Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Fortinet > Fortinet Certifications > NSE4_FGT-7.2 > NSE4_FGT-7.2 Online Practice Questions and Answers

NSE4_FGT-7.2 Online Practice Questions and Answers

Questions 4

Which statement is correct regarding the security fabric?

A. FortiManager is one of the required member devices.

B. FortiGate devices must be operating in NAT mode.

C. A minimum of two Fortinet devices is required.

D. FortiGate Cloud cannot be used for logging purposes.

Buy Now

Correct Answer: B

FortiGate Security 7.2 Study Guide (p.428): "You must have a minimum of two FortiGate devices at the core of the Security Fabric, plus one FortiAnalyzer or cloud logging solution. FortiAnalyzer Cloud or FortiGate Cloud can act as the cloud logging solution. The FortiGate devices must be running in NAT mode."

Questions 5

An administrator configures outgoing interface any in a firewall policy. What is the result of the policy list view?

A. Search option is disabled.

B. Policy lookup is disabled.

C. By Sequence view is disabled.

D. Interface Pair view is disabled.

Buy Now

Correct Answer: D

"If you use multiple source or destination interfaces, or the any interface in a firewall policy, you cannot separate policies into sections by interface pairs--some would be triplets or more. So instead, policies are then always displayed in a single list (By Sequence)."

Questions 6

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A. IP address

B. Once Internet Service is selected, no other object can be added

C. User or User Group

D. FQDN address

Buy Now

Correct Answer: B

Reference: https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

Questions 7

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

A. Change password

B. Enable restrict access to trusted hosts

C. Change Administrator profile

D. Enable two-factor authentication

Buy Now

Correct Answer: C

Reference: https://kb.fortinet.com/kb/documentLink .do?externalID=FD34502

Questions 8

Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

A. One server was contacted to retrieve the contract information.

B. There is at least one server that lost packets consecutively.

C. A local FortiManager is one of the servers FortiGate communicates with.

D. FortiGate is using default FortiGuard communication settings

Buy Now

Correct Answer: AD

Questions 9

An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

A. Interface name

B. Packet payload

C. Ethernet header

D. IP header

E. Application header

Buy Now

Correct Answer: ABD

Questions 10

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.

Which two other security profiles can you apply to the security policy? (Choose two.)

A. Antivirus scanning

B. File filter

C. DNS filter

D. Intrusion prevention

Buy Now

Correct Answer: AD

Security policy: If the traffic is allowed as per the consolidated policy, FortiGate will then process it based on the security policy to analyze additional criteria, such as URL categories for web filtering and application control. Also, if enabled, the security policy further inspects traffic using security profiles such as IPS and AV.

Questions 11

How does FortiGate act when using SSL VPN in web mode?

A. FortiGate acts as an FDS server.

B. FortiGate acts as an HTTP reverse proxy.

C. FortiGate acts as DNS server.

D. FortiGate acts as router.

Buy Now

Correct Answer: B

Reference: https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/Fortigate_v4.0MR3/fortigate-sslvpn-40-mr3.pdf

Questions 12

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

A. Extended authentication (XAuth) for faster authentication because fewer packets are exchanged

B. Extended authentication (XAuth) to request the remote peer to provide a username and password

C. No certificate is required on the remote peer when you set the certificate signature as the authentication method

D. Pre-shared key and certificate signature as authentication methods

Buy Now

Correct Answer: BD

B. Extended authentication (XAuth) to request the remote peer to provide a username and password This is true because extended authentication (XAuth) is a feature that allows FortiGate to request the remote peer to provide a username and password during the IPsec IKEv1 authentication process. XAuth is an extension of the IKEv1 protocol that adds an additional authentication step after the main mode or aggressive mode exchange. XAuth can be used with either pre-shared key or certificate signature as the primary authentication method, and it can provide stronger security and granular access control for IPsec VPNs12 D. Pre-shared key and certificate signature as authentication methods This is true because pre-shared key and certificate signature are two authentication methods that are supported by FortiGate for IPsec IKEv1 VPNs. Pre-shared key is a method where both peers share a secret key that is used to authenticate each other during the IKEv1 exchange. Certificate signature is a method where both peers have digital certificates that are used to verify each other's identity and public key during the IKEv1 exchange. Both methods can be combined with XAuth for additional authentication

Questions 13

Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.

1.

The WAN (port1) interface has the IP address 10.200. 1. 1/24.

2.

The LAN (port3) interface has the IP address 10 .0.1.254. /24.

3.

The first firewall policy has NAT enabled using IP Pool.

4.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?

A. 10.200.1.1

B. 10.200.3.1

C. 10.200.1.100

D. 10.200.1.10

Buy Now

Correct Answer: C

Policy 1 is applied on outbound (LAN-WAN) and policy 2 is applied on inbound (WAN- LAN). question is asking SNAT for outbound traffic so policy 1 will take place and NAT overload is in effect.

Exam Code: NSE4_FGT-7.2
Exam Name: Fortinet NSE 4 - FortiOS 7.2
Last Update: Mar 30, 2025
Questions: 185

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2025 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.