Fortinet nse4-fgt-7-2 practice test

Fortinet NSE 4 - FortiOS 7.2

Last exam update: May 15 ,2024
Page 1 out of 11. Viewing questions 1-10 out of 104

Question 1

Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.

Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet.



Based on the information shown in the exhibit, which three configuration changes should the administrator make to fix the connectivity issue for PC3? (Choose three.)

  • A. In the IP pool configuration, set type to overload.
  • B. Configure 192.2.0.12/24 as the secondary IP address on port1.
  • C. In the firewall policy configuration, disable ippool.
  • D. In the IP pool configuration, set endip to 192.2.0.12.
  • E. Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list.
Mark Question:
Answer:

ade

User Votes:
A 8 votes
50%
B 2 votes
50%
C 7 votes
50%
D 10 votes
50%
E 5 votes
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
ansari
2 months, 3 weeks ago

i think the answer is ADE

semartinez
4 days, 20 hours ago

Debe tener mas ip pool para poder navegar


Question 2

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

  • A. FortiGuard web filter cache
  • B. FortiGate hostname
  • C. DNS
  • D. NTP
Mark Question:
Answer:

cd

User Votes:
A 2 votes
50%
B 2 votes
50%
C 3 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
meer
1 month ago

AB

semartinez
4 days, 20 hours ago

TOMA EL NOMBRE


Question 3

Which two statements are true about the FGCP protocol? (Choose two.)

  • A. FGCP elects the primary FortiGate device.
  • B. FGCP is not used when FortiGate is in transparent mode.
  • C. FGCP runs only over the heartbeat links.
  • D. FGCP is used to discover FortiGate devices in different HA groups.
Mark Question:
Answer:

ad

User Votes:
A 4 votes
50%
B
50%
C 2 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
eliatonello
2 months, 4 weeks ago


Question 4

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

  • A. Intrusion prevention system engine
  • B. Application control engine
  • C. Antivirus engine
  • D. Turbo engine
Mark Question:
Answer:

b

User Votes:
A 3 votes
50%
B 2 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
3 weeks, 3 days ago

Correct answer is A, check FortiGate_Security_7.2_Study_Guide-Online.pdf, page 296, last paragraph.


Question 5

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

  • A. It limits the scanning of application traffic to the browser-based technology category only.
  • B. It limits the scanning of application traffic to the DNS protocol only.
  • C. It limits the scanning of application traffic to use parent signatures only.
  • D. It limits the scanning of application traffic to the application category only.
Mark Question:
Answer:

a

User Votes:
A 4 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
semartinez
4 days, 17 hours ago

Busca de acuerdo a la firmas que tenga en el firewall.

semartinez
4 days, 17 hours ago

Busca las base de las firmas en el firewall.


Question 6

Refer to the exhibits.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).


What must the administrator do to synchronize the address object?

  • A. Change the csf setting on ISFW (downstream) to set configuration-sync local.
  • B. Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.
  • C. Change the csf setting on both devices to set downstream-access enable.
  • D. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C 3 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
rbo69
2 months, 1 week ago

I guess the correct answer should be: Change the csf setting on ISFW (downstream) to set fabric-object-unification default. Or am I wrong?

semartinez
4 days, 17 hours ago

Configuracion


Question 7

Refer to the exhibit.
The exhibit shows the output of a diagnose command.

What does the output reveal about the policy route?

  • A. It is an ISDB route in policy route.
  • B. It is a regular policy route.
  • C. It is an ISDB policy route with an SDWAN rule.
  • D. It is an SDWAN rule in policy route.
Mark Question:
Answer:

c

User Votes:
A 1 votes
50%
B
50%
C 2 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
3 weeks, 3 days ago

The correct answer is D. As shown in FortiGate_Infrastructure_7.2_Study_Guide-Online.pdf, page 59. Can't be A,B or C, because neither regular policies or ISDB policies show the vw1_service field.

semartinez
4 days, 17 hours ago

POLICY ROUTER C


Question 8

Refer to the exhibit.

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.

An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.



What are two solutions for satisfying the requirement? (Choose two.)

  • A. Configure a separate firewall policy with action Deny and an FQDN address object for *.download.com as destination address.
  • B. Configure a web override rating for download.com and select Malicious Websites as the subcategory.
  • C. Set the Freeware and Software Downloads category Action to Warning.
  • D. Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.
Mark Question:
Answer:

ad

User Votes:
A 1 votes
50%
B 3 votes
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Refer to the exhibits.
Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.


Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)

  • A. For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.
  • B. The traffic sourced from the client and destined to the server is sent to FGT-1.
  • C. The cluster can load balance ICMP connections to the secondary.
  • D. For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.
Mark Question:
Answer:

ab

User Votes:
A 3 votes
50%
B
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

An administrator has configured the following settings:
config system settings
set ses-denied-traffic enable
end
config system global
set block-session-timer 30
end
What are the two results of this configuration? (Choose two.)

  • A. Device detection on all interfaces is enforced for 30 minutes.
  • B. Denied users are blocked for 30 minutes.
  • C. The number of logs generated by denied traffic is reduced.
  • D. A session for denied traffic is created.
Mark Question:
Answer:

ab

User Votes:
A
50%
B
50%
C 3 votes
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2