ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which two statements are correct about SLA targets? (Choose two.)
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 71

Report
Export
Collapse

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

A.
Warning
A.
Warning
Answers
B.
Exempt
B.
Exempt
Answers
C.
Allow
C.
Allow
Answers
D.
Learn
D.
Learn
Answers
Suggested answer: A, C

Question 72

Report
Export
Collapse

Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

A.
It always authorizes the traffic without requiring authentication.
A.
It always authorizes the traffic without requiring authentication.
Answers
B.
It drops the traffic.
B.
It drops the traffic.
Answers
C.
It authenticates the traffic using the authentication scheme SCHEME2.
C.
It authenticates the traffic using the authentication scheme SCHEME2.
Answers
D.
It authenticates the traffic using the authentication scheme SCHEME1.
D.
It authenticates the traffic using the authentication scheme SCHEME1.
Answers
Suggested answer: D

Explanation:

'What happens to traffic that requires authorization, but does not match any authentication rule? The active and passive SSO schemes to use for those cases is defined under config authentication setting'

Question 73

Report
Export
Collapse

Which two types of traffic are managed only by the management VDOM? (Choose two.)

A.
FortiGuard web filter queries
A.
FortiGuard web filter queries
Answers
B.
PKI
B.
PKI
Answers
C.
Traffic shaping
C.
Traffic shaping
Answers
D.
DNS
D.
DNS
Answers
Suggested answer: A, D

Explanation:

FortiGate Infrastructure 7.2 Study Guide (p.73): 'What about traffic originating from FortiGate? Some system daemons, such as NTP and FortiGuard updates, generate traffic coming from FortiGate. Traffic coming from FortiGate to those global services originates from the management VDOM. One, and only one, of the VDOMs on a FortiGate device is assigned the role of the management VDOM. It is important to note that the management VDOM designation is solely for traffic originated by FortiGate, such as FortiGuard updates, and has no effect on traffic passing through FortiGate.'

Question 74

Report
Export
Collapse

Refer to the exhibit.

Which contains a network diagram and routing table output.

The Student is unable to access Webserver.

What is the cause of the problem and what is the solution for the problem?

A.
The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
A.
The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
Answers
B.
The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
B.
The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
Answers
C.
The first reply packet for Student failed the RPF check . This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.
C.
The first reply packet for Student failed the RPF check . This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.
Answers
D.
The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.
D.
The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.
Answers
Suggested answer: D

Question 75

Report
Export
Collapse

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

A.
diagnose wad session list
A.
diagnose wad session list
Answers
B.
diagnose wad session list | grep hook-pre&&hook-out
B.
diagnose wad session list | grep hook-pre&&hook-out
Answers
C.
diagnose wad session list | grep hook=pre&&hook=out
C.
diagnose wad session list | grep hook=pre&&hook=out
Answers
D.
diagnose wad session list | grep 'hook=pre'&'hook=out'
D.
diagnose wad session list | grep 'hook=pre'&'hook=out'
Answers
Suggested answer: A

Question 76

Report
Export
Collapse

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

A.
Source defined as Internet Services in the firewall policy.
A.
Source defined as Internet Services in the firewall policy.
Answers
B.
Destination defined as Internet Services in the firewall policy.
B.
Destination defined as Internet Services in the firewall policy.
Answers
C.
Highest to lowest priority defined in the firewall policy.
C.
Highest to lowest priority defined in the firewall policy.
Answers
D.
Services defined in the firewall policy.
D.
Services defined in the firewall policy.
Answers
E.
Lowest to highest policy ID number.
E.
Lowest to highest policy ID number.
Answers
Suggested answer: A, B, D

Explanation:

When a packet arrives, how does FortiGate find a matching policy? Each policy has match criteria, which

you can define using the following objects:

* Incoming Interface

* Outgoing Interface

* Source: IP address, user, internet services

* Destination: IP address or internet services

* Service: IP protocol and port number

* Schedule: Applies during configured times

Question 77

Report
Export
Collapse

Which scanning technique on FortiGate can be enabled only on the CLI?

A.
Heuristics scan
A.
Heuristics scan
Answers
B.
Trojan scan
B.
Trojan scan
Answers
C.
Antivirus scan
C.
Antivirus scan
Answers
D.
Ransomware scan
D.
Ransomware scan
Answers
Suggested answer: A

Question 78

Report
Export
Collapse

Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

A.
Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration
A.
Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration
Answers
B.
Apple FaceTime will be allowed, based on the Apple filter configuration.
B.
Apple FaceTime will be allowed, based on the Apple filter configuration.
Answers
C.
Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn
C.
Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn
Answers
D.
Apple FaceTime will be allowed, based on the Categories configuration.
D.
Apple FaceTime will be allowed, based on the Categories configuration.
Answers
Suggested answer: A

Question 79

Report
Export
Collapse

An administrator must disable RPF check to investigate an issue.

Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

A.
Enable asymmetric routing, so the RPF check will be bypassed.
A.
Enable asymmetric routing, so the RPF check will be bypassed.
Answers
B.
Disable the RPF check at the FortiGate interface level for the source check.
B.
Disable the RPF check at the FortiGate interface level for the source check.
Answers
C.
Disable the RPF check at the FortiGate interface level for the reply check .
C.
Disable the RPF check at the FortiGate interface level for the reply check .
Answers
D.
Enable asymmetric routing at the interface level.
D.
Enable asymmetric routing at the interface level.
Answers
Suggested answer: B

Question 80

Report
Export
Collapse

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 16. 1.0/24 and the remote quick mode selector is 192. 16.2.0/24. How must the administrator configure the local quick mode selector for site B?

A.
192. 168.3.0/24
A.
192. 168.3.0/24
Answers
B.
192. 168.2.0/24
B.
192. 168.2.0/24
Answers
C.
192. 168. 1.0/24
C.
192. 168. 1.0/24
Answers
D.
192. 168.0.0/8
D.
192. 168.0.0/8
Answers
Suggested answer: B
Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms