ExamGecko
Login
Home / Fortinet / NSE4_FGT-7.2 / List of questions
Ask Question

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 9

Add to Whishlist

List of questions

Question 81

Report Export Collapse

Which of the following statements about central NAT are true? (Choose two.)

IP tool references must be removed from existing firewall policies before enabling central NAT .
IP tool references must be removed from existing firewall policies before enabling central NAT .
Central NAT can be enabled or disabled from the CLI only.
Central NAT can be enabled or disabled from the CLI only.
Source NAT, using central NAT, requires at least one central SNAT policy.
Source NAT, using central NAT, requires at least one central SNAT policy.
Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
Suggested answer: A, B
asked 18/09/2024
Priyantha Perea
46 questions

Question 82

Report Export Collapse

An employee needs to connect to the office through a high-latency internet connection.

Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

idle-timeout
idle-timeout
login-timeout
login-timeout
udp-idle-timer
udp-idle-timer
session-ttl
session-ttl
Suggested answer: B
Explanation:

FortiGate Infrastructure 7.2 Study Guide (p.222):

'When connected to SSL VPN over high latency connections, FortiGate can time out the client before the client can finish the negotiation process, such as DNS lookup and time to enter a token. Two new CLI commands under config vpn ssl settings have been added to address this. The first command allows you to set up the login timeout, replacing the previous hard timeout value. The second command allows you to set up the maximum DTLS hello timeout for SSL VPN connections.'

asked 18/09/2024
Kurt Woodfin
50 questions

Question 83

Report Export Collapse

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

The interface has been configured for one-arm sniffer.
The interface has been configured for one-arm sniffer.
The interface is a member of a virtual wire pair.
The interface is a member of a virtual wire pair.
The operation mode is transparent.
The operation mode is transparent.
The interface is a member of a zone.
The interface is a member of a zone.
Captive portal is enabled in the interface.
Captive portal is enabled in the interface.
Suggested answer: A, B, C
Explanation:

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm

asked 18/09/2024
Maria Gervasi
47 questions

Question 84

Report Export Collapse

Which two statements are correct about a software switch on FortiGate? (Choose two.)

It can be configured only when FortiGate is operating in NAT mode
It can be configured only when FortiGate is operating in NAT mode
Can act as a Layer 2 switch as well as a Layer 3 router
Can act as a Layer 2 switch as well as a Layer 3 router
All interfaces in the software switch share the same IP address
All interfaces in the software switch share the same IP address
It can group only physical interfaces
It can group only physical interfaces
Suggested answer: A, C
asked 18/09/2024
SoftwareONE Deutschland GmbH
36 questions

Question 85

Report Export Collapse

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

FortiGate points the collector agent to use a remote LDAP server.
FortiGate points the collector agent to use a remote LDAP server.
FortiGate uses the AD server as the collector agent.
FortiGate uses the AD server as the collector agent.
FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
FortiGate queries AD by using the LDAP to retrieve user group information.
FortiGate queries AD by using the LDAP to retrieve user group information.
Suggested answer: C, D
Explanation:

Fortigate Infrastructure 7.0 Study Guide P.272-273

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

asked 18/09/2024
Garvey Butler
50 questions

Question 86

Report Export Collapse

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

It limits the scope of application control to the browser-based technology category only.
It limits the scope of application control to the browser-based technology category only.
It limits the scope of application control to scan application traffic based on application category only.
It limits the scope of application control to scan application traffic based on application category only.
It limits the scope of application control to scan application traffic using parent signatures only
It limits the scope of application control to scan application traffic using parent signatures only
It limits the scope of application control to scan application traffic on DNS protocol only.
It limits the scope of application control to scan application traffic on DNS protocol only.
Suggested answer: B
asked 18/09/2024
Darren Bajada
52 questions

Question 87

Report Export Collapse

Examine this output from a debug flow:

Fortinet NSE4_FGT-7.2 image Question 87 26160 09182024185939000000

Why did the FortiGate drop the packet?

The next-hop IP address is unreachable.
The next-hop IP address is unreachable.
It failed the RPF check .
It failed the RPF check .
It matched an explicitly configured firewall policy with the action DENY.
It matched an explicitly configured firewall policy with the action DENY.
It matched the default implicit firewall policy.
It matched the default implicit firewall policy.
Suggested answer: D
Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=13900

https://www.fortinetguru.com/2016/03/what-is-policy-id-0-and-why-lot-of-denied-traffic-on-this-policy/

asked 18/09/2024
Chris Houck
36 questions

Question 88

Report Export Collapse

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

Web filter in flow-based inspection
Web filter in flow-based inspection
Antivirus in flow-based inspection
Antivirus in flow-based inspection
DNS filter
DNS filter
Web application firewall
Web application firewall
Application control
Application control
Suggested answer: A, B, E
Explanation:

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/739623/dns-filter-handled-by-ips-engine-in-flow-mode

asked 18/09/2024
Mohamed Nacer Ferhi
45 questions

Question 89

Report Export Collapse

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

Log downloads from the GUI are limited to the current filter view
Log downloads from the GUI are limited to the current filter view
Log backups from the CLI cannot be restored to another FortiGate. C. Log backups from the CLI can be configured to upload to FTP as a scheduled time D. Log downloads from the GUI are stored as LZ4 compressed files.
Log backups from the CLI cannot be restored to another FortiGate. C. Log backups from the CLI can be configured to upload to FTP as a scheduled time D. Log downloads from the GUI are stored as LZ4 compressed files.
Suggested answer: A, B
asked 18/09/2024
FB Kalaidji
43 questions

Question 90

Report Export Collapse

An administrator needs to increase network bandwidth and provide redundancy.

What interface type must the administrator select to bind multiple FortiGate interfaces?

VLAN interface
VLAN interface
Software Switch interface
Software Switch interface
Aggregate interface
Aggregate interface
Redundant interface
Redundant interface
Suggested answer: C
Explanation:

An aggregate interface is a logical interface that combines two or more physical interfaces into one virtual interface1. An aggregate interface can increase network bandwidth and provide redundancy by distributing traffic across multiple physical interfaces using a load balancing algorithm1. An aggregate interface can also support link aggregation control protocol (LACP) to negotiate the link aggregation settings with the connected device1.

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/567758/aggregation-and-redundancy

asked 18/09/2024
João Faria
48 questions
Total 184 questions
Go to page: of 19
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two features of the NGFW policy-based mode? (Choose two.)
Refer to the exhibits. Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive-Bandwidth and Apple filter details. Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
What are two features of collector agent advanced mode? (Choose two.)
If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
What are two functions of the ZTNA rule? (Choose two.)
What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)
Which two statements are correct about SLA targets? (Choose two.)