NSE4_FGT-7.2 by Fortinet Actual Free Exam Questions And Answers

Question 1

Refer to the exhibit.
Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

A. Social networking web filter category is configured with the action set to authenticate.

B. The action on firewall policy ID 1 is set to warning.

C. The name of the firewall policy is all_users_web.

D. Access to the social networking web filter category was explicitly blocked to all users.

Discussion 0

Correct Answer: A Vote an answer

Question 2

Which statement about the IP authentication header (AH) used by IPsec is true?

A. AH does not provide any data integrity or encryption.

B. AH does not support perfect forward secrecy.

C. AH provides data integrity bur no encryption.

D. AH provides strong data integrity but weak encryption.

Discussion 0

Correct Answer: C Vote an answer

Question 3

Refer to the exhibit.

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10.0. 1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

A. 10.200. 1.99

B. 10.200. 1.49

C. 10.200. 1. 1

D. 10.200. 1. 149

Discussion 0

Correct Answer: A Vote an answer

Question 4

Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

A. IP header

B. Application header

C. Ethernet header

D. Packet payload

E. Interface name

Discussion 0

Correct Answer: A,D,E Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

Which two types of traffic are managed only by the management VDOM? (Choose two.)

A. DNS

B. Traffic shaping

C. PKI

D. FortiGuard web filter queries

Discussion 0

Correct Answer: A,D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?

A. IP address

B. No other object can be added

C. FQDN address

D. User or User Group

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

How does FortiGate act when using SSL VPN in web mode?

A. FortiGate acts as an FDS server.

B. FortiGate acts as an HTTP reverse proxy.

C. FortiGate acts as DNS server.

D. FortiGate acts as router.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

A. On the Static URL Filter configuration, set Type to Simple

B. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking

C. On the Static URL Filter configuration, set Action to Exempt.

D. On the Static URL Filter configuration, set Action to Monitor.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

A. Downstream devices can connect to the upstream device from any of their VDOMs.

B. Each VDOM in the environment can be part of a different Security Fabric.

C. Security rating reports can be run individually for each configured VDOM.

D. VDOMs without ports with connected devices are not displayed in the topology.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 10

An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

A. Enable asymmetric routing, so the RPF check will be bypassed.

B. Disable the RPF check at the FortiGate interface level for the reply check .

C. Disable the RPF check at the FortiGate interface level for the source check.

D. Enable asymmetric routing at the interface level.

Discussion 0

Correct Answer: C Vote an answer

Question 11

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.
Which FortiGate configuration can achieve this goal?

A. SSL VPN tunnel

B. SSL VPN quick connection

C. SSL VPN bookmark

D. Zero trust network access

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 12

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

A. Log backups from the CLI can be configured to upload to FTP as a scheduled time

B. Log downloads from the GUI are stored as LZ4 compressed files.

C. Log downloads from the GUI are limited to the current filter view

D. Log backups from the CLI cannot be restored to another FortiGate.

Discussion 0

Correct Answer: C,D Vote an answer

Question 13

What is a reason for triggering IPS fail open?

A. The IPS engine is upgraded.

B. The IPS socket buffer is full and the IPS engine cannot process additional packets.

C. The administrator enabled NTurbo acceleration.

D. The IPS engine cannot decode a packet.

Discussion 0

Correct Answer: B Vote an answer

Question 14

The IPS engine is used by which three security features? (Choose three.)

A. Application control

B. Web filter in flow-based inspection

C. Web application firewall

D. Antivirus in flow-based inspection

E. DNS filter

Discussion 0

Correct Answer: A,B,D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 15

Refer to the exhibits.
Exhibit A

Exhibit B

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

A. If there is a fall-through policy in place, users will not be prompted for authentication.

B. All users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials.

C. All users will be prompted for authentication, users from the Sales group can authenticate successfully with the correct credentials.

D. Authentication is enforced at a policy level; all users will be prompted for authentication.

Discussion 0

Correct Answer: B Vote an answer

Fortinet NSE 4 - FortiOS 7.2 - NSE4_FGT-7.2 Exam Practice Test

Contact Us

Useful Links

Latest Updated