Free Fortinet NSE4_FGT-7.2 Test Practice Test Questions Exam Dumps [Q86-Q110]

Free Fortinet NSE4_FGT-7.2 Test Practice Test Questions Exam Dumps

Prepare Top Fortinet NSE4_FGT-7.2 Exam Audio Study Guide Practice Questions Edition

NEW QUESTION 86
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

• A. Idle-timeout
• B. new-session
• C. hard-timeout
• D. auth-on-demand
• E. soft-timeout

Answer: A,B,C

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221

 

NEW QUESTION 87
Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

• A. Traffic matching the signature will be silently dropped and logged.
• B. Traffic matching the signature will be allowed and logged.
• C. The signature setting includes a group of other signatures.
• D. The signature setting uses a custom rating threshold.

Answer: A

Explanation:
Action is drop, signature default action is listed only in the signature, it would only match if action was set to default.

 

NEW QUESTION 88
Refer to the exhibit.

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

• A. Device detection is disabled on all FortiGate devices.
• B. This security fabric topology is a logical topology view.
• C. There are five devices that are part of the security fabric.
• D. There are 19 security recommendations for the security fabric.

Answer: B,D

Explanation:
References:
https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/761085/results
https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/736125/security-fabric-topology

 

NEW QUESTION 89
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

• A. Certificate inspection
• B. Full Content inspection
• C. Flow-based inspection
• D. Proxy-based inspection

Answer: C,D

 

NEW QUESTION 90
An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

• A. Device detection on all interfaces is enforced for 30 minutes.
• B. A session for denied traffic is created.
• C. Denied users are blocked for 30 minutes.
• D. The number of logs generated by denied traffic is reduced.

Answer: B,D

Explanation:
ses-denied-traffic
Enable/disable including denied session in the session table.
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/20620/config-system-settings block-session-timer Duration in seconds for blocked sessions .
integer
Minimum value: 1 Maximum value: 300
30
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/1620/config-system-global

 

NEW QUESTION 91
Which two statements are true about the RPF check? (Choose two.)

• A. The RPF check is run on the first reply packet of any new session.
• B. The RPF check is run on the first sent and reply packet of any new session.
• C. The RPF check is run on the first sent packet of any new session.
• D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

Answer: C,D

 

NEW QUESTION 92
Refer to the exhibit.
The exhibit shows the output of a diagnose command.

What does the output reveal about the policy route?

• A. It is an SDWAN rule in policy route.
• B. It is an ISDB policy route with an SDWAN rule.
• C. It is an ISDB route in policy route.
• D. It is a regular policy route.

Answer: B

 

NEW QUESTION 93
An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?

• A. Aggregate interface
• B. Redundant interface
• C. Software Switch interface
• D. VLAN interface

Answer: A

 

NEW QUESTION 94
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

• A. Add user accounts to Active Directory (AD).
• B. Add user accounts to the FortiGate group fitter.
• C. Add user accounts to the Ignore User List.
• D. Add the support of NTLM authentication.

Answer: C

 

NEW QUESTION 95
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?

• A. Disabled
• B. On Idle
• C. On Demand
• D. Enabled

Answer: B

 

NEW QUESTION 96
An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

• A. Set the session TTL on the HTTP policy to maximum
• B. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.
• C. Set the TTL value to never under config system-ttl
• D. Create a new service object for HTTP service and set the session TTL to never

Answer: C,D

 

NEW QUESTION 97
To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

• A. FortiAnalyzer
• B. Root FortiGate
• C. FortiManager
• D. Downstream FortiGate

Answer: B

 

NEW QUESTION 98
Refer to the exhibit.




The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10.0. 1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

• A. 10.200. 1.49
• B. 10.200. 1.99
• C. 10.200. 1. 149
• D. 10.200. 1. 1

Answer: B

 

NEW QUESTION 99
Which three statements explain a flow-based antivirus profile? (Choose three.)

• A. If the virus is detected, the last packet is delivered to the client.
• B. FortiGate buffers the whole file but transmits to the client simultaneously.
• C. IPS engine handles the process as a standalone.
• D. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
• E. Optimized performance compared to proxy-based inspection.

Answer: B,D,E

 

NEW QUESTION 100
An administrator is configuring an IPsec VPN between site A and site B.
The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 168. 1.0/24 and the remote quick mode selector is 192. 168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

• A. 192. 168. 1.0/24
• B. 192. 168.0.0/24
• C. 192. 168.3.0/24
• D. 192. 168.2.0/24

Answer: D

 

NEW QUESTION 101
Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

• A. IP header
• B. Interface name
• C. Packet payload
• D. Ethernet header
• E. Application header

Answer: A,B,C

Explanation:
Reference:
Study Guide - Routing - Diagnostics - Packet Capture Verbosity Level.
# diagnose sniffer packet <interface> '<filter>' <verbosity> <count> <timestamp> <frame size> In the example, verbosity is 5.
The verbosity level specifies how much info you want to display.
1 (default): IP Headers.
2: IP Headers, Packet Payload.
3. IP Headers, Packet Payload, Ethernet Headers.
4: IP Headers, Interface Name.
5: IP Headers, Packet Payload, Interface Name.
6: IP Headers, Packet Payload, Ethernet Headers, Interface Name.

 

NEW QUESTION 102
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

• A. FortiCache
• B. FortiSandbox
• C. FortiAnalyzer
• D. FortiSIEM
• E. FortiCloud

Answer: C,D,E

Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reporting-overview

 

NEW QUESTION 103
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.

Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)

• A. FortiGate generates a system event log for every port block allocation made per user.
• B. FortiGate allocates port blocks on a first-come, first-served basis.
• C. FortiGate allocates 128 port blocks per user.
• D. FortiGate allocates port blocks per user, based on the configured range of internal IP addresses.

Answer: C,D

 

NEW QUESTION 104
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

• A. DNS filter
• B. Antivirus scanning
• C. Intrusion prevention
• D. File filter

Answer: B,C

 

NEW QUESTION 105
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

• A. Warning
• B. Exempt
• C. Learn
• D. Allow

Answer: A,D

 

NEW QUESTION 106
Which statement about the policy ID number of a firewall policy is true?

• A. It defines the order in which rules are processed.
• B. It changes when firewall policies are reordered.
• C. It is required to modify a firewall policy using the CLI.
• D. It represents the number of objects used in the firewall policy.

Answer: C

 

NEW QUESTION 107
Which timeout setting can be responsible for deleting SSL VPN associated sessions?

• A. SSL VPN idle-timeout
• B. SSL VPN http-request-body-timeout
• C. SSL VPN dtls-hello-timeout
• D. SSL VPN login-timeout

Answer: A

 

NEW QUESTION 108
Which two statements are true about the FGCP protocol? (Choose two.)

• A. FGCP is used to discover FortiGate devices in different HA groups.
• B. FGCP elects the primary FortiGate device.
• C. FGCP is not used when FortiGate is in transparent mode.
• D. FGCP runs only over the heartbeat links.

Answer: B,D

Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcp-fortigate-clustering-protocol

 

NEW QUESTION 109
Refer to the exhibit.

Based on the ZTNA tag, the security posture of the remote endpoint has changed.
What will happen to endpoint active ZTNA sessions?

• A. They will be re-evaluated to match the endpoint policy.
• B. They will be re-evaluated to match the firewall policy.
• C. They will be re-evaluated to match the security policy.
• D. They will be re-evaluated to match the ZTNA policy.

Answer: C

 

NEW QUESTION 110
......

Fortinet NSE4_FGT-7.2 Exam Syllabus Topics:

Topic	Details
Topic 1	Configure and implement different SSL VPN modes to provide secure access to your private network Implement the Fortinet Security Fabric
Topic 2	Configure VDOMs to split a FortiGate into multiple virtual devices Inspect encrypted traffic using certificates
Topic 3	Configure different methods of firewall authentication Diagnose resource and connectivity problems
Topic 4	Configure ZTNA to provide role-based application access Configure and route packets using static and policy-based routes

 

Go to NSE4_FGT-7.2 Questions - Try NSE4_FGT-7.2 dumps pdf: https://vcecollection.trainingdumps.com/NSE4_FGT-7.2-valid-vce-dumps.html