NSE4_FGT-7.2 Online Practice Questions and Answers

Refer to the exhibit.

The exhibit shows the output of a diagnose command.

What does the output reveal about the policy route?

A. It is an ISDB route in policy route.

B. It is a regular policy route.

C. It is an ISDB policy route with an SDWAN rule.

D. It is an SDWAN rule in policy route.

Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

A. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration

B. Apple FaceTime will be allowed, based on the Apple filter configuration.

C. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn

D. Apple FaceTime will be allowed, based on the Categories configuration.

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

A. The firewall policy performs the full content inspection on the file.

B. The flow-based inspection is used, which resets the last packet to the user.

C. The volume of traffic being inspected is too high for this model of FortiGate.

D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook .

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

A. Make SSL inspection needs to be a deep content inspection.

B. Force access to Facebook using the HTTP service.

C. Get the additional application signatures are required to add to the security policy.

D. Add Facebook in the URL category in the security policy.

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 16. 1.0/24 and the remote quick mode selector is 192. 16.2.0/24. How must the administrator configure the local quick mode selector for site B?

A. 192. 168.3.0/24

B. 192. 168.2.0/24

C. 192. 168. 1.0/24

D. 192. 168.0.0/8

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

A. SSH

B. HTTPS

C. FTM

D. FortiTelemetry

What inspection mode does FortiGate use if it is configured as a policy-based next- generation firewall (NGFW)?

A. Full Content inspection

B. Proxy-based inspection

C. Certificate inspection

D. Flow-based inspection

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A. Log ID

B. Universally Unique Identifier

C. Policy ID

D. Sequence ID

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A. Subject Key Identifier value

B. SMMIE Capabilities value

C. Subject value

D. Subject Alternative Name value

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

A. To remove the NAT operation.

B. To generate logs

C. To finish any inspection operations.

D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

A. It always authorizes the traffic without requiring authentication.

B. It drops the traffic.

C. It authenticates the traffic using the authentication scheme SCHEME2.

D. It authenticates the traffic using the authentication scheme SCHEME1.

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet.

The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .

With this configuration, which statement is true?

A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet.

C. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

D. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

A. Extended authentication (XAuth) for faster authentication because fewer packets are exchanged

B. Extended authentication (XAuth) to request the remote peer to provide a username and password

C. No certificate is required on the remote peer when you set the certificate signature as the authentication method

D. Pre-shared key and certificate signature as authentication methods

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

A. Heartbeat interfaces have virtual IP addresses that are manually assigned.

B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

C. Virtual IP addresses are used to distinguish between cluster members.

D. The primary device in the cluster is always assigned IP address 169.254.0.1.

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

A. hard-timeout

B. auth-on-demand

C. soft-timeout

D. new-session

E. Idle-timeout