of logs generated by denied traffic is reduced.
The number of logs generated by denied traffic is reduced.
Suggested answer: C, D
Explanation:

ses-denied-traffic

Enable/disable including denied session in the session table.

https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/20620/config-system-settings

block-session-timer

Duration in seconds for blocked sessions .

integer

Minimum value: 1 Maximum value: 300

30

https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/1620/config-system-global

asked 18/09/2024
Chang Weishin
32 questions

Question 69

Report Export Collapse

In an explicit proxy setup, where is the authentication method and database configured?

Proxy Policy
Proxy Policy
Authentication Rule
Authentication Rule
Firewall Policy
Firewall Policy
Authentication scheme
Authentication scheme
Suggested answer: D
asked 18/09/2024
Dawn Silva
31 questions

Question 70

Report Export Collapse

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

The IP version of the sources and destinations in a firewall policy must be different.
The IP version of the sources and destinations in a firewall policy must be different.
The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
The IP version of the sources and destinations in a policy must match.
The IP version of the sources and destinations in a policy must match.
The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
Suggested answer: B, D, E
asked 18/09/2024
Alvaro Alejandro Zorrilla Tello
36 questions
Total 184 questions
Go to page: of 19
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two features of the NGFW policy-based mode? (Choose two.)
Refer to the exhibits. Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive-Bandwidth and Apple filter details. Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
What are two features of collector agent advanced mode? (Choose two.)
If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
What are two functions of the ZTNA rule? (Choose two.)
What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)