Fortinet NSE 4 - FortiOS 7.2
Last Update Dec 2, 2024
Total Questions : 170
We are offering FREE NSE4_FGT-7.2 Fortinet exam questions. All you do is to just go and sign up. Give your details, prepare NSE4_FGT-7.2 free exam questions and then go for complete pool of Fortinet NSE 4 - FortiOS 7.2 test questions that will help you more.
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?
Refer to the exhibit.
The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
Refer to the exhibit.
Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
Refer to the exhibits.
Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.
Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)
6
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
Refer to the exhibit, which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
Refer to the exhibit.
The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0. 1. 10?
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 16. 1.0/24 and the remote quick mode selector is 192. 16.2.0/24. How must the administrator configure the local quick mode selector for site B?
Refer to the exhibit.
Based on the raw log, which two statements are correct? (Choose two.)
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)
On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?
53
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
Refer to the exhibit.
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .
With this configuration, which statement is true?
Refer to the exhibit.
The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.
An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.
What are two solutions for satisfying the requirement? (Choose two.)
Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The administrator disabled the WebServer firewall policy.
Which IP address will be used to source NAT the traffic, if a user with address 10.0.1.10 connects over SSH to the host with address 10.200.3.1?
82
Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
View the exhibit.
Which of the following statements are correct? (Choose two.)
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
An employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?
Which three statements explain a flow-based antivirus profile? (Choose three.)
Refer to the exhibits.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
Which statement correctly describes the use of reliable logging on FortiGate?
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
Examine the exhibit, which contains a virtual IP and firewall policy configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port2) interface has the IP address 10.0. 1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0. 1. 10/24?
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)
Examine this FortiGate configuration:
How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
An administrator is running the following sniffer command:
Which three pieces of Information will be Included in me sniffer output? {Choose three.)
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)
94
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
93
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
Which two types of traffic are managed only by the management VDOM? (Choose two.)
An administrator wants to simplify remote access without asking users to provide user credentials.
Which access control method provides this solution?
Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?
Refer to the exhibit.
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
68
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
Refer to the exhibits.
The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook .
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
Refer to the exhibits.
The exhibits show the firewall policies and the objects used in the firewall policies.
The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.
Which policy will be highlighted, based on the input criteria?
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)
Refer to the exhibits.
Exhibit A shows the application sensor configuration. Exhibit B shows the Excessive-Bandwidth and Apple filter details.
Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
17
Refer to the exhibit.
An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)