Fortinet NSE4_FGT-7.2 Real Exam Questions
The questions for NSE4_FGT-7.2 were last updated at Dec 24,2024.
- Exam Code: NSE4_FGT-7.2
- Exam Name: Fortinet NSE 4 - FortiOS 7.2
- Certification Provider: Fortinet
- Latest update: Dec 24,2024
View the exhibit.
Which of the following statements are correct? (Choose two.)
- A . This setup requires at least two firewall policies with the action set to IPsec.
- B . Dead peer detection must be disabled to support this type of IPsec setup.
- C . The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
- D . This is a redundant IPsec setup.
CORRECT TEXT
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
- A . Security policy
- B . SSL inspection and authentication policy
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.
Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)
- A . FortiGate allocates port blocks per user, based on the configured range of internal IP addresses.
- B . FortiGate allocates port blocks on a first-come, first-served basis.
- C . FortiGate generates a system event log for every port block allocation made per user.
- D . FortiGate allocates 128 port blocks per user.
Examine this FortiGate configuration:
How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
- A . It always authorizes the traffic without requiring authentication.
- B . It drops the traffic.
- C . It authenticates the traffic using the authentication scheme SCHEME2.
- D . It authenticates the traffic using the authentication scheme SCHEME1.
Which statement about video filtering on FortiGate is true?
- A . Full SSL Inspection is not required.
- B . It is available only on a proxy-based firewall policy.
- C . It inspects video files hosted on file sharing services.
- D . Video filtering FortiGuard categories are based on web filter FortiGuard categories.
Which statement about video filtering on FortiGate is true?
- A . Full SSL Inspection is not required.
- B . It is available only on a proxy-based firewall policy.
- C . It inspects video files hosted on file sharing services.
- D . Video filtering FortiGuard categories are based on web filter FortiGuard categories.
Which feature in the Security Fabric takes one or more actions based on event triggers?
- A . Fabric Connectors
- B . Automation Stitches
- C . Security Rating
- D . Logical Topology
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
What order must FortiGate use when the web filter profile has features enabled, such as safe search?
- A . DNS-based web filter and proxy-based web filter
- B . Static URL filter, FortiGuard category filter, and advanced filters
- C . Static domain filter, SSL inspection filter, and external connectors filters
- D . FortiGuard category filter and rating filter
Which statement correctly describes the use of reliable logging on FortiGate?
- A . Reliable logging is enabled by default in all configuration scenarios.
- B . Reliable logging is required to encrypt the transmission of logs.
- C . Reliable logging can be configured only using the CLI.
- D . Reliable logging prevents the loss of logs when the local disk is full.
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
- A . By default, all interfaces are part of the same broadcast domain.
- B . The existing network IP schema must be changed when installing a transparent mode.
- C . Static routes are required to allow traffic to the next hop.
- D . FortiGate forwards frames without changing the MAC address.