Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

NSE4_FGT-7.2 Exam Dumps - Fortinet NSE4 Questions and Answers

Question # 14

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Options:

A.

Source defined as Internet Services in the firewall policy.

B.

Destination defined as Internet Services in the firewall policy.

C.

Highest to lowest priority defined in the firewall policy.

D.

Services defined in the firewall policy.

E.

Lowest to highest policy ID number.

Buy Now
Question # 15

Which three statements explain a flow-based antivirus profile? (Choose three.)

Options:

A.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

B.

If a virus is detected, the last packet is delivered to the client.

C.

The IPS engine handles the process as a standalone.

D.

FortiGate buffers the whole file but transmits to the client at the same time.

E.

Flow-based inspection optimizes performance compared to proxy-based inspection.

Buy Now
Question # 16

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .

With this configuration, which statement is true?

Options:

A.

Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B.

A static route is required on the To_Internet VDOM to allow LAN users to access the internet.

C.

Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

D.

Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Buy Now
Question # 17

Which scanning technique on FortiGate can be enabled only on the CLI?

Options:

A.

Heuristics scan

B.

Trojan scan

C.

Antivirus scan

D.

Ransomware scan

Buy Now
Question # 18

Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)

Options:

A.

The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

B.

The client FortiGate requires a manually added route to remote subnets.

C.

The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

D.

The server FortiGate requires a CA certificate to verify the client FortiGate certificate.

Buy Now
Question # 19

Refer to the exhibits.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

Options:

A.

Change the csf setting on ISFW (downstream) to set configuration-sync local.

B.

Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.

C.

Change the csf setting on both devices to set downstream-access enable.

D.

Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

Buy Now
Question # 20

What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)

Options:

A.

FortiGate uses fewer resources.

B.

FortiGate performs a more exhaustive inspection on traffic.

C.

FortiGate adds less latency to traffic.

D.

FortiGate allocates two sessions per connection.

Buy Now
Question # 21

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Options:

A.

The firmware image must be manually uploaded to each FortiGate.

B.

Only secondary FortiGate devices are rebooted.

C.

Uninterruptable upgrade is enabled by default.

D.

Traffic load balancing is temporally disabled while upgrading the firmware.

Buy Now
Question # 22

Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

Options:

A.

It always authorizes the traffic without requiring authentication.

B.

It drops the traffic.

C.

It authenticates the traffic using the authentication scheme SCHEME2.

D.

It authenticates the traffic using the authentication scheme SCHEME1.

Buy Now
Question # 23

The IPS engine is used by which three security features? (Choose three.)

Options:

A.

Antivirus in flow-based inspection

B.

Web filter in flow-based inspection

C.

Application control

D.

DNS filter

E.

Web application firewall

Buy Now
Exam Code: NSE4_FGT-7.2
Exam Name: Fortinet NSE 4 - FortiOS 7.2
Last Update: Feb 22, 2025
Questions: 170
NSE4_FGT-7.2 pdf

NSE4_FGT-7.2 PDF

$25.5  $84.99
 Add to Cart
NSE4_FGT-7.2 Engine

NSE4_FGT-7.2 Testing Engine

$28.5  $94.99
 Add to Cart
NSE4_FGT-7.2 PDF + Engine

NSE4_FGT-7.2 PDF + Testing Engine

$40.5  $134.99
 Add to Cart