ExamGecko
Search Search Login
Home Home / Fortinet / NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?
Which two statements are correct about SLA targets? (Choose two.)
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Question 81

Report
Export
Collapse

Which of the following statements about central NAT are true? (Choose two.)

A.
IP tool references must be removed from existing firewall policies before enabling central NAT .
A.
IP tool references must be removed from existing firewall policies before enabling central NAT .
Answers
B.
Central NAT can be enabled or disabled from the CLI only.
B.
Central NAT can be enabled or disabled from the CLI only.
Answers
C.
Source NAT, using central NAT, requires at least one central SNAT policy.
C.
Source NAT, using central NAT, requires at least one central SNAT policy.
Answers
D.
Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
D.
Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
Answers
Suggested answer: A, B

Question 82

Report
Export
Collapse

An employee needs to connect to the office through a high-latency internet connection.

Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

A.
idle-timeout
A.
idle-timeout
Answers
B.
login-timeout
B.
login-timeout
Answers
C.
udp-idle-timer
C.
udp-idle-timer
Answers
D.
session-ttl
D.
session-ttl
Answers
Suggested answer: B

Explanation:

FortiGate Infrastructure 7.2 Study Guide (p.222):

'When connected to SSL VPN over high latency connections, FortiGate can time out the client before the client can finish the negotiation process, such as DNS lookup and time to enter a token. Two new CLI commands under config vpn ssl settings have been added to address this. The first command allows you to set up the login timeout, replacing the previous hard timeout value. The second command allows you to set up the maximum DTLS hello timeout for SSL VPN connections.'

Question 83

Report
Export
Collapse

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A.
The interface has been configured for one-arm sniffer.
A.
The interface has been configured for one-arm sniffer.
Answers
B.
The interface is a member of a virtual wire pair.
B.
The interface is a member of a virtual wire pair.
Answers
C.
The operation mode is transparent.
C.
The operation mode is transparent.
Answers
D.
The interface is a member of a zone.
D.
The interface is a member of a zone.
Answers
E.
Captive portal is enabled in the interface.
E.
Captive portal is enabled in the interface.
Answers
Suggested answer: A, B, C

Explanation:

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm

Question 84

Report
Export
Collapse

Which two statements are correct about a software switch on FortiGate? (Choose two.)

A.
It can be configured only when FortiGate is operating in NAT mode
A.
It can be configured only when FortiGate is operating in NAT mode
Answers
B.
Can act as a Layer 2 switch as well as a Layer 3 router
B.
Can act as a Layer 2 switch as well as a Layer 3 router
Answers
C.
All interfaces in the software switch share the same IP address
C.
All interfaces in the software switch share the same IP address
Answers
D.
It can group only physical interfaces
D.
It can group only physical interfaces
Answers
Suggested answer: A, C

Question 85

Report
Export
Collapse

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

A.
FortiGate points the collector agent to use a remote LDAP server.
A.
FortiGate points the collector agent to use a remote LDAP server.
Answers
B.
FortiGate uses the AD server as the collector agent.
B.
FortiGate uses the AD server as the collector agent.
Answers
C.
FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
C.
FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
Answers
D.
FortiGate queries AD by using the LDAP to retrieve user group information.
D.
FortiGate queries AD by using the LDAP to retrieve user group information.
Answers
Suggested answer: C, D

Explanation:

Fortigate Infrastructure 7.0 Study Guide P.272-273

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

Question 86

Report
Export
Collapse

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A.
It limits the scope of application control to the browser-based technology category only.
A.
It limits the scope of application control to the browser-based technology category only.
Answers
B.
It limits the scope of application control to scan application traffic based on application category only.
B.
It limits the scope of application control to scan application traffic based on application category only.
Answers
C.
It limits the scope of application control to scan application traffic using parent signatures only
C.
It limits the scope of application control to scan application traffic using parent signatures only
Answers
D.
It limits the scope of application control to scan application traffic on DNS protocol only.
D.
It limits the scope of application control to scan application traffic on DNS protocol only.
Answers
Suggested answer: B

Question 87

Report
Export
Collapse

Examine this output from a debug flow:

Why did the FortiGate drop the packet?

A.
The next-hop IP address is unreachable.
A.
The next-hop IP address is unreachable.
Answers
B.
It failed the RPF check .
B.
It failed the RPF check .
Answers
C.
It matched an explicitly configured firewall policy with the action DENY.
C.
It matched an explicitly configured firewall policy with the action DENY.
Answers
D.
It matched the default implicit firewall policy.
D.
It matched the default implicit firewall policy.
Answers
Suggested answer: D

Explanation:

https://kb.fortinet.com/kb/documentLink.do?externalID=13900

https://www.fortinetguru.com/2016/03/what-is-policy-id-0-and-why-lot-of-denied-traffic-on-this-policy/

Question 88

Report
Export
Collapse

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

A.
Web filter in flow-based inspection
A.
Web filter in flow-based inspection
Answers
B.
Antivirus in flow-based inspection
B.
Antivirus in flow-based inspection
Answers
C.
DNS filter
C.
DNS filter
Answers
D.
Web application firewall
D.
Web application firewall
Answers
E.
Application control
E.
Application control
Answers
Suggested answer: A, B, E

Explanation:

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/739623/dns-filter-handled-by-ips-engine-in-flow-mode

Question 89

Report
Export
Collapse

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

A.
Log downloads from the GUI are limited to the current filter view
A.
Log downloads from the GUI are limited to the current filter view
Answers
B.
Log backups from the CLI cannot be restored to another FortiGate. C. Log backups from the CLI can be configured to upload to FTP as a scheduled time D. Log downloads from the GUI are stored as LZ4 compressed files.
B.
Log backups from the CLI cannot be restored to another FortiGate. C. Log backups from the CLI can be configured to upload to FTP as a scheduled time D. Log downloads from the GUI are stored as LZ4 compressed files.
Answers
Suggested answer: A, B

Question 90

Report
Export
Collapse

An administrator needs to increase network bandwidth and provide redundancy.

What interface type must the administrator select to bind multiple FortiGate interfaces?

A.
VLAN interface
A.
VLAN interface
Answers
B.
Software Switch interface
B.
Software Switch interface
Answers
C.
Aggregate interface
C.
Aggregate interface
Answers
D.
Redundant interface
D.
Redundant interface
Answers
Suggested answer: C

Explanation:

An aggregate interface is a logical interface that combines two or more physical interfaces into one virtual interface1. An aggregate interface can increase network bandwidth and provide redundancy by distributing traffic across multiple physical interfaces using a load balancing algorithm1. An aggregate interface can also support link aggregation control protocol (LACP) to negotiate the link aggregation settings with the connected device1.

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/567758/aggregation-and-redundancy

Total 184 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms