Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Fortinet
  3. NSE4
  4. NSE4_FGT-7.2
  5. Fortinet NSE 4 - FortiOS 7.2 Questions and Answers

Pass the Fortinet NSE4 NSE4_FGT-7.2 Questions and answers with ValidTests

Exam NSE4_FGT-7.2 All Questions
Exam NSE4_FGT-7.2 Premium Access

View all detail and faqs for the NSE4_FGT-7.2 exam

Go to Exam
Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions
Questions # 31:

An administrator has configured the following settings:

Question # 31

What are the two results of this configuration? (Choose two.)

Options:

A.

Device detection on all interfaces is enforced for 30 minutes.

B.

Denied users are blocked for 30 minutes.

C.

A session for denied traffic is created.

D.

The number of logs generated by denied traffic is reduced.

Expert Solution
Questions # 32:

Refer to the exhibit.

Question # 32

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

Options:

A.

Custom permission for Network

B.

Read/Write permission for Log & Report

C.

CLI diagnostics commands permission

D.

Read/Write permission for Firewall

Expert Solution
Questions # 33:

51

Which of the following statements about central NAT are true? (Choose two.)

Options:

A.

IP tool references must be removed from existing firewall policies before enabling central NAT .

B.

Central NAT can be enabled or disabled from the CLI only.

C.

Source NAT, using central NAT, requires at least one central SNAT policy.

D.

Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Expert Solution
Questions # 34:

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Options:

A.

It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B.

ADVPN is only supported with IKEv2.

C.

Tunnels are negotiated dynamically between spokes.

D.

Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Expert Solution
Questions # 35:

Refer to the exhibit.

Question # 35

Based on the ZTNA tag, the security posture of the remote endpoint has changed.

What will happen to endpoint active ZTNA sessions?

Options:

A.

They will be re-evaluated to match the endpoint policy.

B.

They will be re-evaluated to match the firewall policy.

C.

They will be re-evaluated to match the ZTNA policy.

D.

They will be re-evaluated to match the security policy.

Expert Solution
Questions # 36:

Refer to the exhibits.

Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

The administrator disabled the WebServer firewall policy.

Question # 36

Question # 36

Which IP address will be used to source NAT the traffic, if a user with address 10.0.1.10 connects over SSH to the host with address 10.200.3.1?

Options:

A.

10.200.1.10

B.

10.0.1.254

C.

10.200.1.1

D.

10.200.3.1

Expert Solution
Questions # 37:

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

Options:

A.

NGFW policy-based mode does not require the use of central source NAT policy

B.

NGFW policy-based mode can only be applied globally and not on individual VDOMs

C.

NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

D.

NGFW policy-based mode policies support only flow inspection

Expert Solution
Questions # 38:

An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Options:

A.

The strict RPF check is run on the first sent and reply packet of any new session.

B.

Strict RPF checks the best route back to the source using the incoming interface.

C.

Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

D.

Strict RPF allows packets back to sources with all active routes.

Expert Solution
Questions # 39:

Refer to the exhibit showing a debug flow output.

Question # 39

Which two statements about the debug flow output are correct? (Choose two.)

Options:

A.

The debug flow is of ICMP traffic.

B.

A firewall policy allowed the connection.

C.

A new traffic session is created.

D.

The default route is required to receive a reply.

Expert Solution
Questions # 40:

16

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

Options:

A.

Antivirus scanning

B.

File filter

C.

DNS filter

D.

Intrusion prevention

Expert Solution
Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions