Fortinet NSE4_FGT-7.2 Fortinet NSE 4 – FortiOS 7.2 Online Training
Fortinet NSE4_FGT-7.2 Online Training
The questions for NSE4_FGT-7.2 were last updated at Jan 02,2025.
- Exam Code: NSE4_FGT-7.2
- Exam Name: Fortinet NSE 4 - FortiOS 7.2
- Certification Provider: Fortinet
- Latest update: Jan 02,2025
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
- A . get system status
- B . get system performance status
- C . diagnose sys top
- D . get system arp
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
- A . It limits the scope of application control to the browser-based technology category only.
- B . It limits the scope of application control to scan application traffic based on application category only.
- C . It limits the scope of application control to scan application traffic using parent signatures only
- D . It limits the scope of application control to scan application traffic on DNS protocol only.
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
- A . Static IP Address
- B . Dialup User
- C . Dynamic DNS
- D . Pre-shared Key
Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)
- A . Browsers can be configured to retrieve this PAC file from the FortiGate.
- B . Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.
- C . All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.
- D . Any web request fortinet.com is allowed to bypass the proxy.
Refer to the exhibits.
The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook.
Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.
Which part of the policy configuration must you change to resolve the issue?
- A . Make SSL inspection needs to be a deep content inspection.
- B . Force access to Facebook using the HTTP service.
- C . Get the additional application signatures are required to add to the security policy.
- D . Add Facebook in the URL category in the security policy.
View the exhibit.
Which of the following statements are correct? (Choose two.)
- A . This setup requires at least two firewall policies with the action set to IPsec.
- B . Dead peer detection must be disabled to support this type of IPsec setup.
- C . The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
- D . This is a redundant IPsec setup.
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
- A . By default, all interfaces are part of the same broadcast domain.
- B . The existing network IP schema must be changed when installing a transparent mode.
- C . Static routes are required to allow traffic to the next hop.
- D . FortiGate forwards frames without changing the MAC address.
Refer to the exhibit.
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
- A . Traffic between port2 and port2-vlan1 is allowed by default.
- B . port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
- C . port1 is a native VLAN.
- D . port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
- A . diagnose wad session list
- B . diagnose wad session list | grep hook-pre&&hook-out
- C . diagnose wad session list | grep hook=pre&&hook=out
- D . diagnose wad session list | grep "hook=pre"&"hook=out"
An administrator is running the following sniffer command:
Which three pieces of Information will be Included in me sniffer output? {Choose three.)
- A . Interface name
- B . Packet payload
- C . Ethernet header
- D . IP header
- E . Application header
Latest NSE4_FGT-7.2 Dumps Valid Version with 154 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
