ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 61

Report
Export
Collapse

Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.

Which two statements are true? (Choose two.)

A.
FortiGate SN FGVM010000065036 HA uptime has been reset.
A.
FortiGate SN FGVM010000065036 HA uptime has been reset.
Answers
B.
FortiGate devices are not in sync because one device is down.
B.
FortiGate devices are not in sync because one device is down.
Answers
C.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
C.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
Answers
D.
FortiGate SN FGVM010000064692 has the higher HA priority.
D.
FortiGate SN FGVM010000064692 has the higher HA priority.
Answers
Suggested answer: A, D

Explanation:

1. Override is disable by default - OK

2. 'If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the

primary' The QUESTION NO : here is : HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study Guide. https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disab

Question 62

Report
Export
Collapse

Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.

Which two statements are true? (Choose two.)

A.
FortiGate SN FGVM010000065036 HA uptime has been reset.
A.
FortiGate SN FGVM010000065036 HA uptime has been reset.
Answers
B.
FortiGate devices are not in sync because one device is down.
B.
FortiGate devices are not in sync because one device is down.
Answers
C.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
C.
FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
Answers
D.
FortiGate SN FGVM010000064692 has the higher HA priority.
D.
FortiGate SN FGVM010000064692 has the higher HA priority.
Answers
Suggested answer: A, D

Explanation:

1. Override is disable by default - OK

2. 'If the HA uptime of a device is AT LEAST FIVE MINUTES (300 seconds) MORE than the HA Uptime of the other FortiGate devices, it becomes the

primary' The QUESTION NO : here is : HA Uptime of FGVM01000006492 > 5 minutes? NO - 198 seconds < 300 seconds (5 minutes) Page 314 Infra Study Guide. https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-override-disab

Question 63

Report
Export
Collapse

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

A.
On HQ-FortiGate, enable Auto-negotiate.
A.
On HQ-FortiGate, enable Auto-negotiate.
Answers
B.
On Remote-FortiGate, set Seconds to 43200.
B.
On Remote-FortiGate, set Seconds to 43200.
Answers
C.
On HQ-FortiGate, enable Diffie-Hellman Group 2.
C.
On HQ-FortiGate, enable Diffie-Hellman Group 2.
Answers
D.
On HQ-FortiGate, set Encryption to AES256.
D.
On HQ-FortiGate, set Encryption to AES256.
Answers
Suggested answer: D

Explanation:

Encryption and authentication algorithm needs to match in order for IPSEC be successfully established.

Question 64

Report
Export
Collapse

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

A.
FortiCache
A.
FortiCache
Answers
B.
FortiSIEM
B.
FortiSIEM
Answers
C.
FortiAnalyzer
C.
FortiAnalyzer
Answers
D.
FortiSandbox
D.
FortiSandbox
Answers
E.
FortiCloud
E.
FortiCloud
Answers
Suggested answer: B, C, E

Explanation:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reporting-overview

Question 65

Report
Export
Collapse

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.

What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

A.
Static IP Address
A.
Static IP Address
Answers
B.
Dialup User
B.
Dialup User
Answers
C.
Dynamic DNS
C.
Dynamic DNS
Answers
D.
Pre-shared Key
D.
Pre-shared Key
Answers
Suggested answer: B

Explanation:

Dialup user is used when the remote peer's IP address is unknown. The remote peer whose IP address is unknown acts as the dialup clien and this is often the case for branch offices and mobile VPN clients that use dynamic IP address and no dynamic DNS

Question 66

Report
Export
Collapse

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

A.
Policy lookup will be disabled.
A.
Policy lookup will be disabled.
Answers
B.
By Sequence view will be disabled.
B.
By Sequence view will be disabled.
Answers
C.
Search option will be disabled
C.
Search option will be disabled
Answers
D.
Interface Pair view will be disabled.
D.
Interface Pair view will be disabled.
Answers
Suggested answer: D

Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821

Question 67

Report
Export
Collapse

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

A.
The collector agent uses a Windows API to query DCs for user logins.
A.
The collector agent uses a Windows API to query DCs for user logins.
Answers
B.
NetAPI polling can increase bandwidth usage in large networks.
B.
NetAPI polling can increase bandwidth usage in large networks.
Answers
C.
The collector agent must search security event logs.
C.
The collector agent must search security event logs.
Answers
D.
The NetSession Enum function is used to track user logouts.
D.
The NetSession Enum function is used to track user logouts.
Answers
Suggested answer: D

Explanation:

FortiGate_Infrastructure_7.0 page 270: 'NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function in Windows.'

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34906&sliceId=1

Question 68

Report
Export
Collapse

An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

A.
Device detection on all interfaces is enforced for 30 minutes.
A.
Device detection on all interfaces is enforced for 30 minutes.
Answers
B.
Denied users are blocked for 30 minutes.
B.
Denied users are blocked for 30 minutes.
Answers
C.
A session for denied traffic is created.
C.
A session for denied traffic is created.
Answers
D.
The number of logs generated by denied traffic is reduced.
D.
The number of logs generated by denied traffic is reduced.
Answers
Suggested answer: C, D

Explanation:

ses-denied-traffic

Enable/disable including denied session in the session table.

https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/20620/config-system-settings

block-session-timer

Duration in seconds for blocked sessions .

integer

Minimum value: 1 Maximum value: 300

30

https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/1620/config-system-global

Question 69

Report
Export
Collapse

In an explicit proxy setup, where is the authentication method and database configured?

A.
Proxy Policy
A.
Proxy Policy
Answers
B.
Authentication Rule
B.
Authentication Rule
Answers
C.
Firewall Policy
C.
Firewall Policy
Answers
D.
Authentication scheme
D.
Authentication scheme
Answers
Suggested answer: D

Question 70

Report
Export
Collapse

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

A.
The IP version of the sources and destinations in a firewall policy must be different.
A.
The IP version of the sources and destinations in a firewall policy must be different.
Answers
B.
The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
B.
The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
Answers
C.
The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
C.
The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
Answers
D.
The IP version of the sources and destinations in a policy must match.
D.
The IP version of the sources and destinations in a policy must match.
Answers
E.
The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
E.
The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
Answers
Suggested answer: B, D, E
Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms