Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Master the Fortinet NSE 4 - FortiOS 7.2 NSE4_FGT-7.2 Exam with Confidence!

Questions 21

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

NSE4_FGT-7.2 Question 21

Based on the phase 2 configuration shown in the exhibit, which configuration change will bring phase 2 up?

Options:

A.

On Remote-FortiGate, set Seconds to 43200.

B.

On HQ-FortiGate, set Encryption to AES256.

C.

On HQ-FortiGate, enable Diffie-Hellman Group 2.

D.

On HQ-FortiGate, enable Auto-negotiate.

Buy Now
Questions 22

11

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

Options:

A.

To detect intermediary NAT devices in the tunnel path.

B.

To dynamically change phase 1 negotiation mode aggressive mode.

C.

To encapsulation ESP packets in UDP packets using port 4500.

D.

To force a new DH exchange with each phase 2 rekey.

Buy Now
Questions 23

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)

Options:

A.

Virtual IP addresses are used to distinguish between cluster members.

B.

Heartbeat interfaces have virtual IP addresses that are manually assigned.

C.

The primary device in the cluster is always assigned IP address 169.254.0.1.

D.

A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

Buy Now
Questions 24

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

Options:

A.

Web filter in flow-based inspection

B.

Antivirus in flow-based inspection

C.

DNS filter

D.

Web application firewall

E.

Application control

Buy Now
Questions 25

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

Options:

A.

Browsers can be configured to retrieve this PAC file from the FortiGate.

B.

Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.

C.

All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D.

Any web request fortinet.com is allowed to bypass the proxy.

Buy Now
Questions 26

Refer to the exhibit.

NSE4_FGT-7.2 Question 26

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .

With this configuration, which statement is true?

Options:

A.

Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B.

A static route is required on the To_Internet VDOM to allow LAN users to access the internet.

C.

Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

D.

Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Buy Now
Questions 27

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

Options:

A.

NGFW policy-based mode does not require the use of central source NAT policy

B.

NGFW policy-based mode can only be applied globally and not on individual VDOMs

C.

NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

D.

NGFW policy-based mode policies support only flow inspection

Buy Now
Questions 28

An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

Options:

A.

Interface name

B.

Packet payload

C.

Ethernet header

D.

IP header

E.

Application header

Buy Now
Questions 29

Refer to the exhibit.

NSE4_FGT-7.2 Question 29

NSE4_FGT-7.2 Question 29

NSE4_FGT-7.2 Question 29

NSE4_FGT-7.2 Question 29

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24.

The LAN (port3) interface has the IP address 10.0. 1.254/24.

A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

Options:

A.

10.200. 1. 149

B.

10.200. 1. 1

C.

10.200. 1.49

D.

10.200. 1.99

Buy Now
Questions 30

32

When configuring a firewall virtual wire pair policy, which following statement is true?

Options:

A.

Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

B.

Only a single virtual wire pair can be included in each policy.

C.

Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

D.

Exactly two virtual wire pairs need to be included in each policy.

Buy Now
Exam Code: NSE4_FGT-7.2
Exam Name: Fortinet NSE 4 - FortiOS 7.2
Last Update: May 20, 2024
Questions: 170

PDF + Testing Engine
$159.99
$64
Add to Cart

Testing Engine
$119.99
$48
Add to Cart

PDF (Q&A)
$99.99
$40
Add to Cart

How to Pass NSE4_FGT-7.2 Exams