Fortinet NSE4_FGT-7.2 Real Exam Questions
The questions for NSE4_FGT-7.2 were last updated at Nov 24,2024.
- Exam Code: NSE4_FGT-7.2
- Exam Name: Fortinet NSE 4 - FortiOS 7.2
- Certification Provider: Fortinet
- Latest update: Nov 24,2024
Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
- A . The security actions applied on the web applications will also be explicitly applied on the third-party websites.
- B . The application signature database inspects traffic only from the original web application server.
- C . FortiGuard maintains only one signature of each web application that is unique.
- D . FortiGate can inspect sub-application traffic regardless where it was originated.
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
- A . FortiGate automatically negotiates different local and remote addresses with the remote peer.
- B . FortiGate automatically negotiates a new security association after the existing security association expires.
- C . FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
- D . FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)
- A . Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.
- B . Create a new service object for HTTP service and set the session TTL to never
- C . Set the TTL value to never under config system-ttl
- D . Set the session TTL on the HTTP policy to maximum
Refer to the exhibits.
The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook.
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?
- A . Make SSL inspection needs to be a deep content inspection.
- B . Force access to Facebook using the HTTP service.
- C . Get the additional application signatures are required to add to the security policy.
- D . Add Facebook in the URL category in the security policy.
An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?
- A . Enable asymmetric routing, so the RPF check will be bypassed.
- B . Disable the RPF check at the FortiGate interface level for the source check.
- C . Disable the RPF check at the FortiGate interface level for the reply check .
- D . Enable asymmetric routing at the interface level.
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
- A . To remove the NAT operation.
- B . To generate logs
- C . To finish any inspection operations.
- D . To allow for out-of-order packets that could arrive after the FIN/ACK packets.
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
- A . The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
- B . The two VLAN sub interfaces must have different VLAN IDs.
- C . The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.
- D . The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.
Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?
- A . On the FortiGuard Category Based Filter configuration, set Action to Warning for
Social Networking - B . On the Static URL Filter configuration, set Type to Simple
- C . On the Static URL Filter configuration, set Action to Exempt.
- D . On the Static URL Filter configuration, set Action to Monitor.
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
- A . DNS
- B . ping
- C . udp-echo
- D . TWAMP
Refer to the exhibit.
Based on the raw log, which two statements are correct? (Choose two.)
- A . Traffic is blocked because Action is set to DENY in the firewall policy.
- B . Traffic belongs to the root VDOM.
- C . This is a security log.
- D . Log severity is set to error on FortiGate.