New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Fortinet NSE4_FGT-7.2 Fortinet NSE 4 - FortiOS 7.2 Exam Practice Test

Page: 1 / 17
Total 170 questions

Fortinet NSE 4 - FortiOS 7.2 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

Options:

A.

Social networking web filter category is configured with the action set to authenticate.

B.

The action on firewall policy ID 1 is set to warning.

C.

Access to the social networking web filter category was explicitly blocked to all users.

D.

The name of the firewall policy is all_users_web.

Question 2

34

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

Options:

A.

DNS-based web filter and proxy-based web filter

B.

Static URL filter, FortiGuard category filter, and advanced filters

C.

Static domain filter, SSL inspection filter, and external connectors filters

D.

FortiGuard category filter and rating filter

Question 3

Refer to the exhibit.

Which contains a network diagram and routing table output.

The Student is unable to access Webserver.

What is the cause of the problem and what is the solution for the problem?

Options:

A.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

B.

The first reply packet for Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

C.

The first reply packet for Student failed the RPF check .

This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.

D.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.

Question 4

82

Consider the topology:

Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.

An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.

The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Options:

A.

Set the maximum session TTL value for the TELNET service object.

B.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

C.

Create a new service object for TELNET and set the maximum session TTL.

D.

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

Question 5

Which timeout setting can be responsible for deleting SSL VPN associated sessions?

Options:

A.

SSL VPN idle-timeout

B.

SSL VPN http-request-body-timeout

C.

SSL VPN login-timeout

D.

SSL VPN dtls-hello-timeout

Question 6

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax.

Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

Options:

A.

www.example.com:443

B.

www.example.com

C.

example.com

D.

www.example.com/index.html

Question 7

How does FortiGate act when using SSL VPN in web mode?

Options:

A.

FortiGate acts as an FDS server.

B.

FortiGate acts as an HTTP reverse proxy.

C.

FortiGate acts as DNS server.

D.

FortiGate acts as router.

Question 8

Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.

Which two statements are true? (Choose two.)

Options:

A.

FortiGate SN FGVM010000065036 HA uptime has been reset.

B.

FortiGate devices are not in sync because one device is down.

C.

FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.

D.

FortiGate SN FGVM010000064692 has the higher HA priority.

Question 9

44

Which statement about the policy ID number of a firewall policy is true?

Options:

A.

It is required to modify a firewall policy using the CLI.

B.

It represents the number of objects used in the firewall policy.

C.

It changes when firewall policies are reordered.

D.

It defines the order in which rules are processed.

Question 10

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

Options:

A.

FortiGate points the collector agent to use a remote LDAP server.

B.

FortiGate uses the AD server as the collector agent.

C.

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

D.

FortiGate queries AD by using the LDAP to retrieve user group information.

Question 11

Refer to the exhibit.

Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

Options:

A.

The session is in SYN_SENT state.

B.

The session is in FIN_ACK state.

C.

The session is in FTN_WAIT state.

D.

The session is in ESTABLISHED state.

Question 12

33

Which of statement is true about SSL VPN web mode?

Options:

A.

The tunnel is up while the client is connected.

B.

It supports a limited number of protocols.

C.

The external network application sends data through the VPN.

D.

It assigns a virtual IP address to the client.

Question 13

Refer to the exhibit.

The exhibit shows the IPS sensor configuration.

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

Options:

A.

The sensor will allow attackers matching the Microsoft Windows.iSCSI.Target.DoS signature.

B.

The sensor will block all attacks aimed at Windows servers.

C.

The sensor will reset all connections that match these signatures.

D.

The sensor will gather a packet log for all matched traffic.

Question 14

An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value.

Which timeout option should be configured on FortiGate?

Options:

A.

auth-on-demand

B.

soft-timeout

C.

idle-timeout

D.

new-session

E.

hard-timeout

Question 15

An administrator must disable RPF check to investigate an issue.

Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Options:

A.

Enable asymmetric routing, so the RPF check will be bypassed.

B.

Disable the RPF check at the FortiGate interface level for the source check.

C.

Disable the RPF check at the FortiGate interface level for the reply check .

D.

Enable asymmetric routing at the interface level.

Question 16

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Options:

A.

The collector agent uses a Windows API to query DCs for user logins.

B.

NetAPI polling can increase bandwidth usage in large networks.

C.

The collector agent must search security event logs.

D.

The NetSession Enum function is used to track user logouts.

Question 17

Which statement about video filtering on FortiGate is true?

Options:

A.

Video filtering FortiGuard categories are based on web filter FortiGuard categories.

B.

It does not require a separate FortiGuard license.

C.

Full SSL inspection is not required.

D.

its available only on a proxy-based firewall policy.

Question 18

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.

Which FortiGate configuration can achieve this goal?

Options:

A.

SSL VPN bookmark

B.

SSL VPN tunnel

C.

Zero trust network access

D.

SSL VPN quick connection

Question 19

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

Options:

A.

It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B.

ADVPN is only supported with IKEv2.

C.

Tunnels are negotiated dynamically between spokes.

D.

Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Question 20

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

Options:

A.

The matching firewall policy is set to proxy inspection mode.

B.

The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.

C.

The full SSL inspection feature does not have a valid license.

D.

The browser does not trust the certificate used by FortiGate for SSL inspection.

Question 21

85

Which statement regarding the firewall policy authentication timeout is true?

Options:

A.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

B.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

C.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

D.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Question 22

20

Which two statements are true about the RPF check? (Choose two.)

Options:

A.

The RPF check is run on the first sent packet of any new session.

B.

The RPF check is run on the first reply packet of any new session.

C.

The RPF check is run on the first sent and reply packet of any new session.

D.

RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

Question 23

Refer to the exhibit.

The exhibit shows the output of a diagnose command.

What does the output reveal about the policy route?

Options:

A.

It is an ISDB route in policy route.

B.

It is a regular policy route.

C.

It is an ISDB policy route with an SDWAN rule.

D.

It is an SDWAN rule in policy route.

Question 24

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

Options:

A.

It limits the scope of application control to the browser-based technology category only.

B.

It limits the scope of application control to scan application traffic based on application category only.

C.

It limits the scope of application control to scan application traffic using parent signatures only

D.

It limits the scope of application control to scan application traffic on DNS protocol only.

Question 25

99

An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

Options:

A.

The administrator can register the same FortiToken on more than one FortiGate.

B.

The administrator must use a FortiAuthenticator device

C.

The administrator can use a third-party radius OTP server.

D.

The administrator must use the user self-registration server.

Question 26

What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)

Options:

A.

FortiGate uses fewer resources.

B.

FortiGate performs a more exhaustive inspection on traffic.

C.

FortiGate adds less latency to traffic.

D.

FortiGate allocates two sessions per connection.

Question 27

Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

Options:

A.

To allow for out-of-order packets that could arrive after the FIN/ACK packets

B.

To finish any inspection operations

C.

To remove the NAT operation

D.

To generate logs

Question 28

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Options:

A.

Add the support of NTLM authentication.

B.

Add user accounts to Active Directory (AD).

C.

Add user accounts to the FortiGate group fitter.

D.

Add user accounts to the Ignore User List.

Question 29

Refer to the exhibit.

Based on the raw log, which two statements are correct? (Choose two.)

Options:

A.

Traffic is blocked because Action is set to DENY in the firewall policy.

B.

Traffic belongs to the root VDOM.

C.

This is a security log.

D.

Log severity is set to error on FortiGate.

Question 30

An administrator configures outgoing interface any in a firewall policy.

What is the result of the policy list view?

Options:

A.

Search option is disabled.

B.

Policy lookup is disabled.

C.

By Sequence view is disabled.

D.

Interface Pair view is disabled.

Question 31

Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)

Options:

A.

Source IP

B.

Spillover

C.

Volume

D.

Session

Question 32

13

Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

Options:

A.

Proxy-based inspection

B.

Certificate inspection

C.

Flow-based inspection

D.

Full Content inspection

Question 33

Refer to the exhibits.

Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.

Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)

Options:

A.

For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.

B.

The traffic sourced from the client and destined to the server is sent to FGT-1.

C.

The cluster can load balance ICMP connections to the secondary.

D.

For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.

Question 34

Which two statements are true about the FGCP protocol? (Choose two.)

Options:

A.

FGCP elects the primary FortiGate device.

B.

FGCP is not used when FortiGate is in transparent mode.

C.

FGCP runs only over the heartbeat links.

D.

FGCP is used to discover FortiGate devices in different HA groups.

Question 35

106

Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

Options:

A.

Shut down/reboot a downstream FortiGate device.

B.

Disable FortiAnalyzer logging for a downstream FortiGate device.

C.

Log in to a downstream FortiSwitch device.

D.

Ban or unban compromised hosts.

Question 36

84

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

Options:

A.

Subject Key Identifier value

B.

SMMIE Capabilities value

C.

Subject value

D.

Subject Alternative Name value

Question 37

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.

What is true about the DNS connection to a FortiGuard server?

Options:

A.

It uses UDP 8888.

B.

It uses UDP 53.

C.

It uses DNS over HTTPS.

D.

It uses DNS overTLS.

Question 38

Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

Options:

A.

The signature setting uses a custom rating threshold.

B.

The signature setting includes a group of other signatures.

C.

Traffic matching the signature will be allowed and logged.

D.

Traffic matching the signature will be silently dropped and logged.

Question 39

Refer to the exhibit.

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24.

The LAN (port3) interface has the IP address 10.0. 1.254/24.

A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

Options:

A.

10.200. 1. 149

B.

10.200. 1. 1

C.

10.200. 1.49

D.

10.200. 1.99

Question 40

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

Options:

A.

On HQ-FortiGate, set IKE mode to Main (ID protection).

B.

On both FortiGate devices, set Dead Peer Detection to On Demand.

C.

On HQ-FortiGate, disable Diffie-Helman group 2.

D.

On Remote-FortiGate, set port2 as Interface.

Question 41

30

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

Options:

A.

Implement a web filter category override for the specified website

B.

Implement a DNS filter for the specified website.

C.

Implement web filter quotas for the specified website

D.

Implement web filter authentication for the specified website.

Question 42

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.

In this scenario, what are two requirements for the VLAN ID? (Choose two.)

Options:

A.

The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

B.

The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs.

C.

The two VLAN subinterfaces must have different VLAN IDs.

D.

The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

Question 43

Which two types of traffic are managed only by the management VDOM? (Choose two.)

Options:

A.

FortiGuard web filter queries

B.

PKI

C.

Traffic shaping

D.

DNS

Question 44

27

Which feature in the Security Fabric takes one or more actions based on event triggers?

Options:

A.

Fabric Connectors

B.

Automation Stitches

C.

Security Rating

D.

Logical Topology

Question 45

87

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

Options:

A.

Warning

B.

Exempt

C.

Allow

D.

Learn

Question 46

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

Options:

A.

SSH

B.

HTTPS

C.

FTM

D.

FortiTelemetry

Question 47

Refer to the exhibits.

Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

Options:

A.

10.0.1.254, 10.0.1.10, and 443, respectively

B.

10.0.1.254, 10.200.1.10, and 443, respectively

C.

10.200.3.1, 10.0.1.10, and 443, respectively

D.

10.0.1.254, 10.0.1.10, and 10443, respectively

Question 48

Refer to the exhibit showing a debug flow output.

Which two statements about the debug flow output are correct? (Choose two.)

Options:

A.

The debug flow is of ICMP traffic.

B.

A firewall policy allowed the connection.

C.

A new traffic session is created.

D.

The default route is required to receive a reply.

Question 49

Refer to the exhibits.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

Options:

A.

Change the csf setting on ISFW (downstream) to set configuration-sync local.

B.

Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.

C.

Change the csf setting on both devices to set downstream-access enable.

D.

Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

Question 50

55

In which two ways can RPF checking be disabled? (Choose two )

Options:

A.

Enable anti-replay in firewall policy.

B.

Disable the RPF check at the FortiGate interface level for the source check

C.

Enable asymmetric routing.

D.

Disable strict-arc-check under system settings.

Question 51

Which three statements explain a flow-based antivirus profile? (Choose three.)

Options:

A.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

B.

If a virus is detected, the last packet is delivered to the client.

C.

The IPS engine handles the process as a standalone.

D.

FortiGate buffers the whole file but transmits to the client at the same time.

E.

Flow-based inspection optimizes performance compared to proxy-based inspection.

Page: 1 / 17
Total 170 questions