Fortinet NSE4_FGT-7.2 Fortinet NSE 4 – FortiOS 7.2 Online Training
Fortinet NSE4_FGT-7.2 Online Training
The questions for NSE4_FGT-7.2 were last updated at Jan 05,2025.
- Exam Code: NSE4_FGT-7.2
- Exam Name: Fortinet NSE 4 - FortiOS 7.2
- Certification Provider: Fortinet
- Latest update: Jan 05,2025
Which of statement is true about SSL VPN web mode?
- A . The tunnel is up while the client is connected.
- B . It supports a limited number of protocols.
- C . The external network application sends data through the VPN.
- D . It assigns a virtual IP address to the client.
CORRECT TEXT
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
- A . Security policy
- B . SSL inspection and authentication policy
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
- A . FortiGate automatically negotiates different local and remote addresses with the remote peer.
- B . FortiGate automatically negotiates a new security association after the existing security association expires.
- C . FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
- D . FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
- A . The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
- B . The two VLAN sub interfaces must have different VLAN IDs.
- C . The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.
- D . The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
- A . Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
- B . Enable Dead Peer Detection.
- C . Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
- D . Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
- A . It limits the scanning of application traffic to the DNS protocol only.
- B . It limits the scanning of application traffic to use parent signatures only.
- C . It limits the scanning of application traffic to the browser-based technology category only.
- D . It limits the scanning of application traffic to the application category only.
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
- A . System time
- B . FortiGuaid update servers
- C . Operating mode
- D . NGFW mode
Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
- A . The security actions applied on the web applications will also be explicitly applied on the third-party websites.
- B . The application signature database inspects traffic only from the original web application server.
- C . FortiGuard maintains only one signature of each web application that is unique.
- D . FortiGate can inspect sub-application traffic regardless where it was originated.
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
- A . The website is exempted from SSL inspection.
- B . The EICAR test file exceeds the protocol options oversize limit.
- C . The selected SSL inspection profile has certificate inspection enabled.
- D . The browser does not trust the FortiGate self-signed CA certificate.
Which statement is correct regarding the use of application control for inspecting web applications?
- A . Application control can identity child and parent applications, and perform different actions on them.
- B . Application control signatures are organized in a nonhierarchical structure.
- C . Application control does not require SSL inspection to identity web applications.
- D . Application control does not display a replacement message for a blocked web application.
Latest NSE4_FGT-7.2 Dumps Valid Version with 154 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
