[Mar-2023] Study resources for the Valid NSE4_FGT-7.2 Braindumps! [Q50-Q72]

22 Mar, 2023 By admin NSE4_FGT-7.2, Fortinet 0 Comments

[Mar-2023] Study resources for the Valid NSE4_FGT-7.2 Braindumps! [Q50-Q72]

Rate this post

[Mar-2023] Study resources for the Valid NSE4_FGT-7.2 Braindumps!

Updated NSE4_FGT-7.2 Tests Engine pdf – All Free Dumps Guaranteed!

Fortinet NSE4_FGT-7.2 Exam Syllabus Topics:

Topic	Details
Topic 1	Configure and implement different SSL VPN modes to provide secure access to your private network Implement the Fortinet Security Fabric
Topic 2	Configure application control to monitor and control network applications Configure IPS to protect network from threats and vulnerabilities
Topic 3	Configure log settings and diagnose problems using the logs Identify FortiGate inspection modes and configure web filtering
Topic 4	Explain how to deploy and configure FSSO Configure firewall policies Deployment and System Configuration
Topic 5	Configure VDOMs to split a FortiGate into multiple virtual devices Inspect encrypted traffic using certificates
Topic 6	Configure different operation modes for an FGCP HA cluster Perform initial configuration
Topic 7	Configure antivirus scanning modes to neutralize malware threats Configure firewall policy NAT and central NAT

Q50. Refer to the exhibit.

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?

The first packet sent from Student failed the RPF check.
This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

The first reply packet for Student failed the RPF check.
This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

The first reply packet for Student failed the RPF check .
This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.

The first packet sent from Student failed the RPF check.
This issue can be resolved by adding a static route to 203.0. 114.24/32 through port3.

Q51. Which statement describes a characteristic of automation stitches?

They can have one or more triggers.

They can be run only on devices in the Security Fabric.

They can run multiple actions simultaneously.

They can be created on any device in the fabric.

Q52. Refer to the exhibits.
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.

In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

Disable match-vip in the Deny policy.

Set the Destination address as Deny_IP in the Allow-access policy.

Enable match vip in the Deny policy.

Set the Destination address as Web_server in the Deny policy.

Q53. In an explicit proxy setup, where is the authentication method and database configured?

Proxy Policy

Authentication Rule

Firewall Policy

Authentication scheme

Q54. Which of statement is true about SSL VPN web mode?

The tunnel is up while the client is connected.

It supports a limited number of protocols.

The external network application sends data through the VPN.

It assigns a virtual IP address to the client.

Q55. By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.
Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

set fortiguard-anycast disable

set webfilter-force-off disable

set webfilter-cache disable

set protocol tcp

Q56. In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

The IP version of the sources and destinations in a firewall policy must be different.

The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.

The IP version of the sources and destinations in a policy must match.

The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

Q57. Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)

Source IP

Spillover

Volume

Session

Q58. Examine the exhibit, which contains a virtual IP and firewall policy configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port2) interface has the IP address 10.0. 1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0. 1. 10/24?

10.200. 1. 10

Any available IP address in the WAN (port1) subnet 10.200. 1.0/24
66 of 108

10.200. 1. 1

10.0. 1.254

Q59. How does FortiGate act when using SSL VPN in web mode?

FortiGate acts as an FDS server.

FortiGate acts as an HTTP reverse proxy.

FortiGate acts as DNS server.

FortiGate acts as router.

Q60. The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

DNS-based web filter and proxy-based web filter

Static URL filter, FortiGuard category filter, and advanced filters

Static domain filter, SSL inspection filter, and external connectors filters

FortiGuard category filter and rating filter

Q61. You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk . What is the default behavior when the local disk is full?

Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

No new log is recorded until you manually clear logs from the local disk .

Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Q62. Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)

Browsers can be configured to retrieve this PAC file from the FortiGate.

Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.

All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.

Any web request fortinet.com is allowed to bypass the proxy.

Q63. Refer to the exhibit.

Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

The session is in SYN_SENT state.

The session is in FIN_ACK state.

The session is in FTN_WAIT state.

The session is in ESTABLISHED state.

Q64. Which feature in the Security Fabric takes one or more actions based on event triggers?

Fabric Connectors

Automation Stitches

Security Rating

Logical Topology

Q65. An organization’s employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Change the session-ttl.

Change the login timeout.

Change the idle-timeout.

Change the udp idle timer.

Q66. An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Add the support of NTLM authentication.

Add user accounts to Active Directory (AD).

Add user accounts to the FortiGate group fitter.

Add user accounts to the Ignore User List.

Q67. If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

The Services field prevents SNAT and DNAT from being combined in the same policy.

The Services field is used when you need to bundle several VIPs into VIP groups.

The Services field removes the requirement to create multiple VIPs for different services.

The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.

Q68. Which statement correctly describes the use of reliable logging on FortiGate?

Reliable logging is enabled by default in all configuration scenarios.

Reliable logging is required to encrypt the transmission of logs.

Reliable logging can be configured only using the CLI.

Reliable logging prevents the loss of logs when the local disk is full.

Q69. Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

DNS

ping

udp-echo

TWAMP

Q70. Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10 .0.1.254. /24.
The first firewall policy has NAT enabled using IP Pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0. 1. 10?